diff options
| author | Thomas Vanbesien <tvanbesi@proton.me> | 2026-03-30 15:43:25 +0200 |
|---|---|---|
| committer | Thomas Vanbesien <tvanbesi@proton.me> | 2026-03-30 15:43:25 +0200 |
| commit | 95d4f3101ad8c0636616fa821956c8d8213bd26a (patch) | |
| tree | c1b502e7a630e26531ba7ec08112b3b35f83a933 | |
| parent | 72475069fdf75f094a8606dcf29a65af344e0108 (diff) | |
| download | darkly-master.tar.gz darkly-master.zip | |
| -rw-r--r-- | SQL injection 1/Resources/notes.md | 1 | ||||
| -rw-r--r-- | SQL injection 2/Resources/notes.md | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/SQL injection 1/Resources/notes.md b/SQL injection 1/Resources/notes.md index 3292f86..7151223 100644 --- a/SQL injection 1/Resources/notes.md +++ b/SQL injection 1/Resources/notes.md @@ -31,3 +31,4 @@ - Don't show SQL errors on the front-end because it gives attackers clues about the database and the queries that can be used to exploit them - Don't include untrusted, unfiltered and/or unsanitized input into a SQL query +- Give the least amount of privileges to database users (for example, they should not be able to read meta information tables like `information_schema` etc) diff --git a/SQL injection 2/Resources/notes.md b/SQL injection 2/Resources/notes.md index 282802f..fb7c96e 100644 --- a/SQL injection 2/Resources/notes.md +++ b/SQL injection 2/Resources/notes.md @@ -26,3 +26,4 @@ - Don't show SQL errors on the front-end because it gives attackers clues about the database and the queries that can be used to exploit them - Don't include untrusted, unfiltered and/or unsanitized input into a SQL query +- Give the least amount of privileges to database users (for example, they should not be able to read meta information tables like `information_schema` etc) |