Susceptibility to SQL Injection like Bobby Tables?

Question

Susceptibility to SQL Injection like Bobby Tables?

maphew opened this issue 2 years ago · 2 comments

Issue description

In the Known docs under installing on common hosting providers the following how-to is linked for DreamHost:
How to Install the Known platform on a Dreamhost shared server (Oct 2017)
https://www.kiaikim.com/2017/how-to-install-the-known-platform-on-a-dreamhost-shared/

Looking at other posts on the same site the author followed up with:
Surviving a Bobby Tables Attack (dated Mar 2021 but seems to describe 2018?)
https://www.kiaikim.com/2021/surviving-a-bobby-tables-attack/

Why is this important?

I didn't find any issues mentioning SQL Injection or Bobby Tables security or mitigation measures that have been taken. This leads to questions of whether Known has any protection measures against sql injection and similar issues.

Who does this affect?

Possibly everyone.

Answer 1 · 2022-12-11T02:58:52.000Z

Known uses a database library that automatically filters database queries in order to prevent SQL injection attacks. I wasn't aware of this particular post, nor am I aware of successful SQL injection attacks against Known sites. I'm investigating.

Answer 2 · 2023-10-23T21:13:46.000Z

I've established that this was not related to Known's core code or database engine. Closing the issue out.