14 messages in ru.sysoev.nginxRe: Block SQL Injection| From | Sent On | Attachments |
|---|---|---|
| jacppe | Apr 20, 2011 10:04 am | |
| SplitIce | Apr 20, 2011 10:23 am | |
| Cliff Wells | Apr 20, 2011 1:22 pm | |
| Ryan Malayter | Apr 20, 2011 1:45 pm | |
| Payam Chychi | Apr 20, 2011 2:08 pm | |
| Joe | Apr 20, 2011 2:22 pm | |
| António P. P. Almeida | Apr 20, 2011 2:42 pm | |
| Cliff Wells | Apr 20, 2011 3:09 pm | |
| Payam Chychi | Apr 20, 2011 5:43 pm | |
| Cliff Wells | Apr 20, 2011 6:35 pm | |
| Payam Chychi | Apr 20, 2011 8:07 pm | |
| Cliff Wells | Apr 20, 2011 8:31 pm | |
| Edho P Arief | Apr 20, 2011 8:40 pm | |
| Cliff Wells | Apr 20, 2011 8:58 pm |
| Subject: | Re: Block SQL Injection | |
|---|---|---|
| From: | Payam Chychi (pchy...@gmail.com) | |
| Date: | Apr 20, 2011 8:07:22 pm | |
| List: | ru.sysoev.nginx | |
I was easy... So you would use some admins stupidity to backup 23 years of experience? That makes no sense to me but hey its ok, its the internet after all
Hope you find an answer to your problem
On 4/20/11, Cliff Wells <cli...@develix.com> wrote:
On Wed, 2011-04-20 at 17:43 -0700, Payam Chychi wrote:
Cliff Wells wrote:
On Thu, 2011-04-21 at 04:22 +0700, Joe wrote:
Put a daily backup on your databases. :)
That doesn't really solve the issue. Once someone has compromised the database, they can usually leverage that to gain wider system access.
Cliff
_______________________________________________ nginx mailing list ngi...@nginx.org http://nginx.org/mailman/listinfo/nginx
how does exploiting your db = wider system breach? sorry but that makes no sense
Easy. What data does your database store? Quite probably usernames and passwords. A fundamental truth is that people often use the same passwords for multiple services. If you can obtain the password for a company's CMS or Webmail application, chances are you now have their password for multiple services.
For a recent and well-publicized example of this type of intrusion, Members of Anonymous hacked HBGary's database via a SQL-injection attack on their CMS, which eventually led to compromised email accounts. They then leveraged this to obtain more sensitive information via social engineering (using a stolen email address to get ssh passwords).
and ive been doing system/network security & networking for over 10 years.
Well, I've been doing it for 23 years, so give yourself a little more time.
Regards, Cliff
_______________________________________________ nginx mailing list ngi...@nginx.org http://nginx.org/mailman/listinfo/nginx
-- Sent from my mobile device
Payam Tarverdyan Chychi Network Security Specialist / Network Engineer
_______________________________________________ nginx mailing list ngi...@nginx.org http://nginx.org/mailman/listinfo/nginx