14 messages in ru.sysoev.nginxRe: Block SQL Injection| From | Sent On | Attachments |
|---|---|---|
| jacppe | Apr 20, 2011 10:04 am | |
| SplitIce | Apr 20, 2011 10:23 am | |
| Cliff Wells | Apr 20, 2011 1:22 pm | |
| Ryan Malayter | Apr 20, 2011 1:45 pm | |
| Payam Chychi | Apr 20, 2011 2:08 pm | |
| Joe | Apr 20, 2011 2:22 pm | |
| António P. P. Almeida | Apr 20, 2011 2:42 pm | |
| Cliff Wells | Apr 20, 2011 3:09 pm | |
| Payam Chychi | Apr 20, 2011 5:43 pm | |
| Cliff Wells | Apr 20, 2011 6:35 pm | |
| Payam Chychi | Apr 20, 2011 8:07 pm | |
| Cliff Wells | Apr 20, 2011 8:31 pm | |
| Edho P Arief | Apr 20, 2011 8:40 pm | |
| Cliff Wells | Apr 20, 2011 8:58 pm |
| Subject: | Re: Block SQL Injection | |
|---|---|---|
| From: | Cliff Wells (cli...@develix.com) | |
| Date: | Apr 20, 2011 1:22:15 pm | |
| List: | ru.sysoev.nginx | |
On Wed, 2011-04-20 at 13:05 -0400, jacppe wrote:
Hi all. Anybody know how can I block some characters for avoid SQL Injection using Nginx as web server o HTTP reverse-proxy? Thanks a lot.
You can't really, unless you write a custom module. Rewrite rules won't help since they don't deal with the POST body. There may be some filter module I'm unaware of that could do it, but I'd still suggest you don't. It's much better to simply use software written by moderately capable developers. SQL-injection is so trivial to avoid at the application level that it's borderline unforgivable to find it in a modern web app.
Regards, Cliff
_______________________________________________ nginx mailing list ngi...@nginx.org http://nginx.org/mailman/listinfo/nginx