Sanitize user input: Difference between revisions

Sanitize user input (view source)

Revision as of 15:06, 13 September 2021

599 bytes added , 2 years ago

→‎{{header|Phix}}: clarified sqlite3_bind_text and added rm -rf not practical note

Petelomax

7,806

edits

Revision as of 12:38, 13 September 2021 (view source) Puppydrum64 (talk \| contribs) m (Adjusted formatting for clarity) ← Older edit		Revision as of 15:06, 13 September 2021 (view source) Petelomax (talk \| contribs) (→‎{{header\|Phix}}: clarified sqlite3_bind_text and added rm -rf not practical note) Newer edit →
Line 18: =={{header\|Phix}}== As noted there is no magic "one size fits all" solution, and in the specific case of sql the use of sqlite3_prepare() and sqlite3_bind_text() is strongly recommended in preference to sqlite3_exec() or sqlite3_get_table(), at least for any questionable input. Using sqlite3_bind_text() there is no problem whatsoever with having a student named (say) "Robert'); DROP TABLE students;--". ~~As noted there is no magic "one size fits all" solution, and in the specific~~ ~~case of sql the use of sqlite3_prepare() and sqlite3_bind_text() is strongly~~ Given some suspect [Phix] source code to be run, it is simply not practical to cover cases such as system(rot13(reverse("se- ze"))) or any of the other myriad ways in which harmful content could be disguised. In case you have not guessed, that would execute "rm -rf", assuming the code also contains a working rot13() implementation. ~~recommended in preference to sqlite3_exec() or sqlite3_get_table(), at~~ ~~least for any questionable input.~~ Of course you could block all use, even legitimate, of things like system(), as covered by [[Safe_mode]] and [[Untrusted_environment]]. The inverse problem recently arose in p2js, whereby otherwise perfectly