View Single Post
Old 05 Sep 2012, 19:58
Jafo232 Jafo232 is offline
Join Date: May 2004
Protecting plugin and template table with Triggers & Signals

Here is a product I put together for vb3 (free) that some of you might find interesting. The plugin protects the plugin and template table from being hacked by using triggers and signals to authenticate a valid user.

Basically once the administrator area properly authenticates a user, it sets a secret session variable in MySQL. Unless that variable is defined, the trigger will not allow the protected tables to be altered.

Considering that I can see no reason why these tables should be modified in any way unless the user is in the admincp, I think it will help a lot with injection attacks.. Works on VB4 too:

Become a Lampwright today at!
Reply With Quote