by Claudia J
The article that I picked this week was a peer reviewed called “Preventing SQL injection attacks in stored procedures.” The author talks about that an SQL injection attack mainly targets interactive web applications that use database services which accept user inputs and use them to form SQL statements at runtime. It also says that an SQL injection attack the attacker usually provides malicious SQL queries segments that cause the database to result in different requests.
From what I understood from the author is that it results hard to avoid this type of attacks. It mentions that one way is to examining dynamic SQL query semantics at runtime but is not 100% secure that will not get SQL injection attacks. The author proposes a novel technique to defend against the attacks targeted at stored procedures where application analysis with runtime validation will help to eliminate the occurrence of such attacks.
The authors go in depth on other types of queries we can use to help prevent SQL injections. SQL injection is a very common technique hackers use to attack underlying databases by altering the programs behavior. This article is good because it connects to the class content specially right now that we are in the middle of a project and working with SQL queries. It gives us an insight of the type of vulnerabilities that are out there when programming. It is important to try to make sensitive files of our databases “hard” to find to make it harder for hackers to get into our system.
Wei, K, Muthuprasanna, Suraij. (2006) Preventing SQL injection attacks in stored procedures. MIS Quarterly, PP 1-8. Retrieved November 11, 2012. http://0-ieeexplore.ieee.org.opac.library.csupomona.edu/stamp/stamp.jsp?tp=&arnumber=1615052&tag=1
by Claudia J