Hi
I'm developing an Cold Fusion (similar to PHP) application and I have a
security problem. When I load a page "test.cfm?articleid=5" someone can
alter the URL to
"test.cfm?articleid=5;create%20table%20plc%20(plc%20int2)" if the hacker
wanted to create a table.
The sql passed to PostgreSQL is: "select * from article where articleid
= #Url.ArticleId#"
Which means that anybody can pass the sql that they like to PostgreSQL
by using ";" to separate the queries. This is not good.
I could off course verify the input and reject it if it wasn't a number,
but I have almost 2000 different queries with all sorts of input (yes,
it's a big app.).
Can't I somehow disable multiple queries pr. SQL string so that ;
doesn't work?
I don't know if this affects PHP apps.
I'm using PostgeSQL 7.0.0 installed on Redhat 6.1 with RPM and the ODBC
driver from Insight Distribution Systems 6.40.00.08 on windows NT 4.0.
Thanks,
Poul L. Christiansen