dongzilu0178 2014-07-09 19:23
浏览 354
已采纳

MySQL上的FROM_BASE64()是否安全?

I am having some trouble here. I am building a search engine for my social debating platform, where all the user content (except sensitive data) is encoded in base64, for security purposes. While building the search engine I stumbled upon an issue; I couldn't search the user content if it was all stored in base64, obviously. Then I stumbled upon an answer here that stated that using FROM_BASE64 on the SQL query would decode and then process it. As a person who is extremely paranoid about security, my first concern was: does that function protect against any SQL Injection attacks when processing the data? Or would I need to when posting the content real_escape and then do base64 to use the function securely?

  • 写回答

1条回答 默认 最新

  • douyuai8994 2014-07-09 19:42
    关注

    short answer : as long as you dont put HTTP-data into the FROM_BASE64-query there is no need to use base64 AT ALL - but using it does no harm. If you want to put ESCAPED http-data into it you also want to check for SQL-patterns, ... many languages have certain DBM-escapement functions / libraries, you're advised to use them

    NEVER feed http-data directly into DB-functions of ANY kind without escaping it.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?