0

For PHP and SQL users, what do you think it is the worst security flaw you have seen in a webpage code?

I'm thinking in getting serious in PHP programming and the course offers little or not enough examples of security failures. I'm sure you had some experience with this topic and it should form a part of those courses.

3rd Jan 2018, 11:40 AM
Daniel Lucas Hernández
Daniel Lucas Hernández - avatar
6 odpowiedzi
+ 7
Never use root for establishing connection once the project goes public (production stage), instead, create a limited user with carefully selected privileges given, scope of accessibility should only be around the database that is used, nothing more. @Lil Taco was right about SQL injection, I once had to face trouble having to deal with a compromised server, just because someone forgot to change the credentials used for connection, and somebody from outside got in and changed the root password, it was horrible : )
10th Jan 2018, 9:11 AM
Ipang
+ 4
@Ipang, I know, I saw with my eyes that mistake and another person showed me how easy it was to abuse.
10th Jan 2018, 3:07 PM
Daniel Lucas Hernández
Daniel Lucas Hernández - avatar
+ 4
@Daniel, of course mate, my post was not directed at you, I was just pointing out a fact, and put a little suggestion, in a hope what I experienced wouldn't happen to anyone else, yes that's right, security is no easy task, even tech giant corporations do have special allocation and investment on that matter. Thanks mate : )
10th Jan 2018, 3:16 PM
Ipang
+ 2
SQL Injections. HTML tags in the input such as script.
4th Jan 2018, 12:50 PM
Lil Taco
Lil Taco - avatar
+ 2
I once saw a PHP code where the root user had no password. Literally, anybody who figured this out could get into that web.
10th Jan 2018, 8:43 AM
Daniel Lucas Hernández
Daniel Lucas Hernández - avatar
+ 2
Another mistake that I found out is related to versions of the language. In a time when anyone can use PHP 7, this man was using PHP 5!
10th Jan 2018, 3:44 PM
Daniel Lucas Hernández
Daniel Lucas Hernández - avatar