The short answer is yes, yes there is a way to get around mysql_real_escape_string(). #For Very OBSCURE EDGE CASES!!! The long answer isn’t so easy. It’s based off an attack demonstrated here. The Attack So, let’s start off by showing the attack… mysql_query(‘SET NAMES gbk’); $var = mysql_real_escape_string(“\xbf\x27 OR 1=1 /*”); mysql_query(“SELECT * FROM test … Read more
Same-origin policy You can’t access an <iframe> with different origin using JavaScript, it would be a huge security flaw if you could do it. For the same-origin policy browsers block scripts trying to access a frame with a different origin. Origin is considered different if at least one of the following parts of the address … Read more
The link to discussion, provided by Catchdave, has another valid point (original, dead link) made by Dick Hardt, which I believe is worth to be mentioned here in addition to what’s been written above: My recollection of refresh tokens was for security and revocation. <…> revocation: if the access token is self contained, authorization can … Read more
1. How can I completely avoid reverse engineering of an Android APK? Is this possible? AFAIK, there is not any trick for complete avoidance of reverse engineering. And also very well said by @inazaruk: Whatever you do to your code, a potential attacker is able to change it in any way she or he finds … Read more
As tweakt said, Amazon S3 is a good model to work with. Their request signatures do have some features (such as incorporating a timestamp) that help guard against both accidental and malicious request replaying. The nice thing about HTTP Basic is that virtually all HTTP libraries support it. You will, of course, need to require … Read more
It drops the students table. The original code in the school’s program probably looks something like q = “INSERT INTO Students VALUES (‘” + FNMName.Text + “‘, ‘” + LName.Text + “‘)”; This is the naive way to add text input into a query, and is very bad, as you will see. After the values … Read more
DISCLAIMER: This answer was written in 2008. Since then, PHP has given us password_hash and password_verify and, since their introduction, they are the recommended password hashing & checking method. The theory of the answer is still a good read though. TL;DR Don’ts Don’t limit what characters users can enter for passwords. Only idiots do this. … Read more
It’s a common misconception that user input can be filtered. PHP even has a (now deprecated) “feature”, called magic-quotes, that builds on this idea. It’s nonsense. Forget about filtering (or cleaning, or whatever people call it). What you should do, to avoid problems, is quite simple: whenever you embed a a piece of data within … Read more
How about taking another approach or angle at this problem? Ask why the password is required to be in plaintext: if it’s so that the user can retrieve the password, then strictly speaking you don’t really need to retrieve the password they set (they don’t remember what it is anyway), you need to be able … Read more
The correct way to avoid SQL injection attacks, no matter which database you use, is to separate the data from SQL, so that data stays data and will never be interpreted as commands by the SQL parser. It is possible to create an SQL statement with correctly formatted data parts, but if you don’t fully … Read more