Aaron Saray

open source programmer,
web developer

entrepreneur, author
and musician

My Blog

contains PHP, Web and business/entrepreneurial related content. Please join in the conversation!

Write Security Triggers Against SQL Injection

Posted on August 19, 2007 by Aaron

An interesting idea that a colleague told me about was a ‘security trigger’ in any application that has a SQL type storage engine. The trick is to make sure that your admin account is not ID #1 and that your administrative username isn’t one of the most common ones:

  • admin
  • root
  • administrator
  • webmaster
  • company name / your name

Then, the next thing to do is to program a trigger in your mysql database to check against a select against ID #1 or against one of those names. This would only happen if there was some sort of sql injection being exploited on your site… (of course make sure that the ‘search’ feature can’t search for those usernames either – otherwise you’ll get false positives!)

A very intriguing idea.

This entry was posted in security, SQL and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>