by Caezar M
The recent slew of attacks on businesses using SQL injection from hacking groups might make it seem like top notch stuff but its suprisingly easier than it sounds. the key in SQL injection is finding web applications that are vulnerable to the injection of malicious code into the database. so after the site is used legitimately the user is usually redirected at the command of the rogue commands the hacker implemented in the system. a recent attack was one called LizaMoon that affected over 1 million web sites. and its not the administrators fault, they have little control over this. it is solely the fault of the web based application that was not properly secured. web based applications should have buffers and filters that check the input for malicious code but not all applications do. so when it reached the system level the code can do its intended purpose.
I do believe that this topic is related to database, not for the database in particular but to the developers and admins. you can only do so much as a developer to make your system meet your business needs and you only have so much control as to how it is implemented. this article goes to show that no matter how good you are and the care you take, there will always be someone who will find something wrong with it and use it against you. i think the best approach to this problem is the simplest, “prepare for the worst and hope for the best” because its not just the system on the line, its your users.
Tony Bradley. (2011, April 01). LizaMoon Attack: What You Need To Know. PCWorld. Retrieved November 07, 2011, from http://www.pcworld.com/businesscenter/article/224125/lizamoon_attack_what_you_need_to_know.html