Hi Dotzie
It's a good answer that you give, i will answer with what i know.
You figure out a good security point, by this way, (changing port), you will avoid standar attack on this point.
But injection are not here.
I personnaly think it's only in the databases.
Yes, we can avoid this by reduction of the amount of char that we can enter(and send) by the way of the login (that interact with ps_login)
But, if your trigger in the databases are not secure, a man you will you packet injector to bypass ps_login char (i dont know if it's possible), will send an injection.
Here is a simple injection :
' Drop database XXX
Where XXX is the name of the database.
The ' will trunc the previous request, like select ... from ... where
And will execute "Drop database ..." with the admin privilege cause it's executed on the server side.
Maybe, the first point to do is to locate the trigger that check de login (to permit the connexion), and had a huge filter on this , rejecting word and char like : ',",%, || .. drop,select,union
I'm not sure, but when i develop databases, i do this stuff to avoid SQL injection .
I don't know if someone agree with me, but i think it's a point the think about.
It's a good answer that you give, i will answer with what i know.
You figure out a good security point, by this way, (changing port), you will avoid standar attack on this point.
But injection are not here.
I personnaly think it's only in the databases.
Yes, we can avoid this by reduction of the amount of char that we can enter(and send) by the way of the login (that interact with ps_login)
But, if your trigger in the databases are not secure, a man you will you packet injector to bypass ps_login char (i dont know if it's possible), will send an injection.
Here is a simple injection :
' Drop database XXX
Where XXX is the name of the database.
The ' will trunc the previous request, like select ... from ... where
And will execute "Drop database ..." with the admin privilege cause it's executed on the server side.
Maybe, the first point to do is to locate the trigger that check de login (to permit the connexion), and had a huge filter on this , rejecting word and char like : ',",%, || .. drop,select,union
I'm not sure, but when i develop databases, i do this stuff to avoid SQL injection .
I don't know if someone agree with me, but i think it's a point the think about.