diff options
| author | Vincent Deffontaines <gryzor@apache.org> | 2013-01-06 18:52:43 +0100 |
|---|---|---|
| committer | Vincent Deffontaines <gryzor@apache.org> | 2013-01-06 18:52:43 +0100 |
| commit | 5c23f52166cd5e2aa348ec9006bf137fd6bea7fb (patch) | |
| tree | 21c7013fa75ee50721ef099ce9891b56695afa7e /docs/manual/mod | |
| parent | According top my testing 'SSL_SESSION_id2sz' is 4x faster with the use 'ap_bi... (diff) | |
| download | apache2-5c23f52166cd5e2aa348ec9006bf137fd6bea7fb.tar.xz apache2-5c23f52166cd5e2aa348ec9006bf137fd6bea7fb.zip | |
Security notes about SQL injection.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1429560 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'docs/manual/mod')
| -rw-r--r-- | docs/manual/mod/mod_authn_dbd.html.en | 12 | ||||
| -rw-r--r-- | docs/manual/mod/mod_authn_dbd.xml | 10 | ||||
| -rw-r--r-- | docs/manual/mod/mod_authz_dbd.html.en | 14 | ||||
| -rw-r--r-- | docs/manual/mod/mod_authz_dbd.xml | 11 |
4 files changed, 35 insertions, 12 deletions
diff --git a/docs/manual/mod/mod_authn_dbd.html.en b/docs/manual/mod/mod_authn_dbd.html.en index c89cb1c342..996b2d1f87 100644 --- a/docs/manual/mod/mod_authn_dbd.html.en +++ b/docs/manual/mod/mod_authn_dbd.html.en @@ -141,11 +141,11 @@ configuration required in some web applications. <div class="section"> <h2><a name="security" id="security">Preventing SQL injections</a></h2> - <p>It depends on what DBD driver and backend you use. With most - drivers you don't have to do anything : the statement is prepared - by the database at startup, and user input is used only as data. - But you may need to untaint your input. At the time of writing, - the only driver that requires you to take care is FreeTDS.</p> + <p>Whether you need to care about SQL security depends on what DBD driver + and backend you use. With most drivers you don't have to do anything : + the statement is prepared by the database at startup, and user input is + used only as data. But you may need to untaint your input. At the time + of writing, the only driver that requires you to take care is FreeTDS.</p> <p>Please read <code class="module"><a href="../mod/mod_dbd.html">mod_dbd</a></code> documentation for more information about security on this scope.</p> </div> @@ -238,7 +238,7 @@ var comments_identifier = 'http://httpd.apache.org/docs/trunk/mod/mod_authn_dbd. } })(window, document); //--><!]]></script></div><div id="footer"> -<p class="apache">Copyright 2012 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="apache">Copyright 2013 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- if (typeof(prettyPrint) !== 'undefined') { prettyPrint(); diff --git a/docs/manual/mod/mod_authn_dbd.xml b/docs/manual/mod/mod_authn_dbd.xml index 7c27191426..9eda1bf208 100644 --- a/docs/manual/mod/mod_authn_dbd.xml +++ b/docs/manual/mod/mod_authn_dbd.xml @@ -123,11 +123,11 @@ configuration required in some web applications. <section id="security"> <title>Preventing SQL injections</title> - <p>It depends on what DBD driver and backend you use. With most - drivers you don't have to do anything : the statement is prepared - by the database at startup, and user input is used only as data. - But you may need to untaint your input. At the time of writing, - the only driver that requires you to take care is FreeTDS.</p> + <p>Whether you need to care about SQL security depends on what DBD driver + and backend you use. With most drivers you don't have to do anything : + the statement is prepared by the database at startup, and user input is + used only as data. But you may need to untaint your input. At the time + of writing, the only driver that requires you to take care is FreeTDS.</p> <p>Please read <module>mod_dbd</module> documentation for more information about security on this scope.</p> </section> diff --git a/docs/manual/mod/mod_authz_dbd.html.en b/docs/manual/mod/mod_authz_dbd.html.en index 9aeedb4031..8f121782c9 100644 --- a/docs/manual/mod/mod_authz_dbd.html.en +++ b/docs/manual/mod/mod_authz_dbd.html.en @@ -58,6 +58,7 @@ <li><img alt="" src="../images/down.gif" /> <a href="#login">Database Login</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#client">Client Login</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#example">Configuration example</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#security">Preventing SQL injections</a></li> </ul><h3>See also</h3> <ul class="seealso"> <li><code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code></li> @@ -151,6 +152,17 @@ DBDExptime 300 </Directory> </pre> +</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="security" id="security">Preventing SQL injections</a></h2> + + <p>Whether you need to care about SQL security depends on what DBD driver + and backend you use. With most drivers you don't have to do anything : + the statement is prepared by the database at startup, and user input is + used only as data. But you may need to untaint your input. At the time + of writing, the only driver that requires you to take care is FreeTDS.</p> + <p>Please read <code class="module"><a href="../mod/mod_dbd.html">mod_dbd</a></code> documentation for more information + about security on this scope.</p> </div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="directive-section"><h2><a name="AuthzDBDLoginToReferer" id="AuthzDBDLoginToReferer">AuthzDBDLoginToReferer</a> <a name="authzdbdlogintoreferer" id="authzdbdlogintoreferer">Directive</a></h2> @@ -263,7 +275,7 @@ var comments_identifier = 'http://httpd.apache.org/docs/trunk/mod/mod_authz_dbd. } })(window, document); //--><!]]></script></div><div id="footer"> -<p class="apache">Copyright 2012 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="apache">Copyright 2013 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- if (typeof(prettyPrint) !== 'undefined') { prettyPrint(); diff --git a/docs/manual/mod/mod_authz_dbd.xml b/docs/manual/mod/mod_authz_dbd.xml index 8b57120ea1..fa1a2bae3b 100644 --- a/docs/manual/mod/mod_authz_dbd.xml +++ b/docs/manual/mod/mod_authz_dbd.xml @@ -135,6 +135,17 @@ DBDExptime 300 </highlight> </section> +<section id="security"> +<title>Preventing SQL injections</title> + <p>Whether you need to care about SQL security depends on what DBD driver + and backend you use. With most drivers you don't have to do anything : + the statement is prepared by the database at startup, and user input is + used only as data. But you may need to untaint your input. At the time + of writing, the only driver that requires you to take care is FreeTDS.</p> + <p>Please read <module>mod_dbd</module> documentation for more information + about security on this scope.</p> +</section> + <directivesynopsis> <name>AuthzDBDQuery</name> <description>Specify the SQL Query for the required operation</description> |