SQL Injection

Securing web pages written in PHP

<p>An existing web page with no special focus on safety should be secured against different kinds of attacks. The page is located on a shared web server on which no special privileges are granted. The versions of the software used in the environment are the following:</p><ul><li>PHP 5.2.6</li><li>MySQL Server Version: 5.0.75</li><li>Zend Framework 1.5</li><li>Apache 2.6.28-16</li><li>Suhosin-Patch 0.9.6.2</li></ul><p>PHP-Configuration:</p><ul><li>safe_mode off</li><li>magic_quotes_runtime off</li><li>magic_quotes_gpc off</li></ul><p>Especially the parameters should be checked against malicious contents.</p><p>GET-Parameters:</p><ul><li>site, string</li><li>nodeid, integer</li><li>action, string</li></ul><p>The POST-Parameters are variable and should just allow alphanumerical values and punctuation marks.</p><p>XSS, SQL Injection and directory traversal should be avoided. The Solution should be easy to understand, configurable and flexible. Already finished libraries and tools which are tested will be accepted.</p>
Subscribe to SQL Injection