What the heck is
SQL Injection !?
It is some kind of application level attacks that targets
SQL database servers. It is one variant of
code injection attacks that depends on inserting malformed data in forms inputs via web pages. The importance of application level attacks, especially SQL injection is that they need nothing but a web page written in
ASP,
PHP, ...etc. installed on
Apache or
IIS web server even if that server is hardenend and installed behind a very robust
firewall. Here is a good article I found on SQL Injection, and hope that you may find it useful.
the real problem with SQL injection is the user, the webmaster and the admin can't do anything about it, only the application developer can.
ReplyDeleteYou are so right Alaa, ok the Webmaster can add some Javascript routines in his page to validate the user's input. However this cannot guarantee anything as the attacker can injects whatever she wants from the command line, or even make her own page on her server and makes it be submitted to the victim-server.
ReplyDeleteAlso Microsoft claims that ASP.Net is immune to such attack, but I really not sure of that.
This is really important information. I had no clue about SQL injections before reading your post. Now I am thinking they are very harmful for our SQL database servers. I want to explore more about them. Thanks for this information.
ReplyDelete