> -----Original Message----- > From: Michael Shadle [mailto:mike503@xxxxxxxxx] > Sent: Wednesday, June 23, 2010 1:07 AM > To: Tommy Pham > Cc: php-general@xxxxxxxxxxxxx > Subject: Re: $_SERVER['REMOTE_ADDR'] and sql injection > > On Wed, Jun 23, 2010 at 1:01 AM, Tommy Pham <tommyhp2@xxxxxxxxx> > wrote: > > > If you're going to implement this, then it's better to implement the > conversion in the backend DB (via SP or UDF). So you can always use MySQL > query browser or the command line to run queries or other methods > depending on your access to the DB, especially if you need to find that > malicious IP address quickly ;) > > -1 for complicating mysql setups :) Just an afterthought scenario: You got a skilled hacker using multiple (compromised) systems or spoofing multiple IPs. This would naturally and easily bypass your firewall. The web server(s) are overloaded with the phony requests. What are you going to do to get the source of the problem and how are you going to analyze the problem? Are you going to have some kind of reporting on your app, which is already being overloaded with w/ phony requests? Or are you going to access the DB directly to analyze the access logs and compare the incoming requests to analyze the IPs and/or requested URLs? Thus, I see 2 choices: "-1 for complicating mysql setups" (-1 for complicating the app+code - which is not very useful at this point) + face to palm for not being able to get IP address(es) quickly enough ... tough call :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
