Welcome Guest, Not a member yet? Register   Sign In
I have two tech arguing over whether this is a critical security problem
#1

Raised here, as its not a security problem with codeignitor, is a problem with how its being used.

Comments from one tech below.

The code I reviewed contained a critical security issue that might enable an attacker to steal or delete the whole database.

Here we are talking about the Codeigniter 3 model we reviewed together.
Codeigniter offers the posibility to write the whole query yourself like:

$this->db->query('SELECT * FROM some_table WHERE id = 3 AND status = 4 AND author = "Rick"');

in this case you need to actually write it more like (query binding and escaping to enforce security)

$sql = "SELECT * FROM some_table WHERE id = ? AND status = ? AND author = 'Rick'"
$this->db->query($sql, array($this->db->escape($id), $this->db->escape($status), $this->db->escape($author)));

Which I completely agreed with (Other tech guy) and I was aware of this.

But I am taking advantage of what the framework is offering me and that is called a Query Builder Class

So in my case the query would look like:

$wheresql = "id = {VAR}";

$wheresql .= "status = {VAR}";


$wheresql .= "author = {VAR}";

$this -> db -> where($wheresql);

The "where" method that is called on the db object is calling another method called _wh which is escaping the value or $wheresql

So I am more than sure there is no security problem in that. I already tried myself all "hacking" ways to see if I can inject something and I could not succeed.

Who is right?
is the database safe or not.
Reply


Messages In This Thread
I have two tech arguing over whether this is a critical security problem - by nippi9 - 07-19-2017, 12:11 AM



Theme © iAndrew 2016 - Forum software by © MyBB