ShoutBox
Welcome Guest, login to shout.
ShoutBox Rules, Read Before Posting.
[02-10, 4:07 PM] Chris
: I have edited the announcement for Style/Module Hosting. This will clarify our standing against licensing.
[02-10, 11:31 AM] Chris
: I would like to remind everyone who wants to make a module or style for Azer CMS that we do offer hosting for you.
[01-19, 1:48 PM] System
: [SALE] Stop by the Azer CMS Store and save 15% on your favorite styles today!

Join Date: Jun 08, 2016
Location:
Posts: 2
How secure is AzerCMS?
Posted 06-10-16, at 11:14 AM.

Please Register or Login to remove ads.

Hi there,

I noticed that AzerCMS does not use PDO to sanitize SQL Queries before sending them. Doesn't this possess a security risk? As whole, how secure is the CMS? What steps are taken to secure it? Thanks!
Join Date: Jul 07, 2012
Location: Azer CMS
Posts: 1148
How secure is AzerCMS?
Posted 06-11-16, at 7:52 PM.
The CMS uses several functions to protect against SQL Injections. The functions differ depending on the query, for example when it comes to Username(s) and Password(s), the CMS uses the following function:

Username & Password

function clean($value)
{
$_CLEAN = preg_replace("/[^A-Za-z0-9]/", "", $value);

if(empty($_CLEAN))
{
return FALSE;
}
else
{
return $_CLEAN;
}
}

The function as seen above, allows only alphanumeric characters.
Join Date: Jun 08, 2016
Location:
Posts: 2
How secure is AzerCMS?
Posted 06-11-16, at 9:30 PM.
That's a way to sanitize the query. However, just out of curiosity, is there any reason you didn't go with PDO seeing as it does this sort of thing automatically?
Join Date: Jul 07, 2012
Location: Azer CMS
Posts: 1148
How secure is AzerCMS?
Posted 06-16-16, at 5:14 PM.
There was no real reason to use PDO, and PDO is still subject to SQL injections unless handled properly.

^ Advertise Here.