Go Back   TechArena Community > Software > Software Development
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Thread Tools Search this Thread
Old 04-12-2008
Join Date: May 2008
Posts: 21
How to protect SQL injection attack

The only way to prevent these attacks is at the level of programming. If it is well done, they are normally allowed. So ... what are the rules of programming
to take into account?
  1. First, avoid using an account with all the powers necessary to execute your sql server if possible.
  2. Remove features you do not like : master .. xp_cmdshell, and in general all those starting with "master .. xp".
  3. Check user input such as text fields. Also make sure the numbers are expected with many numbers as a function IsNumeric () for example.
  4. Check the settings of URLs that are added.
  5. Use the characters and functions such as exhaust addslashes () in PHP (even the characteristics of the function) and in general the documentation of your web programming languages for more info. This will prevent such user input of the character 'in escaping with a slash its predecessor.
  6. You can also prevent a general sequence of entries some users such as ";", "insert", "select", "/ /", "-" and so on.
  7. Attention to limit the number of characters that a user can enter a text field, as this may well complicate her task.
  8. Finally, careful what you put in cookies, as a password (even encrypt in md5) is quickly circumvented by an attack of this type. And thereafter the replacement of this value in the cookie to the attacker avoids an attack type brute force, so it is a nice gift.
Reply With Quote

  TechArena Community > Software > Software Development
Tags: ,

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads for: "How to protect SQL injection attack"
Thread Thread Starter Forum Replies Last Post
wormhole attack and simulating blackhole attack in ns-2 mANICKAVASAN Networking & Security 9 02-02-2012 12:16 AM
How to do DLL injection logic Thenral Software Development 5 27-06-2011 10:30 AM
SQL Injection ramsun Software Development 3 07-12-2009 09:18 AM
XML injection in a SOAP request Logan.M Software Development 4 30-04-2009 11:30 PM

All times are GMT +5.5. The time now is 01:29 AM.