发表新帖
发表新帖

Detect SQL Injection

前端 未结
关注
5 1476
不要未来只要你来
不要未来只要你来 2021-01-05 16:44

I came to a company that already has a fully grown project... but coders that worked here before me didn\'t follow conventions and didn\'t use parametrized SQL queries... as

5条回答
  • 傲寒
    傲寒 (楼主)
    2021-01-05 17:04

    In order to really do this right you need to just divide up the application and go through it one module / page / class / whatever at a time.

    This will allow you to not only fix the problem, but also to become much more familiar with the code base in general.

    UPDATE
    Based on the comment I wanted to add one more thing:

    The only thing a tool can do is say look, here is some unsanitized inputs... Which, most likely, is going to be just about every query in your app. Which means you'll have a list of about 3000 or so files that need fixed.

    At that point the only thing you can do is designate a day, like Friday, as Fix Sql Day. Divide up the work and then have everyone spend a day (or even just a couple hours) rewriting the queries on a few pages.

    At some point you'll either finish or find enough other things wrong to determine if starting over is a good idea.

    0 讨论(0)
 看不清?
提交回复
热议问题