fushigikaze
New member
Seems I am really not able to put this right. I am sure all scripting languages have there problems and exploids here and there.
Thx for the info still.
Fush.
Thx for the info still.
Fush.
SQL database in a website
- Thread starter AmiNeo
- Start date
- Replies 32
- Views 8753
Hey Fushi, I apologise if I'm not reading your posts right.
I did notice you said something about using users with lower privileges to enter info into a database. I'm unsure how that can be achieved on a website which posts new user details via _POST scrips as you need the sql admin login details to access any database.
Feel free to have another go, I'll do my best to try to understand.
The biggest security risk with any web scripting language is careless programming. If you run PHP in safe mode, you can protect against a lot of things, but only by removing functionality.
If you want something as simple as the ability to upload files to the remote server, you have to be incredibly careful that you don't end up allowing an attacker to upload more PHP code and have the server execute it.
If you want something as simple as the ability to upload files to the remote server, you have to be incredibly careful that you don't end up allowing an attacker to upload more PHP code and have the server execute it.
So, apparently PHP does actually make this far easier than something like Python or Ruby. So it could be argued that it's overall less-secure. I've not really looked into it in detail, but apparently it's very easy to write poor PHP code...
So, apparently PHP does actually make this far easier than something like Python or Ruby. So it could be argued that it's overall less-secure. I've not really looked into it in detail, but apparently it's very easy to write poor PHP code...
Hmm... Seems like I should look further into it before using it in any serious manner then.
What makes this so difficult is that we were taught none at all this year when we were supposed to have a year covering PHP, SQL and JavaScript. Next year has none of these languages at all, as we're moving on to more advanced programming with different goals, such as AI (PROLOG), Game development (Objective-C & COCOS2D), and ASP (C#) web technologies.
Right now, I have a foundation degree and very little experience with the languages learned. Next year will be much better since I am transferring to a bachelors programme at a different uni, but I can't help feeling I've missed out. I'm confident I've taught myself enough to write functional websites this year but I don't know how many gaps I've missed and would still need a lot of reference for anything beyond static HTML.
With things being so advanced again next year, I won't have any time to focus on what I've missed until after graduation.
Can someone reassure me and tell me that uni is where you learn, and its not expected to become fluent in that time? Or have I missed too much and should quit?
Can someone reassure me and tell me that uni is where you learn, and its not expected to become fluent in that time? Or have I missed too much and should quit?
Surely that's entirely the point of a CS degree. You should be taught decent programming principles as part of it. Here in Southampton, we prefer it if our first years don't have a great deal of programming experience, as it means they don't already have bad habits!
Any foundation course should really be about ensuring you have the mathematical and logical grounding and understanding you'll need to successfully study a CS programme.
fushigikaze
New member
School, hmmmm
I never learned any programming at school at all. All that I know is self learned and thus probably has plenty of security risks and others here and there. Went around the web and I indeed have to agree that PHP is a very easy language compared to others. Wrote a C++ MySQL access program the other day and that sure proven to be a challenge.
My self learning is probably why I am more interested in hearing the possible security risks in using PHP to access MySQL.
Ssearches I did all resulted in pretty much the same for this. Use the utter most basic commands and you will get a working website but security will lack on it. Use the more advances commands (and quite a bit of extra code lines to do the same functions) and you can possibly make it as secure as you want to.
As for the school part, I would assume you learn all the basics of things and depending on the school year, bits and pieces of the more advances stuff aswell.
Fush.
I never learned any programming at school at all. All that I know is self learned and thus probably has plenty of security risks and others here and there. Went around the web and I indeed have to agree that PHP is a very easy language compared to others. Wrote a C++ MySQL access program the other day and that sure proven to be a challenge.
My self learning is probably why I am more interested in hearing the possible security risks in using PHP to access MySQL.
Ssearches I did all resulted in pretty much the same for this. Use the utter most basic commands and you will get a working website but security will lack on it. Use the more advances commands (and quite a bit of extra code lines to do the same functions) and you can possibly make it as secure as you want to.
As for the school part, I would assume you learn all the basics of things and depending on the school year, bits and pieces of the more advances stuff aswell.
Fush.
That's the trouble, the foundation years have been run by a college which I think really lack the skills and enthusiasm to teach at degree level. It took them 3 months to find us tutors during the second year for example and one of them didn't bother doing anything in spite of all of his promises. We also had a rubbish start with the programming in the first year because we had a similar tutor for that, who left us after the year was out.
I'll admit that between the above and dealing with students who couldn't be bothered to teach themselves anything disrupting most classes over the 2 years one way or other, I've had a lot of depression and stress over it.
I really feel I've lost out a lot in terms of and kind of structured learning and may as well have just been teaching myself up to this point without being on the course.
I'm now about 6 weeks away from starting a third year bachelors degree with about half the knowledge and experience I'd like to have had at this stage. Naturally, I'm sure you can see where my concern is coming from. But it's a chance I'm taking and I'm going to work my ass off because I want it for myself more than anything.
Hang in there AmiNeo. I'm sure you know more than you think, because its only after I had finished my Software Engineering course (and I completely flunked it by the way) that I realised how much I used the knowledge and experience gained from it.
I'm sorry to hear how you have been messed about by the college and the situation. This sometimes happens, and sometimes we're not dealt the best hand. However, you sound to me as if you have risen above it and taken steps to ensure that you look after your own interests. After all, the college has its own interests at heart at the end of the day.
One piece of advice that helped me is not to concentrate on what you don't know outside of the course, but consider what you need to know in order to pass the course.
Its incredible how much you learn once you're in industry, and its incredible how often I think back to university. My university course has helped me solve many problems. Getting a job can be problematic, but its not a bad idea to try making it for yourself anyway, so give making a few android apps a go: They'll serve as a chance at making it big-time, and at the very least they'll be an easy way to show off your skills when looking for clients or employment.
Have you found many people helping you out here? If I ever come across a thread of yours asking about Java or databases then I'll stop by to help.
Feel free to PM and alert me too.
PHP has no inherited security risks. However, the ease of use makes it easier for people to accomplish tasks without having the knowledge you need using other languages. This also means people that are not aware of the security aspect of websites. SQL Injection is one common problem, and while PHP has several ways to sanitize data, it requires you to perform them. While you in other languages get warned that you're about to do something stupid - you aren't in PHP.
However, if you read up on common security challenges in a php application and/or use a php framework which adds a layer of security - you'll be as safe as in any other language.
And as with everything, the key is practise, practise and then practise a bit more.
Thanks for this, it helps.
Outside of a few people I'm probably annoying by now who have given me some advice in the past on the net, I have noone else taking the course seriously enough to work with. The other students would rather spend free time playing games or going to concerts and really aren't doing much to help themselves. I've spent most of the last 2 years using my free time to help a number of them with noone to ask questions of myself.
One thing I've learned though is that with some people the more you help the less they do and I've grown tired of helping people only to find they've not worked on anything I've asked them to afterwards. I've given up sometimes 5 hours of a day to explain things to people that they still can't explain back to me now.
I'd be feeling much better about the course if there was 1 student or tutor that cared enough to get enthusiastic about some programming but I pretty much feel alone. Hopefully I'll meet some more like minded students in 3rd year and won't be too far behind to work with them.
