Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Request Opinions on MySQL User Authentication

 
Jim NMI Robinson
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there a safe way to authenticate a MySQL user through jsp?
If I construct a query like so:
String query = "SELECT user, password FROM user WHERE user=\"" + username + "\" AND password = PASSWORD(\"" + password + "\")";
then a potential evildoer can get in by filling in fields thus:
username = validUser" OR "1=1
password = any_password_here
so the String that goes to MySQL is:
"SELECT user, password FROM user WHERE user="validUser" OR "1=1" AND password = PASSWORD("any_old_password")";
This authenticates just fine with any old password, even a blank password.
So I constructed my query like so:
if(username != null && !username.equals("null") && !username.equals("")) {
if(password != null && !password.equals("null") && !password.equals("")) {
String query = "SELECT * FROM user WHERE (password=PASSWORD(\"" + password + "\")) AND (user=\"" + username + "\")";
}
}
The String sent to MySQL is now:
"SELECT * FROM user WHERE (password=PASSWORD("any_old_password")) AND (user="validUser" OR "1=1")"
This will not authenticate unless the password is valid (at least not that I've found yet!)
Can anybody see a problem with this? If so, is there a better way to authenticate a MySQL user?
Thanks all!
jim
 
Jason Steele
Ranch Hand
Posts: 100
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you wrapped the original statement in parens then you should be ok.
"SELECT user, password FROM user WHERE user="validUser" OR "1=1" AND password = PASSWORD("any_old_password")";

should be:
"SELECT user, password FROM user WHERE (user="validUser" OR "1=1") AND (password = PASSWORD("any_old_password"))";
Anyhow, Validating the user input is always welcomed before bothering the server with potentially malicious query attempts.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic