Suspekt… » Blog Archive » MySQL and SQL Column Truncation Vulnerabilities
When user input is not checked for its length SQL Column Truncation Vulnerabilities can arise. “SQL Column Truncation Vulnerability” is the name I use to describe security problems arising from overlong input that is truncated during insertion in the database. By default MySQL will truncate strings longer than the defined maximum column width and only emit a warning. Those warnings are usually not seen by web applications and therefore not handled at all. In MySQL the sql_mode STRICT_ALL_TABLES can be activated to turn these warnings into errors but applications will run most of the time on servers that run in the default mode and even if an application uses the stricter sql_mode it should not produce this error in the first place. Therefore a length check is required.
To understand why the truncation on insert can lead to security problems imagine the following application.
* The application is a forum where new users can register
* The administrator’s name is known e.g. ‘admin’
* MySQL is used in the default mode
* There is no application restriction on the length of new user names
* The database column username is limited to 16 characters
No comments yet
Leave a reply
