> -----Original Message----- > From: Marc Boeren [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 14, 2003 1:08 AM > To: [EMAIL PROTECTED] > Subject: RE: [PHP-DEV] Re: PHP 4.3.3RC3 Released > > > > > that's the point. if the cracker can change only the end of > > the query, it's not so usefull for him (he can maximum get > other id) > > How about a form of dos: > > '...where id = '.$id > > with $id = '23129 or 1' > > this will select all entries in the table which could result in DoS... > > So, ultimately this problem is the coders responsibility.
Considering _many_ PHP websites have at least one instance of this, it's not just the coder's responsibility. PHP has had no SQL command builder, so people have manually built the queries from argument strings which can be as dangerous as fixed buffers on the stack in C. Mysql doesn't allow (AFAIK) command chaining for this reason to lessen the potential damage. Like you say, it could result in a DoS, but generally not a total compromise. Avoiding dangerous functionality like sprintf and chainable queries is a shared responsibility of the library designer and the programmer that uses it. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
