by Tuyen H
We are living in the Internet era with many of internet applications. We all use the Internet everyday to communicate with our family, friends, school, banks, business, and government. Wherever we connect our information is stored on organization database. Therefore, protecting database becomes very critical. In the article “The Database Protection System against SQL Attacks” the authors analyze the principles of SQL attacks, and introduce the visiting process based on the client/server model. The authors also classify the SQL Attack into three main forms such as bypassing authentication, making key operations of the database, and executing system commands of the database. The protection system against SQL attacks has following key methods:
• Filtering illegal characters, to prevent an attacker to modify the meaning of SQL commands. If you don’t check, it will be some damage.
• Trying to execute the query with a stored procedure.
• Restricting user privileges, we limit the implementation of high-privileged SQL statement for users who don’t have corresponded privilege.
• Checking the number of records returned by the query, and if it does not match with the expected results, the query fails.
This article related to our class topic because it talks about the Structured Query Language (SQL). This article helps readers understand how hackers use SQL language to attack the database. It also provides the ideas how to prevent SQL attack. In my opinion, protection database is really important because it is the brain of the business, organization, and government.
I am working on the database field, so I understand how important of data security. Nowadays, we use our mobile device to access our database, so the opportunities for hackers attacking our database are very high. Understanding how SQL attack process will help us prevent it attacks our database.
Yi Yan; Su Zhengyuan; Dai Zucheng; , “The database protection system against SQL attacks,” Computer Research and Development (ICCRD), 2011 3rd International Conference on , vol.3, no., pp.99-102, 11-13 March 2011