Hi, everyone. I'm running a simple website with a long story. However, not long ago, the sql injection attack wiped out both DB and server settings and robbed Linux of administrator rights. So I had to blow up the server and finally re-create the website.
The reason seems to be that I was working on the form when I was hacked, but I didn't log in required.
However, the problem is that you have to work on the form again (a form that can be registered by non-members).
I don't want to be hacked again.
I don't know how to improve security.
Here's a question.
django mysql
First, please read at least one book on web security. That way, you can know why an attacker could gain Linux root privileges and prevent it.
In fact, sql injection is more a problem due to developer's annoyance, such as checking form data, than a session problem.
Queries should not also use dynamic queries, should be binding queries, and all inputs should be validated on the server side. It should not be done only on the client.
along with books https://www.owasp.org/index.php/Main_Page Please refer to the site.
578 Understanding How to Configure Google API Key
916 When building Fast API+Uvicorn environment with PyInstaller, console=False results in an error
573 rails db:create error: Could not find mysql2-0.5.4 in any of the sources
574 Who developed the "avformat-59.dll" that comes with FFmpeg?
613 GDB gets version error when attempting to debug with the Presense SDK (IDE)
© 2024 OneMinuteCode. All rights reserved.