Fantasy Nimnaya (FN) - the root of sinhala cyber poets, discussions, creations, forum and communities

අන්තර්ජාලය හා සබැඳි සියල්ල - internet related => තොරතුරු තාක්ෂණ විත්ති | IT related information => Topic started by: naape on August 11, 2007, 11:33:06 PM

Title: SQL Injection Attacks
Post by: naape on August 11, 2007, 11:33:06 PM
Have you ever heard about SQL injection. We can simply change the databases which are using MySQL, SQL SERVER 2000. But I advised not to harm any database. Because the Cyber Law is here. You will have to stay in the jail for  at least 7 year. Just check these links to develop your knowledge not to harm anyone.

http://www.imperva.com/application_defense_center/glossary/sql_injection.html

http://www.unixwiz.net/techtips/sql-injection.html


Title: Re: SQL Injection Attacks
Post by: Dax on August 12, 2007, 07:44:32 PM
Have you ever heard about SQL injection. We can simply change the databases which are using MySQL, SQL SERVER 2000. But I advised not to harm any database. Because the Cyber Law is here. You will have to stay in the jail for  at least 7 year. Just check these links to develop your knowledge not to harm anyone.

http://www.imperva.com/application_defense_center/glossary/sql_injection.html

http://www.unixwiz.net/techtips/sql-injection.html




You Can do this only those sites haven't done proper validation. Now a day most web developers take this in to account. even some programming languages directly  support this validations :)
Title: Re: SQL Injection Attacks
Post by: naape on August 13, 2007, 10:44:23 PM
But still there are many vulnerabilities in SQL 2000 and MySQL, Hope Microsoft people thought to do more secure in SQL 2005. Lucky for users.
Title: Re: SQL Injection Attacks
Post by: Dax on August 14, 2007, 01:53:22 PM
Lucky For Hackers.... Hih Hih Heeee
Title: Re: SQL Injection Attacks
Post by: ~ Cerberus ~ on September 21, 2007, 06:15:23 PM
well, i agree that most of the database and development platforms has it own vulnerabilities, but then the computer security is a process, not a product, a product can be well protected today but vulnerable for a new threat tomorrow. 

SQL injection attacks are just one face of this, however, sql injection attacks can be thwarted easily by following best practices, to name a few, using parameters, bind variables, tighten up the security on the database level, (if your application just display data, it doesn't need insert,update delete on it), use stored procedures.

Some database platforms support  disabling literals, if they do, the first thing to do is to disable them.

thats my two cents..