22:58
Unknown
It is a form of attack on a database-driven Web site in which the attacker executes unauthorized SQL commands by taking advantage of insecure code on a system connected to the Internet, bypassing the firewall. SQL injection attacks are used to steal information from a database from which the data would normally not be available and gain access to an organization's host computers through the computer that is hosting the database.
SQL injection attacks typically are easy to avoid by ensuring that a system has strong input validation.
As name suggests we inject SQL which can be relatively dangerous for the database. Example this is a simple SQL
SELECT email, passwd, login_id, full_name FROM members WHERE email = 'x'
Now somebody does not put "x" as the input but puts "x ; DROP TABLE members;". So the actual SQL which will execute is :-
SELECT email, passwd, login_id, full_name FROM membere WHERE email = 'x' ; DROP TABLE members;
Think what will happen to your database if the above SQL statement is executed.
SQL injection attacks typically are easy to avoid by ensuring that a system has strong input validation.
As name suggests we inject SQL which can be relatively dangerous for the database. Example this is a simple SQL
SELECT email, passwd, login_id, full_name FROM members WHERE email = 'x'
Now somebody does not put "x" as the input but puts "x ; DROP TABLE members;". So the actual SQL which will execute is :-
SELECT email, passwd, login_id, full_name FROM membere WHERE email = 'x' ; DROP TABLE members;
Think what will happen to your database if the above SQL statement is executed.
0 comments:
Post a Comment