most of us use serverside scripting for validation. But many of us are unaware of a risk. our site may be vulnerable to an attack called SQL injection, which may cause damage to our data,may spoil our site, or even insert unwanted or dangerous data in it.
Most programmers doing web design are not familiar with this type of attack and performs lazy coding. The aim of this brief article is to give a non technical overview of this peril.
SQL stands for Structured Query Language andis used to retrive data from the tables. Often the Sql is dynamically generated using user input.For example , if you want to validate a user yo will write an SQL query which verify the username and password by checking with a table in the database. But what if a user gives input such that this dynamically generated query deletes all your tables?
What should be done to avoid this?Basically two things can be done.firstly restrict the user priviliges on the database. Two check user input for any suspicious or unwanted charcaters and strings.
Coding standards should be implemented so that the danger cannot occur.
There are many technical articles available which deals with coding examples and securtiy principles involved. Also many language or database specific techniques are availble. you may visit my blog http:wbforu.blogspot.com for a detailed list of resources.
Tags: web design, databases, aim, programmers, design web, risk, backend, search facility, scripting, peril, validation
This article is free for republishing
Source: http://www.articlealley.com/article_92143_4.html
Source: http://www.articlealley.com/article_92143_4.html