December 19, 2009 at 20:09give away nuts for the idea of “minimum rights in the database”
He sat down to study the python and wanted to realize one idea, but he “didn’t”.
I wait describe the idea and would like to know your opinion, who can tell the best way help someone advice
So, the idea of
a website that looks like a folder on the disc (a | s) with files of programming languages such as php, perl , python and others. In these files there are calls to databases and queries to them. For example, from php to MySQL mysql_query ()
I was asked to write a python program that, understanding 3 languages php, perl, python and 2 databases mysql and postgresql, could analyze the website files (galleries, ...) and give the answer:
1) to which servers and under which database user do SQL calls such as SELECT, INSERT, etc., etc.
2) give a recommendation to limit the database user to the minimum necessary rights in this database. The
goal of the program: To help the administrator use the “necessary minimum” method, which they entrust to an unfamiliar website with various engines of various web systems. Improve security
where to apply: admin to various web engines, scripts
In a conversation with friends, some misunderstandings surfaced and anticipating them, I’ll answer right away having for example php and bd mysql
figure A) nafig analyze BEFORE, it is better then to look at the database statistics of export sql structures ?
answer: the main thing is AFTER! and not BEFORE the server is deployed, how much to test the site before implementation, and all the same, you can not press the "button" with the call "CREATE" and so what? do not give the necessary rights CREATE?
figure B) nafig all this - give EVERYTHING rights to the table and do not worry!
answer: hackers will thank you for the FILE rights that you gave when you issued ALL. Then you will be blundered through sql injections and are glad that you can do read-write to files. Rights must be issued according to the “necessary minimum” rule, at least try to
figure B) Why is it so complicated? the webmaster chtoli will not describe what he did there in the project, let him give out a list of used sql constructions?
answer: there are many engines, not everything in the modern world is written from scratch, but the admin connects them into a single system and is responsible for security.
I did not master it, since I need to write lexical and syntactic analysis of the text, I even sat down to recall narod.ru/disk/15816222000/AhoSetiUlman_Kompilyators-www.masterpc.alfaspace.net.djvu.html, but after “drawing” the grammarians I realized that I need to write almost interpreters of the languages that I’ve sat to analyze, because the calls can be arbitrarily complex, just imagine that the calls are taken from a text file and how does my script understand it?
I am a software engineer by training, but fate has developed so that I am an admin and serious things in terms of programming have remained at the door of the institute. Can you advise something? can kick in the right direction? or advise
in advance thanks
I wait describe the idea and would like to know your opinion, who can tell the best way help someone advice
So, the idea of
a website that looks like a folder on the disc (a | s) with files of programming languages such as php, perl , python and others. In these files there are calls to databases and queries to them. For example, from php to MySQL mysql_query ()
I was asked to write a python program that, understanding 3 languages php, perl, python and 2 databases mysql and postgresql, could analyze the website files (galleries, ...) and give the answer:
1) to which servers and under which database user do SQL calls such as SELECT, INSERT, etc., etc.
2) give a recommendation to limit the database user to the minimum necessary rights in this database. The
goal of the program: To help the administrator use the “necessary minimum” method, which they entrust to an unfamiliar website with various engines of various web systems. Improve security
where to apply: admin to various web engines, scripts
In a conversation with friends, some misunderstandings surfaced and anticipating them, I’ll answer right away having for example php and bd mysql
figure A) nafig analyze BEFORE, it is better then to look at the database statistics of export sql structures ?
answer: the main thing is AFTER! and not BEFORE the server is deployed, how much to test the site before implementation, and all the same, you can not press the "button" with the call "CREATE" and so what? do not give the necessary rights CREATE?
figure B) nafig all this - give EVERYTHING rights to the table and do not worry!
answer: hackers will thank you for the FILE rights that you gave when you issued ALL. Then you will be blundered through sql injections and are glad that you can do read-write to files. Rights must be issued according to the “necessary minimum” rule, at least try to
figure B) Why is it so complicated? the webmaster chtoli will not describe what he did there in the project, let him give out a list of used sql constructions?
answer: there are many engines, not everything in the modern world is written from scratch, but the admin connects them into a single system and is responsible for security.
I did not master it, since I need to write lexical and syntactic analysis of the text, I even sat down to recall narod.ru/disk/15816222000/AhoSetiUlman_Kompilyators-www.masterpc.alfaspace.net.djvu.html, but after “drawing” the grammarians I realized that I need to write almost interpreters of the languages that I’ve sat to analyze, because the calls can be arbitrarily complex, just imagine that the calls are taken from a text file and how does my script understand it?
I am a software engineer by training, but fate has developed so that I am an admin and serious things in terms of programming have remained at the door of the institute. Can you advise something? can kick in the right direction? or advise
in advance thanks