Slashdot Mirror


PHP and SQL Security

An anonymous reader writes "PHP and SQL Security are being proven more weak every day. Uberhacker.Com is running a PHP and SQL security research project to raise awareness of secure scripting. The site hosts guides to secure PHP programming, forums, and scripting challenges to see who can create the most secure scripts."

8 of 305 comments (clear)

  1. "more weak"? by Junks+Jerzey · · Score: 5, Funny

    How about "weaker" :P

  2. Should I submit this one? by blcamp · · Score: 5, Funny

    This one is pretty secure...

    <?php

    // Try to break into this script!
    echo "Hello World!";

    ?>

    --
    The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
    1. Re:Should I submit this one? by horza · · Score: 4, Funny

      You sound like a security expert. I'm told one of my scripts might be insecure, do you think you could tighten up the following:

      <a href="$PHP_SELF?command=date">Click here to see the date</a>
      <?php // Try to break into this script!
      if ($command) echo system($command);
      ?>

      Thanks,

      Phillip.

  3. magic_quotes by ftzdomino · · Score: 5, Funny

    You could also enable magic_quotes in your php.ini. However, if you\'re too dumb to know the basics of sql, chances are your program won\'t work quite right.

  4. I can't take a security sight seriously that... by bbzzdd · · Score: 5, Funny

    uses MS Comic font for their articles. Sorry.

    1. Re:I can't take a security sight seriously that... by daeley · · Score: 5, Funny

      Never mind that, they're using a tag to achieve it! The horror! ;)

      --
      I watched C-beams glitter in the dark near the Tannhauser gate.
  5. 404d! by michael+path · · Score: 5, Funny

    Maybe someone can write a PHP script to take care of the 404 error that occurs when you click on the "home" link on Uberhacker.com.

    Bad Design Überalles.

  6. SQL injection 101 ... by zonix · · Score: 4, Funny

    People! Remember the quotes! Do:

    delete from table where id = '$var'

    Not:

    delete from table where id = $var

    Try for $var = "10 and id = 11 and id = 12 ...".

    z
    --
    What would an EWOULDBLOCK block, if an EWOULDBLOCK could block would? -- me