I have a simple security question which I just can’t find the answer to.
Basically I want to order a table after a certain column. They way I do this is by using an anchor with two extra segments. At the moment I’m using the actual column name in one of the segment, the column I want to order, but here I started thinking.
Is this the way to handle it? Well to me it does seem like a huge security risk by giving people access to some of my column names in one of my tables. But on the other hand I will of course escape everything so they won’t get any access to do anything. Unfortunately I’m not almighty so I might do something wrong and I’m back to the security risk 😉
So how do I do this? Should I use other kinds of names, like numbers, which I later convert back to the column name. Or is my way okey?
Oh forgot to say, I’m working in php with codeigniter!
Security by obscurity is no security.
A ton of websites use open source php application which database tables and columns are known. And I don’t recall this being very useful during attacks against websites. If you have a SQL injection problem you should not care about the fact your users know your table structures, you better remove the SQL injection point.