Look into checking for SQL injections

firefly2442 / Arma2NETMySQLPlugin

Arma2NET plugin to connect to MySQL and SQLite databases

GNU General Public License v3.0

24 stars 9 forks source link

Look into checking for SQL injections #30

Open firefly2442 opened 10 years ago

firefly2442 commented 10 years ago

-Use of prepared procedures would help mitigate this. Add this to the readme. -While it's explained in the readme NOT to use the root user and that there are no SQL sanity checks, this is clearly not enough and people are not paying attention. Add a check and disallow root user. -Add in escaping for all queries to attempt to prevent exploits.

firefly2442 commented 10 years ago

Also add note in readme explaining using the root Arma3 directory for the Databases.txt file is a potential security risk.

firefly2442 commented 10 years ago

See 7b8dcf08a080949d404aa8c8259f51ac8e690110, 96f6a7324af4da1a7243034050cba8c2b5468232, 88bba700c420147a002e3241d823b24b093596a0 among others. This will need to be mostly mitigated on the SQF mission side.