当前位置:网站首页>05. Security of blog project
05. Security of blog project
2022-07-06 05:22:00 【John is orange】
Security of blog project
SQL Inject : Steal database content
XSS attack : Steal the front end cookie Content
Password encryption : Protect the information security of users
Add
- server There are many ways to attack the client , In case there are many means
- This article talks about common 、 Can pass web server (nodejs) Level preventive
- Some attacks require hardware and services to support ( need OP Support ), Such as DDOS
1. SQL Inject
- The most primitive 、 The simplest attack , Since then web2.0 And then there is SQL Injection attack
- attacks : Enter a SQL fragment , Finally spliced into a piece of attack code
- Preventive measures : Use MySQL Of escape Function handles the input
For example, login verification now , It is executed after string splicing SQL Statement to achieve :
const {
exec } = require("../db/mysql");
const login = (username, password) => {
const sql = ` select username, realname from users where username = '${
username}' and password = '${
password}'; `;
return exec(sql).then((rows) => {
return rows[0] || {
};
});
};
module.exports = {
login,
};
SQL Statements such as :
select username, realname from users where username = 'zhangsan' and password = '123456';
Password free user
But if the user name entered is zhangsan ' -- , Then annotate the following statement , Even if the password is wrong, you can use zhangsan Login to .
select username, realname from users where username = 'zhangsan' -- ' and password = '123456';
Delete library
If someone's user name is zhangsan';delect from users; -- , The consequences are more serious , The direct database is completely deleted .
select username, realname from users where username = 'zhangsan';delect from users; -- ' and password = '123456';
resolvent
Use escape characters . Escaping sensitive symbols can avoid this problem .mysql The library provides mysql.escape Method , Used to escape content :
// controller/user.js
const {
exec, escape } = require("../db/mysql");
const login = (username, password) => {
username = escape(username);
password = escape(password);
const sql = ` select username, realname from users where username = ${
username} and password = ${
password}; `;
console.log(sql);
return exec(sql).then((rows) => {
return rows[0] || {
};
});
};
module.exports = {
login,
};
After the escape SQL The statement is as follows :
select username, realname from users where username = 'zhangsan \' --' and password = '123';
username The whole sheet is wrapped in quotation marks , The single quotation mark inside will be escaped , Therefore, it will not affect the query .
2. XSS attack
The most familiar attack method on the front end , but server The end should master
attacks : Mix js Code , To get web information
Preventive measures : Transformation generation js Special characters for
2.1 XSS Attack Demo
When I publish my blog, I enter the following content :
After successful creation, jump to the management center , because HTML Directly embedded in script Script , So will execute alert(document.cookie). So the transfer will generate script Script symbols are an effective way .
2.2 The prevention of XSS attack
Install third party libraries :
yarn add xss
Usage and the above escape Escape is very similar , Just wrap the string that needs to be escaped .
// controller/blog.js
const newBlog = (blogData = {
}) => {
// blogData Is a blog object , contain title、content、author attribute
blogData = {
...blogData,
createTime: Date.now(),
id: 3, // Indicates a new blog , Inserted into the data table id
};
const {
title, content, author, createTime } = blogData;
const sql = ` insert into blogs (title, content, createTime, author) values ('${
xss(title)}', '${
xss(content)}', ${
createTime}, '${
author}');`;
return exec(sql).then((insertData) => {
// promise Returns the inserted value corresponding to id
return {
id: insertData.insertId,
};
});
};
Realization effect :
After the escape SQL The statement is as follows :
insert into blogs (title, content, createTime, author)
values
('<script>alert(document.cookie)</script>', '123', 1655309413840, 'zhangsan');
But in some places, the escape symbol may not escape , For example, the article details page :
This kind of content needs to be handled by the front end rather than the back end .
3. Password encryption
- In case the database is broken by users , The last thing you should disclose is user information
- attacks : Get user name and password , Try logging into other systems
- Preventive measures : Encrypt the password , Even if you get the password, you don't know the plaintext
Encryption process :
First introduced node Self contained
cryptomodularconst crypto = require("crypto");stay utils New file in folder , Write the relevant logic of password encryption , Then get the encrypted content through this method , Then modify the original plaintext password in the database .
Of course, this step is unreasonable , But without the function of registration and password modification, there is no way .
const crypto = require("crypto"); // secret key const SECRET_KEY = "kfdsjl_742938#"; // md5 Encrypted content const md5 = (content) => { // The output becomes 16 Base number return crypto.createHash("md5").update(content).digest("hex"); }; // Encryption function const genPassword = (password) => { const str = `password=${ password}&key=${ SECRET_KEY}`; return md5(str); }; module.exports = { genPassword, };When logging in, the password is encrypted and queried , Because now the encrypted content is stored in the database .
// controller/user.js const { exec, escape } = require("../db/mysql"); const { genPassword } = require("../utils/cryp"); const login = (username, password) => { username = escape(username); // Generate encrypted password password = genPassword(password); password = escape(password); const sql = ` select username, realname from users where username = ${ username} and password = ${ password}; `; return exec(sql).then((rows) => { return rows[0] || { }; }); }; module.exports = { login, };
4. flow chart
- Handle http Interface
- Connect to database
- To realize the login
- Security
- journal
- go online
边栏推荐
- UCF (2022 summer team competition I)
- [effective Objective-C] - memory management
- Steady, 35K, byte business data analysis post
- 图数据库ONgDB Release v-1.0.3
- 改善Jpopup以实现动态控制disable
- [leetcode daily question] number of enclaves
- Cuda11.1 online installation
- Microblogging hot search stock selection strategy
- JS quick start (II)
- Configuration file converted from Excel to Lua
猜你喜欢
Nacos TC setup of highly available Seata (02)
JS quick start (II)
F12 solve the problem that web pages cannot be copied
02. Develop data storage of blog project
TCP three handshakes you need to know
Easy to understand I2C protocol
Hyperledger Fabric2. Some basic concepts of X (1)
idea一键导包
无代码六月大事件|2022无代码探索者大会即将召开;AI增强型无代码工具推出...
Codeforces Round #804 (Div. 2) Editorial(A-B)
随机推荐
Postman pre script - global variables and environment variables
[classic example] binary tree recursive structure classic topic collection @ binary tree
Hyperledger Fabric2. Some basic concepts of X (1)
浅谈镜头滤镜的类型及作用
MySQL if and ifnull use
Hometown 20 years later (primary school exercises)
Yyds dry inventory SSH Remote Connection introduction
Detailed summary of SQL injection
03. 开发博客项目之登录
GAMES202-WebGL中shader的编译和连接(了解向)
Implementing fuzzy query with dataframe
Cve-2019-11043 (PHP Remote Code Execution Vulnerability)
Vulhub vulnerability recurrence 72_ uWSGI
C Advanced - data storage (Part 1)
ByteDance program yuan teaches you how to brush algorithm questions: I'm not afraid of the interviewer tearing the code
Mysql高级篇学习总结9:创建索引、删除索引、降序索引、隐藏索引
The ECU of 21 Audi q5l 45tfsi brushes is upgraded to master special adjustment, and the horsepower is safely and stably increased to 305 horsepower
Realize a binary read-write address book
Cuda11.1 online installation
【云原生】3.1 Kubernetes平台安装KubeSpher