Websites wide open to attack ?

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
User avatar
CoderGoblin
DevNet Resident
Posts: 1425
Joined: Tue Mar 16, 2004 10:03 am
Location: Aachen, Germany

Websites wide open to attack ?

Post by CoderGoblin »

Apparently there has been a recent report which I thought some people may be interested to view. A summary (yahoo news) is here... Websites wide open to attack.

Not sure how long the link will last though.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

SQL is that big of a vulnerability? What are these websites doing incorrectly? There are so many methods for SQL and converting inputted values into valid SQL values.
User avatar
CoderGoblin
DevNet Resident
Posts: 1425
Joined: Tue Mar 16, 2004 10:03 am
Location: Aachen, Germany

Post by CoderGoblin »

Whilst a lot of people on these forums are aware of SQL injection and preventative techniques, an awful lot of people are not. How many books on PHP actually explain how to prevent SQL injection ?
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

Sounds about right - I know of lots of applications that are completely unprotected. Unfortunately they were all written by people who shouldn't ever call themselves "developers" and most of them haven't a rudimentary knowledge of PHP Security. Even the ones that do view the security issues as minor since they tend not to be big enough to attract attention. I'm sure rival scriptkiddies have bigger fish to fry like the large PHPNuke install base...;).

These sort of statistics do offer further ammunition to those who view PHP as being a security addled language. When 99% statistics are thrown around I'm sure it makes most folk deep down consider if the PHP devs would be better off figuring out ways of offering fewer methods for developers to shoot their own feet rather than continuing to blame those using the language who barely know how to type an opening tag let alone escape sql variables...
Post Reply