Hello, I would start with input checking at both the client and server sides. In order to avoid SQL injection, you'll want to make sure that you never pass the user input directly to the database. To sum it up it all comes down to user input filtering to ensure that none of the SQL escapes are used to do something you do not want done; at the same time this can be used to prevent XSS attacks.
Moreover you'll probably want to disable warnings and debug information on your production environment, as this could provide additional information to the attacker regarding the target syste and the backend dabatase. It all comes down to checking what the user puts in and what the user gets back. Hope this helps. Best Regards, -- Jamil Ben Alluch, B.Ing., GCIH <http://www.autronix.com> [email protected] +1-819-923-3012 On Sat, May 18, 2013 at 11:13 AM, Philip Green <[email protected]> wrote: > Hello PaulDotCom mailing list! > > I have a group of programmers working on a site and really, I know more > about breaking into stuff than defending. > > > What do you guys think the most important thing(s) to tell programmers > when they are coding a database to try and prevent SQL injection > attacks occurring? > > > Any website links would really help as well. > > > Thanks in advance. > > > Philip Andrei Green > =) > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
