View Single Post
  #1  
Old 05 Sep 2012, 19:58
Jafo232 Jafo232 is offline
 
Join Date: May 2004
Protecting plugin and template table with Triggers & Signals

Here is a product I put together for vb3 (free) that some of you might find interesting. The plugin protects the plugin and template table from being hacked by using triggers and signals to authenticate a valid user.

Basically once the administrator area properly authenticates a user, it sets a secret session variable in MySQL. Unless that variable is defined, the trigger will not allow the protected tables to be altered.

Considering that I can see no reason why these tables should be modified in any way unless the user is in the admincp, I think it will help a lot with injection attacks.. Works on VB4 too:

http://www.lampwrights.com/showthrea...=1284#post1284

Enjoy!
__________________
Become a Lampwright today at www.lampwrights.com!
Reply With Quote