I've noticed on our site a few instances where a script or bot has attempted to do some SQL injection attacks. What I'd like to do is have it so that when something or someone searches for a specific keyword like NULL or '); etc... it will force them to solve a hard captcha. Can you advise how I could potentially implement this?
Add a recaptcha if certain search terms are triggered
Geschrieben: 02 June 2020 - 14:07
sql injections are prevented by default.
If you like to check an users search input, you can have an action filter which gets called whenever an user enters and submits his search request.
You could have for example a SearchActionFilter inherited from an IActionFilter and have your context result cast back to SearchResultModel.
filterContext.Result > (Partial)ViewResult > result.Model > SearchResultModel
You then need to registar this new action filter within your dependency registrar. Something like this:
Take a look at AmazonPay Plugin filter and dependencyRegistrar for a use case.
Since, there is a difference between InstantSearch and normal Search, you will need to have 2 registrations. One for Search and one for InstantSearch action. Take a look at SearchController actions.
When done correctly, your filter gets called whenever those actions would execute.
- stefanmueller gefällt das