d2jsp
Log InRegister
d2jsp Forums > Off-Topic > Computers & IT > Programming & Development > Mysql/sql... > Help Me Out Please!
Add Reply New Topic New Poll
Member
Posts: 4,105
Joined: Jun 3 2013
Gold: 56.48
Jun 13 2013 12:42pm
What is the difference between MySQL & SQL?
I Have one friend, who is Really good in SQLi(SQL injections), he promised that he'll later test, that is my site Vulnerable.

So, if i have a Database (has like username/pw/email and blabla), should i use SQL/MySQL? And how can i know, that it isn't Vulnerable for SQL injections?
I don't want that people will spread out my site's users E-Mails..
Member
Posts: 2,757
Joined: Nov 26 2007
Gold: 1,214.81
Jun 13 2013 12:54pm
SQL is the language (structured query language) for accessing a databse.

MySQL is a database engine that implements the SQL language.
Member
Posts: 4,105
Joined: Jun 3 2013
Gold: 56.48
Jun 13 2013 01:05pm
Quote (labatymo @ Jun 13 2013 09:54pm)
SQL is the language (structured query language) for accessing a databse.

MySQL is a database engine that implements the SQL language.


Ah rofl... didn't google enough.
Thakns 4 answer!:)
Member
Posts: 2,032
Joined: Mar 20 2006
Gold: 4,971.00
Jun 15 2013 01:47am
Protect against SQL injections with parameterized queries (google it :)
Member
Posts: 2,187
Joined: Mar 3 2013
Gold: 0.00
Jun 18 2013 01:08am
Quote (CHCL @ Jun 13 2013 01:42pm)
And how can i know, that it isn't Vulnerable for SQL injections?
.


That's entire paragraphs to explain. in short, you can't.

good database monitoring and known exploit "fingerprinting" will work pretty well against these attacks.

check HTTP requests, file changes, etc... a solid robots file (prevent google dorking)
proper file permissions, the list goes on...


You're weak points are public files. (things that have user interaction)
e.g. input boxes such as login registration forms can be exploited through XSS and in turn SQLi opens up

theres an addon for apache called modsecurity which is pretty cool it helps greatly! (assuming you run your own server)

This post was edited by Glyph89 on Jun 18 2013 01:18am
Member
Posts: 4,105
Joined: Jun 3 2013
Gold: 56.48
Jun 18 2013 02:30am
Quote (Glyph89 @ Jun 18 2013 10:08am)
That's entire paragraphs to explain. in short, you can't.

good database monitoring and known exploit "fingerprinting" will work pretty well against these attacks.

check HTTP requests, file changes, etc... a solid robots file (prevent google dorking)
proper file permissions, the list goes on...


You're weak points are public files. (things that have user interaction)
e.g. input boxes such as login registration forms can be exploited through XSS and in turn SQLi opens up

theres an addon for apache called modsecurity which is pretty cool it helps greatly! (assuming you run your own server)


okay, thanks for the reply. When the site is on i'll try that Apache ModSecurity thing !
Go Back To Programming & Development Topic List
Add Reply New Topic New Poll