SQL Injections

by Claudia J
The article that I picked this week was a peer reviewed called “Preventing SQL injection attacks in stored procedures.” The author talks about that an SQL injection attack mainly targets interactive web applications that use database services which accept user inputs and use them to form SQL statements at runtime. It also says that an SQL injection attack the attacker usually provides malicious SQL queries segments that cause the database to result in different requests.
From what I understood from the author is that it results hard to avoid this type of attacks. It mentions that one way is to examining dynamic SQL query semantics at runtime but is not 100% secure that will not get SQL injection attacks. The author proposes a novel technique to defend against the attacks targeted at stored procedures where application analysis with runtime validation will help to eliminate the occurrence of such attacks.
The authors go in depth on other types of queries we can use to help prevent SQL injections. SQL injection is a very common technique hackers use to attack underlying databases by altering the programs behavior. This article is good because it connects to the class content specially right now that we are in the middle of a project and working with SQL queries. It gives us an insight of the type of vulnerabilities that are out there when programming. It is important to try to make sensitive files of our databases “hard” to find to make it harder for hackers to get into our system.
Wei, K, Muthuprasanna, Suraij. (2006) Preventing SQL injection attacks in stored procedures. MIS Quarterly, PP 1-8. Retrieved November 11, 2012. http://0-ieeexplore.ieee.org.opac.library.csupomona.edu/stamp/stamp.jsp?tp=&arnumber=1615052&tag=1

One thought on “SQL Injections

  • November 11, 2012 at 11:52 pm

    I also did a similar blog about SQL injections, but it focused more on how to detect and prevent those attacks. Creating these tools to prevent these attacks seems like a good field to work on since it is so crucial to keep the web application safe and secure. I read in another article that there are certain principles to follow to protect yourself from SQL injection. It said to never trust user input, never use dynamic SQL, never connect to a database using an admin-level account, don’t store secrets in plain text, and exceptions should divulge minimal information.

Comments are closed.