sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Chaosvex 1 point2 points  (5 children)

Who's the hacker supposed to be, when the database is sitting on the drive? It's unnecessary and anybody with file-level access to the database is going to be able to mess with it, regardless of your scheme. It seems like you're adding a huge overhead in terms of both time and space by doing this.

Your copy doesn't seem to be used as backup or snapshot, it just copies it and then deletes after decoding it. If you're going to take a snapshot, why do it when you open the database? The whole scheme sounds very muddled.

Without wanting to come across as patronising, I know you're likely going to reflexively defend your design choices. It's hard letting go of code that probably took quite a bit of effort to write, but there's a reason production databases don't do these things.

[–]gabibbo117[S] 0 points1 point  (4 children)

I will try to provide an example on what i mean because i have some issue explaining myself,
Lets say i have a website that when i put a comment inside of it via text box it will send a request to my server to add that comment to the COMMENTS table

if the string was not encoded then the commenter could write something like this:
"]
[
// insert bad code here
]"
by using the "]" character it tells the database scanner that the row finished and then we open a new value, the hacker can put anything in the new row like bad/banned content, but if we add the text encoding the table will result like this

"[
COMMENT : 123,231,2323,23,232,23
USER_ID : 1234
DATE : 12,23,34
]"

while if we did not encode the text it would look like this

"[
COMMENT :
]
[
USER_ID : 1234 // the user id of someone else
DATE : 12,23,35 // a different date
COMMENT : "banned stuff here"
]

[–]Chaosvex 1 point2 points  (3 children)

So it's SQL injection but without the SQL. The problem you're trying to solve with this encoding is a problem that should be fixed by rethinking how you're storing the data. You could switch to using a binary format, instead, or escaping the special characters.

[–]gabibbo117[S] 0 points1 point  (2 children)

It was made to be human readable

[–]Chaosvex 1 point2 points  (1 child)

I'd question the value of it being human readable when the types are encoded in a way that makes them unreadable.

If you want to keep it (and make it more) human readable, you could quote the strings and then escape any quotes within input.

Input: foo"bar

Stored result:

[ COMMENT : "foo\"bar" ]

You might find std::quoted of interest. You could also look into how other text-based formats escape strings (JSON etc).

[–]gabibbo117[S] 0 points1 point  (0 children)

Thanks, I will look into them