Arma2NETMySQLPlugin icon indicating copy to clipboard operation
Arma2NETMySQLPlugin copied to clipboard
verified publisher icon firefly2442

Look into checking for SQL injections

Open firefly2442 opened this issue 11 years ago • 2 comments

-Use of prepared procedures would help mitigate this. Add this to the readme. -While it's explained in the readme NOT to use the root user and that there are no SQL sanity checks, this is clearly not enough and people are not paying attention. Add a check and disallow root user. -Add in escaping for all queries to attempt to prevent exploits.

firefly2442 avatar May 22 '14 14:05 firefly2442

Also add note in readme explaining using the root Arma3 directory for the Databases.txt file is a potential security risk.

firefly2442 avatar May 23 '14 00:05 firefly2442

See 7b8dcf08a080949d404aa8c8259f51ac8e690110, 96f6a7324af4da1a7243034050cba8c2b5468232, 88bba700c420147a002e3241d823b24b093596a0 among others. This will need to be mostly mitigated on the SQF mission side.

firefly2442 avatar May 30 '14 01:05 firefly2442