Linux Today: Linux News On Internet Time.

More on LinuxToday

10 Ways to Prevent or Mitigate SQL Injection Attacks

Feb 24, 2010, 17:33 (1 Talkback[s])
(Other stories by Paul Rubens)


Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers

""Failure to Preserve SQL Query Structure (aka 'SQL Injection')" appears at number 2 in the CWE/SANS TOP 25 Most Dangerous Programming Errors list published on February 16. And for good reason: SQL injection attacks pose a massive potential threat to your organization. That's because, if successful, they could allow hackers to compromise your network, access and destroy your data, and take control of your machines.

"What Is SQL Injection?

"The principal behind SQL injection is pretty simple. When an application takes user data as an input, there is an opportunity for a malicious user to enter carefully crafted data that causes the input to be interpreted as part of a SQL query instead of data.

"For example, imagine this line of code:

SELECT * FROM Users WHERE Username='$username' AND Password='$password'

Complete Story

Related Stories: