Jafo232
09-05-2012, 05:59 PM
Here is a product I put together for vb4 (free) that some of you might find interesting. The plugin protects the plugin and template table from being hacked by using triggers and signals to authenticate a valid user.
Basically once the administrator area properly authenticates a user, it sets a secret session variable in MySQL. Unless that variable is defined, the trigger will not allow the protected tables to be altered.
Considering that I can see no reason why these tables should be modified in any way unless the user is in the admincp, I think it will help a lot with injection attacks.. Works on VB3 too:
http://www.lampwrights.com/showthread.php?p=1284#post1284
Enjoy!
Basically once the administrator area properly authenticates a user, it sets a secret session variable in MySQL. Unless that variable is defined, the trigger will not allow the protected tables to be altered.
Considering that I can see no reason why these tables should be modified in any way unless the user is in the admincp, I think it will help a lot with injection attacks.. Works on VB3 too:
http://www.lampwrights.com/showthread.php?p=1284#post1284
Enjoy!