SQL Attack on the Internet

by Tuyen H

http://t2.gstatic.com/images?q=tbn:ANd9GcSGZmPQ9WiNRTvdmCmv9y9fwB0DgJUUO_P-g6NPfUKzL-CVUJay

Since the Internet has been developed, the WEB becomes popular in every day of human lives. People use the Internet for working, study, entertainment, shopping, and business transaction. The database becomes a part of the Internet especially for interactive websites. Unfortunately, the Internet computer viruses and computer attacks also has been increased. In the article “A database protection system aiming at SQL attack” the authors mention about the most popular virus is SQL attack. Hackers use Structured Query Language (SQL) attack the database of the website to alter, update, or delete the data. Because SQL language is very mature, so it easy to attack all platforms such as Windows, Apple, Unix or Linux. Therefore, preventing SQL attack is very important. Today, we use the Intrusion Detection System (IDS) to prevent the SQL attack; however, this method slows down the system. The authors introduce a new technique which takes place between the web server and the database server instead of the web application server and Internet. According to the author, this method “provides further defense, with a lower rate of false positives and false negatives.” Finally, this database protection controls the data crossing through the web server and the database, so it does not affect to the web performing.

This article related to our class topic because when we build a dynamic and interactive website, it is very important to think about the security of the website along with its performing. I think the authors’ method is very helpful because it protects our data from outside attack without any false positives, false negatives and the lack of real-time response issues.

This article makes me think about the Cloud Computing technique. This database protection fulfills the disadvantage of Cloud Computing which lack security and control data. If we combine those ideas together, we can build a stronger Cloud Computing Information System.

Deng Liwu; Xu Ruzhi; Jiang Lizheng; Lv Guangjuan; , “A Database Protection System Aiming at SQL Attack,” Information Assurance and Security, 2009. IAS ’09. Fifth International Conference on , vol.1, no., pp.655-657, 18-20 Aug. 2009 doi: 10.1109/IAS.2009.322 URL: http://0-ieeexplore.ieee.org.opac.library.csupomona.edu/stamp/stamp.jsp?tp=&arnumber=5283112&isnumber=5282964