Author Topic: SQL Injection Attacks  (Read 3474 times)

0 Members and 1 Guest are viewing this topic.

Offline naape

  • ලොකු ලමයි LokuLamai
  • ****
  • Posts: 377
  • Gender: Male
SQL Injection Attacks
« on: August 11, 2007, 11:33:06 PM »
Advertisement
Have you ever heard about SQL injection. We can simply change the databases which are using MySQL, SQL SERVER 2000. But I advised not to harm any database. Because the Cyber Law is here. You will have to stay in the jail for  at least 7 year. Just check these links to develop your knowledge not to harm anyone.

http://www.imperva.com/application_defense_center/glossary/sql_injection.html

http://www.unixwiz.net/techtips/sql-injection.html



Offline Dax

  • මද්දුමයෝ Maddumayo
  • ***
  • Posts: 74
  • Gender: Male
  • Dax De Original
    • http://www.downloads.sinhalaya.com
Re: SQL Injection Attacks
« Reply #1 on: August 12, 2007, 07:44:32 PM »
Have you ever heard about SQL injection. We can simply change the databases which are using MySQL, SQL SERVER 2000. But I advised not to harm any database. Because the Cyber Law is here. You will have to stay in the jail for  at least 7 year. Just check these links to develop your knowledge not to harm anyone.

http://www.imperva.com/application_defense_center/glossary/sql_injection.html

http://www.unixwiz.net/techtips/sql-injection.html




You Can do this only those sites haven't done proper validation. Now a day most web developers take this in to account. even some programming languages directly  support this validations :)
Dax Alias Pluto.. (The lonely planet)

Offline naape

  • ලොකු ලමයි LokuLamai
  • ****
  • Posts: 377
  • Gender: Male
Re: SQL Injection Attacks
« Reply #2 on: August 13, 2007, 10:44:23 PM »
But still there are many vulnerabilities in SQL 2000 and MySQL, Hope Microsoft people thought to do more secure in SQL 2005. Lucky for users.

Offline Dax

  • මද්දුමයෝ Maddumayo
  • ***
  • Posts: 74
  • Gender: Male
  • Dax De Original
    • http://www.downloads.sinhalaya.com
Re: SQL Injection Attacks
« Reply #3 on: August 14, 2007, 01:53:22 PM »
Lucky For Hackers.... Hih Hih Heeee
Dax Alias Pluto.. (The lonely planet)

Offline ~ Cerberus ~

  • බඩපිස්සෝ BadaPisso
  • **
  • Posts: 16
Re: SQL Injection Attacks
« Reply #4 on: September 21, 2007, 06:15:23 PM »
well, i agree that most of the database and development platforms has it own vulnerabilities, but then the computer security is a process, not a product, a product can be well protected today but vulnerable for a new threat tomorrow. 

SQL injection attacks are just one face of this, however, sql injection attacks can be thwarted easily by following best practices, to name a few, using parameters, bind variables, tighten up the security on the database level, (if your application just display data, it doesn't need insert,update delete on it), use stored procedures.

Some database platforms support  disabling literals, if they do, the first thing to do is to disable them.

thats my two cents..
« Last Edit: September 21, 2007, 07:28:01 PM by Cerberus »
"Duct tape is like the force. It has a light side, a dark side, and it holds the world together."