SQL Poison{2}

by Jasmine C
This article was about how a Microsoft web-based site was attacked with an SQL injection.  An advertising site in the U.K., by the name of Autoweb, was attacked with a SQL injection that left the site extremely vulnerable.  With a single line of code,  about half a million pages were affected, the sites content was overwritten and it was knocked offline. IT staff were able to originate the IP address to China and block them. The good thing for Autoweb was that they did a daily backup, so after they were able to block the IP address, they returned to their clean data.  Autoweb contained both, their web application and their database on the same server and this was a problem because to be able to protect the database, the web application also had to be protected and vice versa.  As a result of this attack, traffic and ranking has decreased but hopefully after some changes Autoweb can regain their status.

People have to be careful to protect their database because as the article pointed out, when using SQL just one line of code can cause havoc.  SQL is going to be a major topic for our class. For project 2, we are starting to use of MS SQL Server and by reading different articles, we as a class will be able to prepare ourselves to the different possibilities at our disposal. By using SQL, we have another way to manage our data.  I’m curious to see the various ways we’ll will be using SQL.


Messmer, E. (2008). Dealing with sql injection attacks. Network World,25(18), 14. Retrieved February 12, 2012, from http://0-web.ebscohost.com.opac.library.csupomona.edu/ehost/pdfviewer/pdfviewer?sid=00fcb01f-d8eb-4db3-ae63-979dbc954748%40sessionmgr14&vid=2&hid=12