Answer the question
In order to leave comments, you need to log in
A
A
Alexander2016-01-06 21:24:37
Alexander, 2016-01-06 21:24:37
Found SQL injection attempts. How to detect and protect?
Hey!
I have a custom engine.
Forms without captcha. For basic spam protection I use:
1. Checkbox "check the box if not a robot"
2. Write what 2+3 = ?
3. A hidden field with a popular name, such as email - and I check it on the server for emptiness
. I understand that this is not a serious protection, but I absolutely do not want to strain users with complex captchas.
Almost every day I get 5-20 form submissions filled with data like:
1
1'
-1'
I understand that this is some kind of automatic script that searches the entire Internet for sites with open forms and tries to find a SQL vulnerability. It seems like all requests are screened for me and they don’t bring dirty tricks to any site, but it’s unpleasant to constantly clean out spam. What do you advise? How are forms protected in 2016?
PS On another project there was a similar situation, but at one fine moment I found "left" links hidden inside my texts in the database. Apparently the same vulnerability was found. It was unpleasant.
Thanks
1 answer(s)
@OnYourLips
Read habrahabr.ru/post/148701
The point is that no protection is needed if you work with data correctly.
SQL injection in 2016 is nonsense.
With proper work with data, it is impossible by design.
O
OnYourLips, 2016-01-06 @OnYourLips
It seems like all requests are screened for me and they don’t bring dirty tricks to any site, but it’s unpleasant to constantly clean out spam. What do you advise? How are forms protected in 2016?Not exactly the way you do.
Read habrahabr.ru/post/148701
The point is that no protection is needed if you work with data correctly.
SQL injection in 2016 is nonsense.
With proper work with data, it is impossible by design.
Similar questions
G
W
H
S
N
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question