Prevent Sql Injections?
#11
(2014-12-31, 03:48 PM)Adrii Wrote: where i can find mod_security to install on my forum.
And what's features that this mod can do ?

it is a server modification to the apache installation. nothing to do with mybb. if you have to ask, then you should talk to your host about it and get help installing and configuring it.
Lost interest, sold my sites, will browse here once in a while. It's been fun.
Reply
#12
mod_security won't help it can easily be bypassed
Heart MYBB  Heart
Reply
#13
(2015-01-01, 03:47 AM)Beautiful Wrote: mod_security won't help it can easily be bypassed

You can bypass any WAF. In the case of scanners which are naive, or kids with little knowledge of exploitation, they do a great job. That extra bit of difficulty could give the admin enough time to patch the issue before it's successfully exploited.
No longer involved in the MyBB project.
Reply
#14
(2014-12-31, 01:08 AM)Nathan Malcolm Wrote:
Quote:Yes you can. Its called PDO (PHP Data Objects ). You should be using 'prepared' statements within your projects, not MYSQL or MYSQLi. This will eliminate SQL injection completely as data is never passed directly into the SQL query.

PDO isn't a bulletproof solution for preventing SQL injection. PDO does have some features which stop developers doing stupid things, but injection is still possible if the developer truly doesn't know what they're doing.

Example: Drupal's recent security scare caused by custom code to build prepared statements with an array of parameters. 
Reply
#15
lol, plugin security isn't going to help you if your code isn't right
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)