Block SQL Injection
Cliff Wells
cliff at develix.com
Thu Apr 21 00:22:50 MSD 2011
On Wed, 2011-04-20 at 13:05 -0400, jacppe wrote:
> Hi all. Anybody know how can I block some characters for avoid SQL
> Injection using Nginx as web server o HTTP reverse-proxy?
> Thanks a lot.
You can't really, unless you write a custom module. Rewrite rules won't
help since they don't deal with the POST body. There may be some filter
module I'm unaware of that could do it, but I'd still suggest you don't.
It's much better to simply use software written by moderately capable
developers. SQL-injection is so trivial to avoid at the application
level that it's borderline unforgivable to find it in a modern web app.
Regards,
Cliff
More information about the nginx
mailing list