问题
I am making a cgi program using C++. It allows users to register their information on the website and also login. I am worried about security. Normally, MySQL is vulnerable to MySQL injection when using php to receive form. I am using the MySQL Connector/C++ API.
When using C++, does the method of MySQL injection work on cgi programs? Is the C++ cgi program still vulnerable to MySQL injection?
I know that cgi programs has their own security problems such as buffer overflow but I am asking about MySQL security.
回答1:
Yes exactly SQL Injection is not language dependent. C++ is also vulnerable to c++ Injection. It actually depend to on the logic you use for querying the database not the language.
For preventing from SQL injection you have few methods to follow.
Primary Defenses:
Option #1: Use of Prepared Statements (Parameterized Queries)
Option #2: Use of Stored Procedures
Option #3: Escaping all User Supplied Input
Additional Defenses:
Also Enforce: Least Privilege
Also Perform: White List Input Validation
you can refer these links for further details. https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet Is C++ OTL SQL database library using parameterized queries under the hood, or string concat?
来源:https://stackoverflow.com/questions/30431877/is-mysql-connector-c-cgi-program-vulnerable-to-mysql-injection-just-like-php-i