堆栈内存溢出
  简体   繁体   English

客户端仅选择时的SQL注入

[英]SQL injection when client is only selecting

 原文  2017-04-16 00:04:20       php/ mysql/ sql/ security/ sql-injection

问题描述

According to this question , SQL injection is something one would have to prevent. 根据这个问题 ,SQL注入是必须防止的事情。 In an application where the user is only selecting from the database, how would this be a concern? 在用户仅从数据库中进行选择的应用程序中,这将成为一个问题吗?

2 个解决方案

解决方案1
 2 已采纳  2017-04-16 00:32:43

Here are some examples of problems that SQL injection could allow even if the user is restricted to SELECT privilege: 以下是一些示例示例,即使用户被限制为SELECT特权,SQL注入也可能允许这些问题:

  • The attacker could read data intended to be read only by other users. 攻击者可能会读取旨在仅由其他用户读取的数据。 Many applications use the same MySQL user to connect, and then enforce further data-access restrictions with application code. 许多应用程序使用同一MySQL用户进行连接,然后对应用程序代码施加进一步的数据访问限制。 Ie I'm only supposed to see the shopping cart that I created. 即,我只应该看到我创建的购物车。 But with SQL injection, I could read everyone's shopping cart, their purchase history, their credit card number, and so on. 但是通过SQL注入,我可以读取每个人的购物车,他们的购买历史,他们的信用卡号等等。

  • The attacker could read the hashed passwords of other accounts, crack them (on his own computer), and then log in to another user with greater privileges. 攻击者可以读取其他帐户的哈希密码,(在自己的计算机上)破解它们,然后以更高的特权登录到另一个用户。

  • The attacker could run a denial-of-service attack by running a SELECT query that uses too many resources. 攻击者可以通过运行使用过多资源的SELECT查询来进行拒绝服务攻击 For example, on MySQL, the table INFORMATION_SCHEMA.CHARACTER_SETS is readable even for a user with no privileges. 例如,在MySQL上,即使没有权限的用户也可以读取表INFORMATION_SCHEMA.CHARACTER_SETS Now what is going to happen when the attacker runs this query: 现在,当攻击者运行此查询时将发生什么: 

     SELECT * FROM (SELECT * FROM CHARACTER_SETS, CHARACTER_SETS, CHARACTER_SETS, CHARACTER_SETS, CHARACTER_SETS, CHARACTER_SETS) AS t ORDER BY 1

    It tries to create a temp table on disk for 2,839,760,855,281 rows. 它尝试在磁盘上为2,839,760,855,281行创建一个临时表。 I predict that will exhaust disk space on your server. 我预计这将耗尽服务器上的磁盘空间。

Your question sounds like you're fishing for a rationale for skipping writing safe code that protects against SQL injection. 您的问题听起来像是在寻找一种基本原理,以跳过编写防止SQL注入的安全代码。

Sorry, no dice. 抱歉,没有骰子。 You need to write safe code. 您需要编写安全的代码。

解决方案2
 0  2017-04-16 00:08:44

用户所做的任何会导致对数据源进行CRUD操作的操作都应视为危险操作,并应采取所有预防措施以防止SQL注入。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用Jquery选择SQL表列-SQL注入? - Selecting SQL table column with Jquery - SQL injection? SQL登录注入,选择第二行 - SQL login injection, selecting the second row SQL仅选择min(date)时返回各种日期 - SQL returning various dates when selecting only min(date) 为了防止SQL注入,我应该在查询数据库时还是仅在更新时使用PDO“准备”? - For prevention of sql injection, should I use PDO 'prepare' when querying the DB, or only when updating? 仅使用密码输入进行SQL注入 - SQL Injection using only password input 使用ONLY php防止SQL注入 - Preventing SQL injection using ONLY php 在SQL中仅选择值大于0的金额 - Selecting only amount with values greater than 0 in sql 连接到数据库时防止SQL注入 - Preventing SQL injection when connecting to the database 使用PDO quote()时是否可以进行SQL注入? - Is SQL Injection possible when using PDO quote()? 在MySQL表中,仅当字段不为空或不是''时选择 - In MySQL table selecting only when a field is not empty or not ' '
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM