Shulou(Shulou.com)05/31 Report--

What this article shares to you is about the length restrictions of MySQL columns, which the editor thinks is very practical, so I share it with you to learn. I hope you can get something after reading this article.

How to query super-long SQL

Max_packet_size

This thing is used to limit the length of mysql client and server communication packets. For example, if a query is "select*fromuserwhere1", then the length is only a few dozen bytes, so it will not exceed the limit. In most cases, it is difficult to exceed the default limit of 1m for mysql (as you can imagine, the 1m SQL statement is still very long). By the way, after reading this article, I finally understand the reason why I failed to insert data with PEARDB's INSERT, probably because the data length exceeded the standard. For MySQL, if the size of the query MySQL string exceeds this limit, mysql will not perform any query operations

If it is possible for visitors to control your sql length, your program may be attacked. What are the situations in which visitors may control the length of the sql, such as searches that do not limit the length of keywords. It is also possible that if your program wants to enable the user's login as a log, in short, where ultra-long sql queries are involved, you must carefully check your sql to prevent the query from becoming invalid. But to be honest, I don't think this is a big problem. Database administrators can also set the max_packet_size length of MySQL, or make a length judgment when dealing with SQL queries that may be too long.

What are the length limits of MySQL columns

This is the focus of the article. MySQL for the inserted string, if the length exceeds the limit of the data table, MySQL will intercept the previous part of the MySQL string and insert it into the database without reporting the error to the web program. For careless programmers, this problem may lead to program vulnerabilities, in fact, the current wordpress has a lot of restrictions, through this vulnerability attack should not have any effect. Here are some assumptions made by the original author. It is quite easy to obtain a site user name if these conditions are met at the same time. Fortunately, the current wordpress is unlikely to meet the following conditions at the same time:

The web application allows users to register (an open registration wordpress meets this condition)

The user name of the super administrator is known, such as admin, which makes it easy for attackers to find targets (poor wordpress is also satisfied)

MySQL uses the default configuration (it is estimated that most of them are satisfied)

When registering a new user, the program does not limit the length of the user name (I have tested it, and wordpress is satisfied)

The user name is limited to 16 characters (this has nothing to do with the above, just a convenient example)

Here's how the attacker attacked:

First of all, the attacker registers with a known super administrator id such as admin, then the program will use the

(show/hide) plaintext

SELECT*FROMuserWHEREusername='admin'

To check whether the ID already exists, if so, this does not allow registration, of course, the attacker's attempt to register the admin will certainly fail

But if the attacker registers with admin X (there are 11 or more spaces between admin and x), according to the above judgment, since adminx does not exist in the database, of course it can be registered successfully. In fact, previous versions of wordpress2.6.1 can do so. Because the column length is limited to 16 characters, the x at the end is truncated. So now there are two identical user admin in the database. (narrator: too bad, then not all my programs have to be modified. It's not necessary, all you have to do is set ID to UNIQUE, so the following questions have nothing to do with you.)

When the attacker continues, the attacker successfully registers the user name admin, and then the attacker logs in to the account management with admin and his own password (wordpress cannot log in even if registered). Since the real admin account is registered before the attacker admin, it is very likely that the information displayed on the account information page is the real admin information, including password prompt and email, etc. At this point, the attacker can make any changes to the admin information, including password and password recovery.

So, when you write a web program, should you check whether your program has such vulnerabilities?

These are the length restrictions of MySQL columns, and the editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.