Magento Expert Forum - Improve your Magento experience

Results 1 to 14 of 14

How to Secure Magento Against SQL Injections

  1. #1
    [ Contributor ] Wajid Hussain's Avatar
    Join Date
    Nov 2014
    Posts
    206
    Thanks
    3
    Thanked 11 Times in 9 Posts

    Default How to Secure Magento Against SQL Injections

    We have all heard and witnessed that Magento comes with some predefined tools which are intended to secure your store from SQL injections. Yet the security researchers have found some vulnerabilities, which can potentially cause harm.

    What is the nature of the Attack?


    The vulnerability consists of compromising a chain of liability which allows malicious injections and unauthenticated attacker to execute random PHP/SQL codes on E-commerce websites. In layman’s terms, this allows the attacker to bypass all your security mechanism, then get the access to your store and the whole database. It lets the attacker then create a new admin account in your existing one, or lets them access and steal critical information like credit card etc. There are many other harmful things that SQL injections can cause to your Ecommerce business and your store’s customers. What is of more concern is the fact that this attack is not limited to any specific plugin or theme. It is present at the core Magento and it ends up affecting any default installation of community and enterprise editions both.

    Read Complete Tutorial Here: http://arpatech.com/blog/how-to-secu...ql-injections/

    View more threads in the same category:


  2. The Following User Says Thank You to Wajid Hussain For This Useful Post:

    infigic (03-10-2017)

  3. #2
    Junior Member
    Join Date
    Dec 2016
    Posts
    77
    Thanks
    1
    Thanked 1 Time in 1 Post

    Default

    Thanks for sharing. It will useful for me

  4. #3
    New member
    Join Date
    May 2017
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Thanks for explaining about the nature of the Attack, it helps me understand more about it and know how to secure Magento against SQL injections.
    192.168 1.1

  5. #4
    Junior Member
    Join Date
    Feb 2017
    Posts
    18
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Thanks for your post! Through your pen I found the problem up interesting! I believe there are many other people who are interested in them just like me! How long does it take to complete this article? I have read through other blogs, but they are cumbersome and confusing. I hope you continue to have such quality articles to share with everyone!
    vex 3

  6. #5
    Junior Member
    Join Date
    Feb 2017
    Posts
    18
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Thanks for your article! I have read through some similar topics! However, your post has given me a very special impression, unlike other posts. I hope you continue to have valuable articles like this or more to share with everyone!
    io games

  7. #6
    Junior Member
    Join Date
    Sep 2016
    Posts
    180
    Thanks
    0
    Thanked 2 Times in 2 Posts

    Default

    Unauthenticated user or any attacker who can exploit the vulnerability and run the arbitrary PHP/SQL code on your Magento store to have full access to your store’s complete database and also any sensitive customer information needs to be taken care of immediately! Because unless and until your Magento website is patched, it is sadly vulnerable and can be exploited by offenders.


    Delhi To Manali Volvo Bus Booking

  8. #7
    New member
    Join Date
    Jul 2017
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Great post! I am actually getting ready to across this information, is very helpful my friend. Also great blog here with all of the valuable information you have. Keep up the good work you are doing here.
    slither io

  9. #8
    Junior Member
    Join Date
    Feb 2017
    Posts
    18
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    I think there are many other people who are interested in them just like me! How long does it take to complete this article? I have read through other blogs, but they are cumbersome and confusing. I hope you continue to have such quality articles to share! Good luck!
    vex 3

  10. #9
    New member nicova's Avatar
    Join Date
    Jan 2018
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    This post is really giving me exciting information. There is something new which is related to my hobby. This post is considerable use for me. Thanks for sharing it.
    hooda | abcya | brainpop

  11. #10
    New member
    Join Date
    Mar 2018
    Posts
    6
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Default

    Thanks for sharing information about it. I really like that. Thanks so lot for your convene.
    * gta 5 cheats

  12. #11
    New member
    Join Date
    Mar 2018
    Location
    Minneapolis
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Thanks for helpful tutorial.

    Alice
    https://proweb365.com/magento-web-design/

  13. #12
    New member
    Join Date
    Mar 2018
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    It was so good to read and useful to improve my knowledge as updated one.Thanks to Sharing.
    Abinitio Online Training | Hadoop Online Training | Cognos Online Training

  14. #13
    Junior Member
    Join Date
    Sep 2016
    Posts
    335
    Thanks
    0
    Thanked 2 Times in 2 Posts

    Default

    You don't need any special techniques or tools or frameworks or firewalls to defend against SQL Injections. The most effective way to protect a database from SQL injection and most other data security risks is to use a data base abstraction layer. Ensuring security as close to the data as possible is often a good idea.

  15. #14
    Junior Member petershene's Avatar
    Join Date
    Aug 2017
    Location
    South Africa
    Posts
    49
    Thanks
    3
    Thanked 1 Time in 1 Post

    Default

    So you standard salt and dash method with php encryption would not work with magneto application ? Is it written in another programming language or am i missing something.? The standard methods used in php are enough anybody who can by pass those as a hacker are determined enough to bypass most other non governmental encrypt-ions in time.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •