Hello everybody
I am here today, to ask you if you could suggest which package do you think, i should download and install?
I had the previous packages IntegraMOD140, for almost a year, i worked very hard on that website, and yesterday i found out that the site was hacked, and the DB was destroyed, everything was wiped out.
Now is Integramod vulnerable? never had this before.
the classic method they used to hack into my website, SQL injection
let me give you some examples if i may
for instance instead of using something like this (In Java)
Connection con = (acquire Connection)
Statement stmt = con.createStatement();
ResultSet rset = stmt.executeQuery("SELECT * FROM users WHERE name = '" + userName + "';");
it would be wiser to use something like this. (java)
Connection con = (acquire Connection)
PreparedStatement pstmt = con.prepareStatement("SELECT * FROM users WHERE name = ?");
pstmt.setString(1, userName);
ResultSet rset = pstmt.executeQuery();
(in php)
$query = $sql->prepare("select * from users where name = ?");
$query->execute($user_name);
because by using the ""+ that can give the hacker the name of a table, i.e user.table etc.. and the hacker could extract lot more information and finally he can or they can access and inject the DB, and create something
like (remember these are just examples)
SELECT * FROM users WHERE name = 'a';DROP TABLE users; SELECT * FROM data WHERE name LIKE '%';
they can use almost any caractere to exctract data.
Just a thought, so please which of the packages would you suggest i should install, one that you guys think is safe enough?
Thank you all for the good work (nobody and nothing is a 100% safe)