Hi, everyone. I'm running a simple website with a long story. However, not long ago, the sql injection attack wiped out both DB and server settings and robbed Linux of administrator rights. So I had to blow up the server and finally re-create the website.
The reason seems to be that I was working on the form when I was hacked, but I didn't log in required.
However, the problem is that you have to work on the form again (a form that can be registered by non-members).
I don't want to be hacked again.
I don't know how to improve security.
Here's a question.
django mysql
First, please read at least one book on web security. That way, you can know why an attacker could gain Linux root privileges and prevent it.
In fact, sql injection is more a problem due to developer's annoyance, such as checking form data, than a session problem.
Queries should not also use dynamic queries, should be binding queries, and all inputs should be validated on the server side. It should not be done only on the client.
along with books https://www.owasp.org/index.php/Main_Page Please refer to the site.
© 2024 OneMinuteCode. All rights reserved.