Write Security Triggers Against SQL Injection

August 19th, 2007 by Aaron

Get MS hosting starting at less than $2 month + free domains.Click Here Now to Save.

An interesting idea that a colleague told me about was a ’security trigger’ in any application that has a SQL type storage engine. The trick is to make sure that your admin account is not ID #1 and that your administrative username isn’t one of the most common ones:

  • admin
  • root
  • administrator
  • webmaster
  • company name / your name

Then, the next thing to do is to program a trigger in your mysql database to check against a select against ID #1 or against one of those names. This would only happen if there was some sort of sql injection being exploited on your site… (of course make sure that the ’search’ feature can’t search for those usernames either - otherwise you’ll get false positives!)

A very intriguing idea.

Tags: ,

This entry was posted on Sunday, August 19th, 2007 at 8:25 pm and is filed under SQLsecurity. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.


« Friendly reminders about testing your PHP code | Tools of the trade »

Leave a Reply

102 Degrees Blog

Web Programming and Design by Aaron Saray


©2008 102 Degrees LLC - All Rights Reserved Home Services Products Network Blog Open Source Learning Contact