> -----Original Message-----
> From: Michael Shadle [mailto:mike...@gmail.com]
> Sent: Wednesday, June 23, 2010 1:07 AM
> To: Tommy Pham
> Cc: php-general@lists.php.net
> Subject: Re: [PHP] $_SERVER['REMOTE_ADDR'] and sql injection
> 
> On Wed, Jun 23, 2010 at 1:01 AM, Tommy Pham <tommy...@gmail.com>
> wrote:
> 
> > If you're going to implement this, then it's better to implement the
> conversion in the backend DB (via SP or UDF).  So you can always use MySQL
> query browser or the command line to run queries or other methods
> depending on your access to the DB, especially if you need to find that
> malicious IP address quickly ;)
> 
> -1 for complicating mysql setups :)

Just an afterthought scenario:

You got a skilled hacker using multiple (compromised) systems or spoofing 
multiple IPs.  This would naturally and easily bypass your firewall.  The web 
server(s) are overloaded with the phony requests.  What are you going to do to 
get the source of the problem and how are you going to analyze the problem?

Are you going to have some kind of reporting on your app, which is already 
being overloaded with w/ phony requests?  Or are you going to access the DB 
directly to analyze the access logs and compare the incoming requests to 
analyze the IPs and/or requested URLs?  Thus, I see 2 choices:

"-1 for complicating mysql setups"

(-1 for complicating the app+code - which is not very useful at this point) + 
face to palm for not being able to get IP address(es) quickly enough

... tough call :)


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to