Skip to main content
H
hconnorjr
Inspiring
March 26, 2007
Question

security question: url attack risk?

  • March 26, 2007
  • 1 reply
  • 301 views
i'm brushing up on security and have come across the url attack. it seems pretty basic, and i tried to hack my own website, php/apache/mysql but i couldn't . . . i guess that's good. basically, the only thing i'm trying to harden up is a basic recordset search result. i've set the database connection to SELECT only, but i'm told that might not be enough. suggestions please.
This topic has been closed for replies.

1 reply

N
Newsgroup_User
Inspiring
March 26, 2007
> i'm brushing up on security and have come across the url attack. it seems
> pretty basic, and i tried to hack my own website, php/apache/mysql but i
> couldn't . . . i guess that's good. basically, the only thing i'm trying
> to
> harden up is a basic recordset search result. i've set the database
> connection
> to SELECT only, but i'm told that might not be enough. suggestions please.

I'm not quite sure what your question is.

If you are referring to SQL injection issues:

http://en.wikipedia.org/wiki/SQL_injection

-Darrel


H
hconnorjrAuthor
Inspiring
March 26, 2007
Yes, that seems to be what is ultimately happening.
See also here from wikipedia: semantic URL attack, a client manually adjusts the parameters of its request by maintaining the URL's syntax but altering its semantic meaning. This attack is primarily used against CGI driven websites.
A similar attack involving web browser cookies is commonly referred to as cookie poisoning.

Is this something I need to worry about?
Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices