What is SQL Injection?

on 09 September 2012

SQL Injection is a common injection technique that an attacker will use to inject code into a website and attack the database. It is frequently used by attackers to execute code that will either let an attacker into an application or let them execute queries against a database to collect information from that database. 

SQL Injection works on SQL server 2000 from Microsoft, MySQL and PostgreSQL. All of the servers speak the same SQL language so it is possible to inject SQL through another web language. 

How do I Protect Against SQL Injection? 
The easiest way is to perform input validation against anything that the attacker or anyone using your website is sending to you. A lot of web application languages contain methods for performing this input validation, so you don’t have to re-write the structures. For more information on developing secure web application check out our recent infographic “Building Secure Web Application”.
Tag :

Using PHP-MySQL Persistent Connections to Run WordPress Blog

on 28 August 2012


When connecting to MySQL database, WordPress weblog based on PHP scripting will use non-persistent connection by default. That is, WordPress will trigger PHP to generate a new connection to MySQL server for each dynamic page request, and subsequently close the database connection once the web page building is completed. Repetitive opening and closing of MySQL connections causes overheads and uses up precious CPU, memory and system resources on the web host.

Using persistent connection to connect to MySQL database server is not always a good option. Each connections takes up resources, including memory, buffers, table or thread caches internally in MySQL and sockets, open files or IO activity at OS level. Thus when a lot of persistent connections are opened but not closed after transactions are completed, the resources on system may drain up and degrade performance of web server, or in worst case, cause HTTP failure. Furthermore, if a persistent connection is stalled, inactive or became defunct or no longer in used, it is not terminated, and MySQL server will only close it to release the resource occupied by the connection after about 28800 seconds (8 hours) by default unless changed the timeout parameters in my.cnf configuration files. This few factors may bring troubles such as MySQL refusing new DB connections or slow server if the applications do not properly handle persistent connections. Thus if you’re not experience webmasters, please do not attempt to change WordPress to use persistent connections.

However, for bloggers who have busy and large blog, and facing constraints in upgrading web host system specifications, and do not want to use static page caching plugin such as WP-Cache, persistent connection is a available option to tune and optimize the web server to see if the webpage serving can be faster. Persistent connection allows connection to be open once and will not be closed when the execution of the script ends. Instead, the link is kept in pool and will remain open for future use. Thus, using persistent connections will eliminate the process of opening and closing the connection. This will indirectly reduce MySQL connection related server overheads such as authentication to establish connection where only once is needed, saving extra network traffic, and resources used to handle extra connection. Beside, there could be some connection level caches, which need to be filled up for proper performance, and potentially reduce the number of connections to the database.
By default, WordPress is using mysql_connect() function that establishes a new database connection on every page. The persistent connection feature will require mysql_pconnect() function which uses the exact same API, but has built-in connection pooling to keep connections alive between requests. So to switch to use persistent connection to run WordPress, the mysql_connect() function has to be replaced with mysql_pconnect().
To enable and use persistent connections with WordPress, simply login to your web host with SSH (or insecure Telnet), and change to the webroot home directory where WordPress blog is installed. Then change directory into wp-includes directory. Inside the wp-includes directory, there is wp-db.php file. Use any text editor such as vi to edit wp-db.php. Search or locate the function of mysql_connect (or@mysql_connect). There is only one instance of mysql_connect. Just change the mysql_connect tomysql_pconnect, then save and exit the wp-db.php. WordPress and PHP (as long as you don’t turn off the mysql.allow_persistent in PHP.INI) will immediately use persistent connections to connect to MySQL database. It’s worth to try out which setting is best for your environment.
Tag :

What Is Blind SQL injection

Blind SQL Injection is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker. The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. 

This type of attack can become time-intensive because a new statement must be crafted for each bit recovered. There are several tools that can automate these attacks once the location of the vulnerability and the target information has been established.
Tag : ,

How To Hack A Wifi Network In A Few Minutes

You don't have to be an IT expert to be able to make use of your neighbour's security enabled Wifi network. Just watch one of the dozens of online videos that explains how. 

Despite most of them being fitted with some kind of password (WEP, WPA etc.), Wifi networks are still relatively vulnerable. And by using another person's network, hackers can illegally download documents or attack websites without being traced. 

 If pirates should download paedophilic pornography, it's the owner of the home network, the person who pays the monthly wireless fee, who will find himself in court. In France, an anti-piracy law called Hadopi 2 enforces this by making it impossible to sentence a home network owner for having a poorly protected network.

This video, viewed over a million times, shows how, with the aid of software, you can get hold of the password to a wireless network.
Tag : ,
 
© Alienelliz | All Rights Reserved
D.I.Y Themes ByBelajar SEO