ADODB Lite Security

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
MrPotatoes
Forum Regular
Posts: 617
Joined: Wed May 24, 2006 6:42 am

ADODB Lite Security

Post by MrPotatoes »

i'm no security master but i know i need to have it otherwise my site won't be up for longer than a few hours. and everything that i've done is really just a tutorial here and there but nothing really indepth and that sucks because it's hard to find. and of course i haven't found any books so if you wanna point me in the corrcet direction for that...

but i digress

i wanted to know if ADODB has it's own security features coded into it so i don't have to bother too much with it. for instance protection against UNION attacks, DOS, SQL injection. things of that nature.

thank you if you know.

Ciao for now
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

ADOdb Lite is a database abstraction library - not a security library. The one cool feature for security it does have is support for variable binding (which automatically quotes/escapes values appropriately).
User avatar
MrPotatoes
Forum Regular
Posts: 617
Joined: Wed May 24, 2006 6:42 am

Post by MrPotatoes »

balls. it would have been great if that was the case.

the reason i ask is because you can look up things and expect it to only do one thing but it comes with so much <span style='color:blue' title='I&#39;m naughty, are you naughty?'>smurf</span> that it's barely what it's supposed to be. for instance. i was looking for PHP Frameworks. i searched for 2 weeks because everything i found was not a framework but more of a CMS. it had user auth, modules, everything. so i couldn't use those. but they considered themselves frameworks. so you know it's always worth asking. maybe they had some of the functionaity :D

thanx for your answer tho
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

You could check out component based PHP frameworks (using the term lightly) like ezComponents, or even the Zend Framework. Lots of useful stuff with few dependencies...
User avatar
MrPotatoes
Forum Regular
Posts: 617
Joined: Wed May 24, 2006 6:42 am

Post by MrPotatoes »

i already have my framework running. i've got to add templates and security and the 'framework' is done. didn't take me too long and it's absolutely supurb. MVC and all classes
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

Wait till you discover a need to change something - then the framework frenzy will drive you nuts...;).
User avatar
MrPotatoes
Forum Regular
Posts: 617
Joined: Wed May 24, 2006 6:42 am

Post by MrPotatoes »

i have had to change many things to get it to snuff. not too bad. either way it's 100 fold easier to change something that i've written than it is to go thru and chang something that is already in place.

you aren't going to convert me. my framework is completely badass :D
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

I wasn't converting - I don't have much use for frameworks since I don't work on anything that requires one. You're not the only one who's reinvented the wheel to meet their own private needs where a common framework doesn't perfectly match requirements...
User avatar
MrPotatoes
Forum Regular
Posts: 617
Joined: Wed May 24, 2006 6:42 am

Post by MrPotatoes »

no problems man.

oh, and thank you for your initial responce :D
Post Reply