|
|
|
Forum Member
 
Group: Forum Members
Last Login: 2/9/2007 9:47:28 PM
Posts: 28,
Visits: 21
|
|
| I have read several complaints about mySQL database being wiped out totally by a hacker. Without using a password, how can the hacker have an access to the database? Can you share some tips on how to prevent mySQL database hacking?
|
|
|
|
|
Junior Member
Group: Forum Members
Last Login: 2/13/2007 9:41:50 AM
Posts: 11,
Visits: 14
|
|
I'm pretty sure it's through mySQL injection. Top programmers will prevent this but it's definitely a huge vulnerability to many websites. For example, my Dad sells a piece of software that sells for $500+. Our users are able to login via a login page and re download the software if they've lost/misplaced it. In early 2006, our database was attacked and the hackers had access to many users profiles, where they had access to their unlock key and download. Needless to say, our software was all over bittorrent a couple of days later.
There's a pretty good explanation of mySQL injection and how hackers utilize it here.
|
|
|
|
|
Forum Member
Group: Forum Members
Last Login: 2/9/2007 9:47:28 PM
Posts: 28,
Visits: 21
|
|
| Thank you for the good resource you provided. Most of the steps that were provided involve querying. Is there a way in which unauthorized users can not issue queries?
|
|
|
|
|
Junior Member
Group: Forum Members
Last Login: 2/9/2007 7:35:17 AM
Posts: 15,
Visits: 9
|
|
| I had no idea that mySQL database can be hacked. Thanks for the details given here. At least now I have the idea of what is possible. What are the remedial measures that one should take to get protected against this kind of attacks.
|
|
|
|
|
Junior Member
Group: Forum Members
Last Login: 2/5/2007 4:59:06 PM
Posts: 15,
Visits: 6
|
|
| Your web server Apache can help you secure your database. It has that feature that will deny unauthorize access to URLs especially dynamic URLs where SQL injection is staged. There is a set procedure that must be followed. This link could help you.
|
|
|
|
|
Junior Member
Group: Forum Members
Last Login: 2/7/2007 3:43:42 PM
Posts: 18,
Visits: 23
|
|
| You can use several methods to improve the security of your database but whatever you do you must remember that there is always a way around the system as corporations such as Microsoft have found. The simplest approach that you could use while using Apache is to deny access to unauthorized URLs where SQL injection is performed.
|
|
|
|