0

I am making a cgi program using C++. It allows users to register their information on the website and also login. I am worried about security. Normally, MySQL is vulnerable to MySQL injection when using php to receive form. I am using the MySQL Connector/C++ API.

When using C++, does the method of MySQL injection work on cgi programs? Is the C++ cgi program still vulnerable to MySQL injection?

I know that cgi programs has their own security problems such as buffer overflow but I am asking about MySQL security.

Programmer
  • 121,791
  • 22
  • 236
  • 328
  • 1
    I'm afraid the answer is Yes. Since c++ are not popular on website programming, it does have as many exposures as php. But you still need santinize your values before passing them to SQL., Even you use parameterized queries. – Tim3880 May 25 '15 at 05:48

1 Answers1

1

Yes exactly SQL Injection is not language dependent. C++ is also vulnerable to c++ Injection. It actually depend to on the logic you use for querying the database not the language.

For preventing from SQL injection you have few methods to follow.

Primary Defenses:

Option #1: Use of Prepared Statements (Parameterized Queries)
Option #2: Use of Stored Procedures
Option #3: Escaping all User Supplied Input

Additional Defenses:

Also Enforce: Least Privilege
Also Perform: White List Input Validation

you can refer these links for further details. https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet Is C++ OTL SQL database library using parameterized queries under the hood, or string concat?

Community
  • 1
  • 1
smali
  • 4,687
  • 7
  • 38
  • 60