Some time ago I had hardened 's authentication system to provide extra security checks at the database layer using column-level security and stored procedures.

Now that I'm modifying the authentication flow on the website a bit to add the dictionary check, I realized that I can't introduce a major vulnerability even if I wanted to - the database model won't let me.

The hardening was to protect against SQL injection, but turned out to be useful beyond that. :blobcataww:


inb4 I still manage to screw this up somehow.

Sign in to participate in the conversation

Welcome to your niu world ! We are a cute and loving international community O(≧▽≦)O !