You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Still not sure how, though I know I have done some to protect against SQL Injection attacks, I'm not sure if it enough. Though this is just a user bot, and I use password hashing of course, I think I really need to try to harden the bot against such attacks.
The text was updated successfully, but these errors were encountered:
Password hashing isn't really the issue. The issue is that there were several SQL statements assembled like this:
query="DELETE FROM users WHERE uid IS '"+uid+"'"db.execute(query)
If I could somehow control my UID to be ' OR true() OR ', that statement becomes:
DELETEFROM users WHERE uid IS ''OR true() OR''
and I've just wiped out your users table.
I edited all the functions doing DB access to use prepared statements, like so:
query="DELETE FROM users WHERE uid IS :uid"db.execute(query, { "uid" : uid })
which is impossible to do an SQL injection into.
This is what PR #64 is about. (PR #64 also does other stuff, like using context managers for all DB functions to get safe commit-or-rollback semantics.)
Still not sure how, though I know I have done some to protect against SQL Injection attacks, I'm not sure if it enough. Though this is just a user bot, and I use password hashing of course, I think I really need to try to harden the bot against such attacks.
The text was updated successfully, but these errors were encountered: