A common mistake many developers make is using their MySQL database to validate a user name and password combination.
Here's a typical SQL query checking for the existence of a user trying to login:
SELECT 1 FROM <USERTABLE> WHERE USERNAME="<USERNAME>" AND
USERPASSWORD="<USERPASSWORD>"
If a record matches, the database returns that record and the process continues.
But in MySQL, the above query allows a person with knowledge of the just the USERNAME alone to gain access to the system without much difficulty.
For instance, suppose a user keys in the value for USERNAME as <USERNAME>##" and for PASSWORD, he keys in anything. Because MySQL interprets the character "##" as a comment, the query is terminated when the "##" character is found and there definitely will be a record matching just the username. The query thus returns a record and allows this user to login.
Here's an effective query:
SELECT 1 FROM <USERTABLE> WHERE USERNAME="<USERNAME>"
Always be sure to check whether the username contatins a character like "##" and throw an appropriate error before even sending it to the database.
Digg
del.icio.us
Newvine
furl
StumbleUpon
BlinkList
Newsvine
Magnolia
Facebook
Tailrank
Slashdot
Technorati
Google Bookmarks
Yahoo Favorites
Windows Live
Ask
