We all want to own websites these days yet only minors knows how to protect themselves again threat posed by owning the website. This article might only be relevant those who own dynamic website having databases, since they are most targeted as these kind of websites hold some crucial information. SQL injection is the most used method that almost all hackers use to gain access to the website. In most cases website designer does not take security into consideration when developing website which in turn exposes their customer's data into vulnerable. Though not many people are expert when it comes to SQL server as SQL injection is more orientated to it but one not need to be expert to learn some of it commands. SQL statement such select, union, and ordered by are the most used statement in this attack.
Select from User_table_Id where name= "user" and password="anything"
The above statement if typed correctly might gain you access to username Table store in the database.
To protect your website your to limit the amount of commands or statement that can be run in your website and auto hides all tables. Unfortunately Firewalls and IDSs provide little or no protection against this attack. You need to keep you knowledge regarding security updated since more and more tricks are invented daily.
No comments:
Post a Comment