zoukankan      html  css  js  c++  java
  • Database Security: Database Vulnerability

    Security breaches are an increasing phenomenon.

    As more and more databases are made accessible via the Internet and web-based applications, their exposure to security threats will rise.

    The objective is to reduce susceptibility to these threats.

    Perhaps the most publicized database application vulnerability has been the SQL injection.

    SQL injections provide excellent examples for discussing security as they embody one of the most important database security issues, risks inherent to non-validated user input.

    SQL injections can happen when SQL statements are dynamically created using user input.

    The threat occurs when users enter malicious code that ‘tricks’ the database into executing unintended commands.

    The vulnerability occurs primarily because of the features of the SQL language that allow such things as embedding comments using double hyphens (- -), concatenating SQL statements separated by semicolons, and the ability to query metadata from database data dictionaries.

    The solution to stopping an SQL injection is input validation.

    SQL injections can be prevented by validating user input.

    Three approaches are commonly used to address query string validation: using a black list, using a white list, or implementing parameterized queries.

    The black list parses the input string comparing each character to a predefined list of non-allowed characters. The disadvantage to using a black list is that many special characters can be legitimate but will be rejected using this approach. The common example is the use of the apostrophe in a last name such as O’Hare.

    The white list approach is similar except that each character is compared to a list of allowable characters. The approach is preferred but special considerations have to be made when validating the single quote.

    Parameterized queries use internally defined parameters to fill in a previously prepared SQL statement.

    The importance of input validation cannot be overstated. It is one of the primary defense mechanisms for preventing database vulnerabilities including SQL injections.

  • 相关阅读:
    kuangbin专题 专题二 搜索进阶 Escape HDU
    kuangbin专题 专题二 搜索进阶 哈密顿绕行世界问题 HDU
    kuangbin专题 专题一 简单搜索 Find a way HDU
    kuangbin专题 专题一 简单搜索 非常可乐 HDU
    kuangbin专题 专题一 简单搜索 Oil Deposits HDU
    kuangbin专题 专题一 简单搜索 迷宫问题 POJ
    Java FileWriter类
    如何将多行中的文本连接成SQL服务器中的单个文本字符串String?
    fread (File input/output) – C 中文开发手册
    ASP.NET Table 控件
  • 原文地址:https://www.cnblogs.com/hbuwyg/p/11031422.html
Copyright © 2011-2022 走看看