tag:blogger.com,1999:blog-3689516124953269065.post8261768465235502393..comments2024-02-22T22:49:34.294+09:00Comments on 徳丸浩の日記: Column SQL Truncation脆弱性にご用心ockeghemhttp://www.blogger.com/profile/13465836435601518769noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-3689516124953269065.post-49385697300777036572015-06-11T11:08:34.143+09:002015-06-11T11:08:34.143+09:00以下のように、sql_mode 設定すれば問題がないようです。
tokuhirom:~/ $ my...以下のように、sql_mode 設定すれば問題がないようです。<br /><br />tokuhirom:~/ $ mysql -uroot tokumaru [11:05:32]<br />Welcome to the MySQL monitor. Commands end with ; or \g.<br />Your MySQL connection id is 789<br />Server version: 5.6.25 MySQL Community Server (GPL)<br /><br />Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.<br /><br />Oracle is a registered trademark of Oracle Corporation and/or its<br />affiliates. Other names may be trademarks of their respective<br />owners.<br /><br />Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br /><br />mysql> CREATE TABLE users (<br /> -> id int NOT NULL AUTO_INCREMENT, /* 内部ID */<br /> -> username varchar(8) NOT NULL, /* ログイン名 */<br /> -> password varchar(64) NOT NULL, /* パスワードのSHA-1ハッシュ値 */<br /> -> super boolean NOT NULL, /* 管理者フラグ */<br /> -> PRIMARY KEY (id)<br /> -> ) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1;<br />Query OK, 0 rows affected (0.02 sec)<br /><br />mysql> INSERT INTO users VALUES(NULL, 'admin', SHA1('ax8z!hz6'), true);<br />Query OK, 1 row affected (0.02 sec)<br /><br />mysql> SET SESSION sql_mode='TRADITIONAL';<br />Query OK, 0 rows affected (0.00 sec)<br /><br />mysql> SET autocommit=0;<br />Query OK, 0 rows affected (0.00 sec)<br /><br />mysql> SELECT * FROM users WHERE username='admin x';<br />Empty set (0.00 sec)<br /><br />mysql> INSERT INTO users VALUES(NULL, 'admin x', SHA1('123456'), false);<br />ERROR 1406 (22001): Data too long for column 'username' at row 1<br />tokuhiromhttps://www.blogger.com/profile/04109582850469968595noreply@blogger.com