Imagine the names of the columns in my database table as follows:
id | username | password | email | confirmed
----------------------------------------------
All attribute name values are equal to the columns of their name table:
<input type="text" name="username">
<input type="password" name="password">
<input type="email" name="email">
Does this type of naming affect database/data security?
nope
That said, it can certainly increase the chances of a bot trying to guess usernames and passwords against your site. Not a data security threat itself, but an automated attack vector.
Do you mean via sql injection?
No, I mean by someone creating a bot that spiders across the internet and says âGo to Website 1, check for the existence of a âusernameâ field. If found, attack this website, otherwise, go to website 2.â
If I named my username field âflowerofrosesâ, increased chance that my site gets ignored.
Same theory as to why using âpassword1234â as a password is a really bad idea.
So your opinion is not to use the field of the same name?
But open source projects such as cms or frameworks like WordPress all have public tables. Everyone knows the names of its database fields, except for certain people who have changed the names of tables and columns or added prefixes.
last question:
You gave an example of a bot above.
But I only have the sql injection method in mind to attack. Does the robot have another scenario to attack the database?
I apologize in advance for prolonging the question.
Thanks.
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.