Protection from SQL injection
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
1
down vote
favorite
I have this code, which is working correctly, but I am sure that it allows SQL injection attacks.
@app.route('/private/')
def private():
login = request.args.get('login', default=None, type=str)
if login is None:
return jsonify(data='Incorrect URL')
try:
c, conn = cursor_connection()
c = conn.cursor()
c.execute("SELECT uid "
"FROM logins_passwords "
"WHERE login='' "
"".format(login)
)
id = c.fetchall()
if not id:
return jsonify(data='Incorrect login')
c.execute("SELECT mc_address "
"FROM boxes_id "
"WHERE uid='' "
"".format(id[0][0])
)
mc_address = c.fetchall()[0][0]
c.close()
conn.close()
except Exception as e:
return str(e)
return render_template(
"private.html",
id=mc_address
)
Access is available by URL request. How can I protect it against SQL injection? If I'm right, I think that changing access method to POST can solve all problems with security here?
As far as I understand, in cases of only POST requests allowed, the attacker will have no ability to inject SQL request through a URL. How can it be possible to execute SQL requests than?
python python-2.7 sql-injection
 |Â
show 1 more comment
up vote
1
down vote
favorite
I have this code, which is working correctly, but I am sure that it allows SQL injection attacks.
@app.route('/private/')
def private():
login = request.args.get('login', default=None, type=str)
if login is None:
return jsonify(data='Incorrect URL')
try:
c, conn = cursor_connection()
c = conn.cursor()
c.execute("SELECT uid "
"FROM logins_passwords "
"WHERE login='' "
"".format(login)
)
id = c.fetchall()
if not id:
return jsonify(data='Incorrect login')
c.execute("SELECT mc_address "
"FROM boxes_id "
"WHERE uid='' "
"".format(id[0][0])
)
mc_address = c.fetchall()[0][0]
c.close()
conn.close()
except Exception as e:
return str(e)
return render_template(
"private.html",
id=mc_address
)
Access is available by URL request. How can I protect it against SQL injection? If I'm right, I think that changing access method to POST can solve all problems with security here?
As far as I understand, in cases of only POST requests allowed, the attacker will have no ability to inject SQL request through a URL. How can it be possible to execute SQL requests than?
python python-2.7 sql-injection
Switching to POST will not protect against SQL attacks (and a whole range of other attacks).
â Daniel
Jan 13 at 13:40
Why not? Attacker will have no abillity to inject SQL request through URL, how can it be possible to execute SQL requests?
â Ivan
Jan 13 at 13:53
1
I don't think the code is working correctly. It is trivial to create a POST request to your server and setting "login" parameter to the value: " not a valid user' OR '1' = '1 " You MUST do either input sanitation or do a parameterized query.
â JanErikGunnar
Jan 13 at 17:03
Reading the query again, I realize that you were already aware of the vulnerability, I got confused because in my mind "working correctly" and "allows SQL injection attack" are mutually exclusive :) Though even disregarding security, it will fail if the user happens to have a username containing a single quote and some other characters. As mentioned, uou MUST do either input sanitation or do a parameterized query.
â JanErikGunnar
Jan 13 at 17:10
No problem:) Can you provide a simple example based on my code so I could realize how secure SQL request should look like..?
â Ivan
Jan 13 at 17:22
 |Â
show 1 more comment
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I have this code, which is working correctly, but I am sure that it allows SQL injection attacks.
@app.route('/private/')
def private():
login = request.args.get('login', default=None, type=str)
if login is None:
return jsonify(data='Incorrect URL')
try:
c, conn = cursor_connection()
c = conn.cursor()
c.execute("SELECT uid "
"FROM logins_passwords "
"WHERE login='' "
"".format(login)
)
id = c.fetchall()
if not id:
return jsonify(data='Incorrect login')
c.execute("SELECT mc_address "
"FROM boxes_id "
"WHERE uid='' "
"".format(id[0][0])
)
mc_address = c.fetchall()[0][0]
c.close()
conn.close()
except Exception as e:
return str(e)
return render_template(
"private.html",
id=mc_address
)
Access is available by URL request. How can I protect it against SQL injection? If I'm right, I think that changing access method to POST can solve all problems with security here?
As far as I understand, in cases of only POST requests allowed, the attacker will have no ability to inject SQL request through a URL. How can it be possible to execute SQL requests than?
python python-2.7 sql-injection
I have this code, which is working correctly, but I am sure that it allows SQL injection attacks.
@app.route('/private/')
def private():
login = request.args.get('login', default=None, type=str)
if login is None:
return jsonify(data='Incorrect URL')
try:
c, conn = cursor_connection()
c = conn.cursor()
c.execute("SELECT uid "
"FROM logins_passwords "
"WHERE login='' "
"".format(login)
)
id = c.fetchall()
if not id:
return jsonify(data='Incorrect login')
c.execute("SELECT mc_address "
"FROM boxes_id "
"WHERE uid='' "
"".format(id[0][0])
)
mc_address = c.fetchall()[0][0]
c.close()
conn.close()
except Exception as e:
return str(e)
return render_template(
"private.html",
id=mc_address
)
Access is available by URL request. How can I protect it against SQL injection? If I'm right, I think that changing access method to POST can solve all problems with security here?
As far as I understand, in cases of only POST requests allowed, the attacker will have no ability to inject SQL request through a URL. How can it be possible to execute SQL requests than?
python python-2.7 sql-injection
edited Jan 14 at 23:32
Jamalâ¦
30.1k11114225
30.1k11114225
asked Jan 13 at 11:32
Ivan
265
265
Switching to POST will not protect against SQL attacks (and a whole range of other attacks).
â Daniel
Jan 13 at 13:40
Why not? Attacker will have no abillity to inject SQL request through URL, how can it be possible to execute SQL requests?
â Ivan
Jan 13 at 13:53
1
I don't think the code is working correctly. It is trivial to create a POST request to your server and setting "login" parameter to the value: " not a valid user' OR '1' = '1 " You MUST do either input sanitation or do a parameterized query.
â JanErikGunnar
Jan 13 at 17:03
Reading the query again, I realize that you were already aware of the vulnerability, I got confused because in my mind "working correctly" and "allows SQL injection attack" are mutually exclusive :) Though even disregarding security, it will fail if the user happens to have a username containing a single quote and some other characters. As mentioned, uou MUST do either input sanitation or do a parameterized query.
â JanErikGunnar
Jan 13 at 17:10
No problem:) Can you provide a simple example based on my code so I could realize how secure SQL request should look like..?
â Ivan
Jan 13 at 17:22
 |Â
show 1 more comment
Switching to POST will not protect against SQL attacks (and a whole range of other attacks).
â Daniel
Jan 13 at 13:40
Why not? Attacker will have no abillity to inject SQL request through URL, how can it be possible to execute SQL requests?
â Ivan
Jan 13 at 13:53
1
I don't think the code is working correctly. It is trivial to create a POST request to your server and setting "login" parameter to the value: " not a valid user' OR '1' = '1 " You MUST do either input sanitation or do a parameterized query.
â JanErikGunnar
Jan 13 at 17:03
Reading the query again, I realize that you were already aware of the vulnerability, I got confused because in my mind "working correctly" and "allows SQL injection attack" are mutually exclusive :) Though even disregarding security, it will fail if the user happens to have a username containing a single quote and some other characters. As mentioned, uou MUST do either input sanitation or do a parameterized query.
â JanErikGunnar
Jan 13 at 17:10
No problem:) Can you provide a simple example based on my code so I could realize how secure SQL request should look like..?
â Ivan
Jan 13 at 17:22
Switching to POST will not protect against SQL attacks (and a whole range of other attacks).
â Daniel
Jan 13 at 13:40
Switching to POST will not protect against SQL attacks (and a whole range of other attacks).
â Daniel
Jan 13 at 13:40
Why not? Attacker will have no abillity to inject SQL request through URL, how can it be possible to execute SQL requests?
â Ivan
Jan 13 at 13:53
Why not? Attacker will have no abillity to inject SQL request through URL, how can it be possible to execute SQL requests?
â Ivan
Jan 13 at 13:53
1
1
I don't think the code is working correctly. It is trivial to create a POST request to your server and setting "login" parameter to the value: " not a valid user' OR '1' = '1 " You MUST do either input sanitation or do a parameterized query.
â JanErikGunnar
Jan 13 at 17:03
I don't think the code is working correctly. It is trivial to create a POST request to your server and setting "login" parameter to the value: " not a valid user' OR '1' = '1 " You MUST do either input sanitation or do a parameterized query.
â JanErikGunnar
Jan 13 at 17:03
Reading the query again, I realize that you were already aware of the vulnerability, I got confused because in my mind "working correctly" and "allows SQL injection attack" are mutually exclusive :) Though even disregarding security, it will fail if the user happens to have a username containing a single quote and some other characters. As mentioned, uou MUST do either input sanitation or do a parameterized query.
â JanErikGunnar
Jan 13 at 17:10
Reading the query again, I realize that you were already aware of the vulnerability, I got confused because in my mind "working correctly" and "allows SQL injection attack" are mutually exclusive :) Though even disregarding security, it will fail if the user happens to have a username containing a single quote and some other characters. As mentioned, uou MUST do either input sanitation or do a parameterized query.
â JanErikGunnar
Jan 13 at 17:10
No problem:) Can you provide a simple example based on my code so I could realize how secure SQL request should look like..?
â Ivan
Jan 13 at 17:22
No problem:) Can you provide a simple example based on my code so I could realize how secure SQL request should look like..?
â Ivan
Jan 13 at 17:22
 |Â
show 1 more comment
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f185030%2fprotection-from-sql-injection%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Switching to POST will not protect against SQL attacks (and a whole range of other attacks).
â Daniel
Jan 13 at 13:40
Why not? Attacker will have no abillity to inject SQL request through URL, how can it be possible to execute SQL requests?
â Ivan
Jan 13 at 13:53
1
I don't think the code is working correctly. It is trivial to create a POST request to your server and setting "login" parameter to the value: " not a valid user' OR '1' = '1 " You MUST do either input sanitation or do a parameterized query.
â JanErikGunnar
Jan 13 at 17:03
Reading the query again, I realize that you were already aware of the vulnerability, I got confused because in my mind "working correctly" and "allows SQL injection attack" are mutually exclusive :) Though even disregarding security, it will fail if the user happens to have a username containing a single quote and some other characters. As mentioned, uou MUST do either input sanitation or do a parameterized query.
â JanErikGunnar
Jan 13 at 17:10
No problem:) Can you provide a simple example based on my code so I could realize how secure SQL request should look like..?
â Ivan
Jan 13 at 17:22