UNION/CLIKE Detection: Any ideas?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

UNION/CLIKE Detection: Any ideas?

Post by Maugrim_The_Reaper »

Beside securing the usual validation of vars and proper escaping - wondering if there are any known methods of detecting these attacks when passed through GET/POST?

I've come across the usual preg_match on "UNION" or "%20UNION%20" but if there's a more in-depth check it's be appreciated.

Same for CLIKEs :)

At the moment my scripts appear well prepared - but I'd like to track such attempts in any case - just to see what peeps are trying on my server...
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

given the right escapement utility, it shouldn't matter if they submit such requests. If this isn't for a programming site, then you may want to look at enabling/installing mod_security (if you are running apache)
Post Reply