MySQL Connector C ++ cgi程序像php一样容易受到MySQL注入的攻击吗? [英] Is MySQL Connector C++ cgi program vulnerable to MySQL injection just like php is?

问题描述

我正在使用 C ++ 编写 cgi 程序.它允许用户在网站上注册他们的信息并登录.我担心安全.通常，当使用 php 接收表单时，MySQL容易受到MySQL注入的攻击.我正在使用 MySQL Connector/C ++ API.

I am making a cgi program using C++. It allows users to register their information on the website and also login. I am worried about security. Normally, MySQL is vulnerable to MySQL injection when using php to receive form. I am using the MySQL Connector/C++ API.

使用 C ++ 时， MySQL注入的方法在 cgi 程序上是否有效? C ++ cgi 程序是否仍然易受攻击对 MySQL注入?

When using C++, does the method of MySQL injection work on cgi programs? Is the C++ cgi program still vulnerable to MySQL injection?

我知道 cgi 程序有其自身的安全问题，例如缓冲区溢出，但我想了解的是 MySQL安全性.

I know that cgi programs has their own security problems such as buffer overflow but I am asking about MySQL security.

推荐答案

是的，SQL注入与语言无关. C ++也容易受到c ++注入的攻击.实际上，这取决于查询数据库所使用的逻辑，而不是语言.

Yes exactly SQL Injection is not language dependent. C++ is also vulnerable to c++ Injection. It actually depend to on the logic you use for querying the database not the language.

要防止SQL注入，您需要遵循的方法很少.

For preventing from SQL injection you have few methods to follow.

主要防御措施:

Option #1: Use of Prepared Statements (Parameterized Queries)
Option #2: Use of Stored Procedures
Option #3: Escaping all User Supplied Input

其他防御措施:

Also Enforce: Least Privilege
Also Perform: White List Input Validation

您可以参考这些链接以获取更多详细信息. https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet 是C ++ OTL SQL数据库引擎库在后台使用参数化查询还是字符串concat?

you can refer these links for further details. https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet Is C++ OTL SQL database library using parameterized queries under the hood, or string concat?

这篇关于MySQL Connector C ++ cgi程序像php一样容易受到MySQL注入的攻击吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！