开发者

How can I prevent form variable names from revealing the database structure?

I'm in the early phases of working on a web application, and I've reached a point where I want to make the best choice about a particular security concern. At the moment, all fields found within HTML forms are named after the database column that they are representing. So, for example, if in the database I have a field named "email", then the form field will be called "email" as well. This makes it easier for my generic code to handle forms, but I naturally see one major problem with such names: They can give potential hackers insight into how my database is structured, just from viewing the source.

The main solution I've thought of involves encrypting field names so that client never has the real ones. A server-side key would be used to do the encryption. I am, however, concerned that this approach may complicate things too much. For example:

  • I may find myself having to use POSTs more often, as the encrypted text might be longer than the original - pushing the limits of GET when many fields and their data are present.
  • Frequent encrypt/decrypt calls might lead to performance issues down the line. I did not test this yet, so it could end up being negligible.
  • Non-AJAX GETs can't use this approach without looking really cryptic.

So, I'm wondering what you guys think about this. Am I over-thinking it, or am I on the right track? Is there a better way to handle it?

By the way, I'm also aware that a field name like "email" doesn't offer much information to the developer (why not txtEmail, or so开发者_如何学Cmething like that?). I'm looking to see if there's a good naming convention that I can adopt, as it might help with the above problem.


If anyone can gain access to your DB via SQL injection or any other method, your schema can be revealed with one query so there is no point in trying to obscure it. If you feel you have to do security by obscurity, you're not doing something else right.

If your application is secured, then it doesn't matter if a potential attacker thinks they know your schema or not. They can't do anything with the information.

I'd spend less time trying to obscure your database (which will only frustrate you and your developers) and more time trying to lock down your application against potential injection attacks.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜