FaceBook Applications?

[Louis Roulet]

Hi

I am working with an application for social networking sites for FaceBook. While testing that applications from tester, we found that it is possible to change the prices of things and get them at free of cost. I have discussed this issue with several web developers and they say, I need to create database tables read only, but I am pretty new to this field so not sure how do execute this.

[Rozanne]

If they are tapping weakness in your code, then probably your need take advice from those developers who are specialized in social networking sites applications. You just need to ensure that application users cannot be succeed by using SQL injection attacks, but for practice you need to use all those methods to test your application. I would recommend you to browse few sites whose are dedicated to social networking sites application security.

[Louis Roulet]

Alright, but how can I set tables to read only, as I am newish to database. Also I've had a look, but cannot find how to do this?

[Rozanne]

You can set up through suitable use of user permissions that is GRANT whatever permissions are required. You should check the MySQL manual for security permissions. There you will find lot of tweaks and tricks.

However, as I said earlier mostly they can be doing this via SQL injections so you should create a certain code that doesn't allow such kind of attacks, but that is coding issues for particular application. So that is the reason I recommended you to search social networking sites applications advice.