Are you looking for my non-technical blog?

This is now my technical-only blog, my non-technical blog is here.

26 August 2005

SQL Injection

What the heck is SQL Injection !? It is some kind of application level attacks that targets SQL database servers. It is one variant of code injection attacks that depends on inserting malformed data in forms inputs via web pages. The importance of application level attacks, especially SQL injection is that they need nothing but a web page written in ASP, PHP, ...etc. installed on Apache or IIS web server even if that server is hardenend and installed behind a very robust firewall. Here is a good article I found on SQL Injection, and hope that you may find it useful.