Open firefly2442 opened 10 years ago
Also add note in readme explaining using the root Arma3 directory for the Databases.txt file is a potential security risk.
See 7b8dcf08a080949d404aa8c8259f51ac8e690110, 96f6a7324af4da1a7243034050cba8c2b5468232, 88bba700c420147a002e3241d823b24b093596a0 among others. This will need to be mostly mitigated on the SQF mission side.
-Use of prepared procedures would help mitigate this. Add this to the readme. -While it's explained in the readme NOT to use the root user and that there are no SQL sanity checks, this is clearly not enough and people are not paying attention. Add a check and disallow root user. -Add in escaping for all queries to attempt to prevent exploits.