Quote:
Originally Posted by OSWO
You are definitely lacking security if you allow people with SQL clients to freely connect to the SQL database. Looks like I'll have to to change the "Many" to "Some" cause it shows you clearly don't.
|
I honestly dont understand a word your saying. It's all jibberish.
I figure u dont even know what injection is. I figure u make users with full permissions and dont understand permissions properly. A combination of both means I'll drop your entire schema.
I have an entire mysql cluster open to the public for my token and paintkit systems. I use permissions to control what these clients can do and have access to.
Moral is. Setup permissions and dont write injection vulnerable code.
Edit: If you can find my cluster and make a login, try do something naughty. The best u can do is leave me a message in a table row that will cost you .5AUD
I've had a few ppl do such for lols. They are now steam friends.
__________________