0
For PHP and SQL users, what do you think it is the worst security flaw you have seen in a webpage code?
I'm thinking in getting serious in PHP programming and the course offers little or not enough examples of security failures. I'm sure you had some experience with this topic and it should form a part of those courses.
6 Answers
+ 7
Never use root for establishing connection once the project goes public (production stage), instead, create a limited user with carefully selected privileges given, scope of accessibility should only be around the database that is used, nothing more.
@Lil Taco was right about SQL injection, I once had to face trouble having to deal with a compromised server, just because someone forgot to change the credentials used for connection, and somebody from outside got in and changed the root password, it was horrible : )
+ 4
@Ipang, I know, I saw with my eyes that mistake and another person showed me how easy it was to abuse.
+ 4
@Daniel, of course mate, my post was not directed at you, I was just pointing out a fact, and put a little suggestion, in a hope what I experienced wouldn't happen to anyone else, yes that's right, security is no easy task, even tech giant corporations do have special allocation and investment on that matter.
Thanks mate : )
+ 2
SQL Injections.
HTML tags in the input such as script.
+ 2
I once saw a PHP code where the root user had no password. Literally, anybody who figured this out could get into that web.
+ 2
Another mistake that I found out is related to versions of the language. In a time when anyone can use PHP 7, this man was using PHP 5!