SQL Injection and Protection
Sandesh K R|
Active In SP
Joined: Mar 2010
06-04-2010, 12:44 PM
I need the information regarding SQL injection and protection . Please if any one has the report or ppt or else any info regarding this topic please post it...
please help me out its really very urgent .. i am trying to find out info regarding this but not able to fetch more ...
Active In SP
Joined: Apr 2010
07-04-2010, 01:10 AM
SQL injection attack
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.
Forms of vulnerability
Incorrectly filtered escape characters: occurs when user input is not filtered for escape characters and is then passed into an SQL statement which results in the potential manipulation of the statements performed on the database by the end user of the application.
Incorrect type handling:
It occurs when a user supplied field is not strongly typed or is not checked for type constraints.
Vulnerabilities inside the database server:
vulnerabilities that can exist within the database server software itself, would allow an attacker to perform a successful SQL injection attack based on bad Unicode characters even if the user's input is being escaped.
Blind SQL injection:
It is is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker.
Preventing SQL injection
The main defense is user input must not directly be embedded in SQL statements. user input must be carefully escaped or filtered or parameterized statements must be used.
for more details, refer:
A Classification of SQL Injection Attacks.pdf (Size: 132.92 KB / Downloads: 60)
Use Search at http://topicideas.net/search.php wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion