Slashdot Mirror


PHP and SQL Security

An anonymous reader writes "PHP and SQL Security are being proven more weak every day. Uberhacker.Com is running a PHP and SQL security research project to raise awareness of secure scripting. The site hosts guides to secure PHP programming, forums, and scripting challenges to see who can create the most secure scripts."

1 of 305 comments (clear)

  1. Re:Blame should be shared between coder and langua by Sanity · · Score: 0, Flamebait
    Have you ever used a stored procedure? You call the name of it, and that's it. You give the web server permission to call the stored procs.
    So your solution to the problem that SQL encourages the mixing of code and data is to physically separate all the SQL out into separate files? And how many people do you think will be willing to contort their code in that manner to get around SQL's inherent insecurity? Judging by bugtraq - not very many.

    The real solution is not to use a separate language and syntax for constructing queries.