Are You Going to Start Your Website? Be Prepared Against SQL Injection Attacks Keyword Discovery
Get our FREE SEO Guide
Subscribe to our newsletter to receive useful SEO tips, tricks, strategies, free ebooks that are available only to our subscribers and get this amazing SEO guide for free!

Your email is safe and will NEVER be shared with any other parties. And of course, you can unsubscribe at any time.

Name:
Email:
Check Google Pagerank
Domain Typo Generator  
Google Pagerank Prediction
Google ban check  
Link Popularity Checker
Keyword Suggestion Tool
Keyword Misspelling  
Search engine ranking report
Number of pages indexed
Alexa Rank Checker

SEO Elite - #1 SEO Software

Who Else Wants To Finally Get A #1 Google Ranking In As Little As 7 Days... And Drive A Minimum Of 789 Unique Visitors To Your Websites Per Day?

Find IP address of a website
Find host by IP
HTTP Headers Check
International WHOIS
IP to country
Ping test
Server Status Check
What is my IP ?
Your browser details  

Keyword suggestion PHP Script

This script allow you to search for relevant keywords based on your website's main keyword

Only $9.95
HTML Optimizer
HTML Source Viewer
Link Extractor
Search engine spider simulator
Meta tags Generator
Meta tags Extractor
Website speed test

Coming soon ...

Affiliate Marketing
Anti Spam
Blogging
Copywriting
Domain Names
Ebay Tips and Tricks
E-Books
E Commerce
Email Marketing
Google Adsense
Hardware
Internet
Internet Connections
Internet Marketing
Internet Security
Link Popularity
Newsletters
Online Promotion
Personal Tech
Podcasting
Pay Per Click
RSS
Search Engine Optimization
Search Engines
Software
Streaming Media
Traffic Building and Analysis
VoIP
Web Hosting
Web Design
Web Development
Webmaster Tips

Self SEO Store  
SEO forum
Website templates
Flash templates
Best hosting reviews.
Free Internet & IT Magazines.
Articles archive

Submit your article

Register
Login

Search
XML news feeds
Free RSS news reader
Contact


AddThis Feed Button

Are You Going to Start Your Website? Be Prepared Against SQL Injection Attacks

Posted by Kannan Balakrishnan on: 2006-06-14 18:54:25
Self SEO > Internet Security Articles


Rajesh came to me running. He was desperate. "What happened?" I asked. "All is lost and I do not know what has happened!!" he replied. When pressed he told me the whole story.


He had just started his web based home business. It was running smoothly and he was the only one user who had administrative privileges. But one day he found that all the tables were erased. He suspected an accident and replaced them. But it repeated. "I do not know what to do and why it happens!" he lamented. Have you given the admin password to anybody? I asked. "No". He replied. Also I have changed the admin password thrice. But it is of no use. He said.

I promised to explore his problem. After examining the login page I found that His code is susceptible to SQL injection attack!! Anybody could remove data from his tables by this.

But what is SQL injection attack? For that one must first understand what is SQL. When you develop a web site, naturally you would use a database and the database typically stores data in the form of tables. To search for a particular item, you have to query the database. Modern DBMS use a standardized language for this. This query language is called an SQL.

So when a user logs in to the system he supplies his log in name and password. In order to verify whether the password is correct an SQL query is invoked which searches the corresponding table to see whether the user name and password are correct.

What does a malicious user do? He inserts his own SQL commands in the password field such that the system executes that also. The result? Anything the bad user wants. It may be getting unnecessary information, destroying the databases as happened in the case of Rajesh, or even unauthorized access.

So what is the solution? One must design the web site in order to prevent such attacks. Tighten your security to see such attacks do not occur. The important measures to do this are:

1. Check any input given by the users for suspicious characters or words.

2. Use least privileges in the database.

3. Avoid the use of SQL generated at run time.

Many articles on SQL injection are available on the net.

"Stop SQL Injection Attacks Before They Stop You" by Paul Litwin in the September 2004 issue of the MSDN magazine is a good example.

Kannan Balakrishnan is a budding Indian writer. He continuously writes on a variety of topics like website design, computer science, self improvement etc. Now he maintains a blog http://www.wbforu.blogspot.com entirely devoted to web business.You can also mail him for consultancy at kannanb@post.com



Blogging to the Bank

How A Work Shy College Dropout Cracked The Secret Code To Become A Super Affiliate Earning Up To $516.53 Per Day On Autopilot Using Free Blogs!

Now It's Your Chance To Get The Exact Step-By-Step Blueprint To Become A Blogging Super Affiliate In Just 30 Days...Even If You've Never Earned A Single Cent Online!



Print this article    Tell a friend
Related Articles

Are You at Risk for Identity Theft? Learn How to Protect Yourself
Are You Surfing Safe?
What is Hacking? Are You a Hacker?
Are You Safe Ordering Online?

Post New Comment

This site does not allow anonymous comments. Registered members can login to participate. Registration is free and takes only a few seconds


Powered by Esselbach Storyteller CMS System Version 1.7-Free