Write Security Triggers Against SQL Injection

Aug 20, 2007 security sql
This post is more than 18 months old. Since technology changes too rapidly, this content may be out of date (but that's not always the case). Please remember to verify any technical or programming information with the current release.

An interesting idea that a colleague told me about was a ‘security trigger’ in any application that has a SQL type storage engine. The trick is to make sure that your admin account is not ID #1 and that your administrative username isn’t one of the most common ones:

  • admin

    • root

    • administrator

    • webmaster

    • company name / your name

Then, the next thing to do is to program a trigger in your mysql database to check against a select against ID #1 or against one of those names. This would only happen if there was some sort of sql injection being exploited on your site… (of course make sure that the ‘search’ feature can’t search for those usernames either - otherwise you’ll get false positives!)

A very intriguing idea.

Go to All Posts