Sql injection, DOT NET Programming

What is SQl injection?

This is a Form of attack on the  database-driven Web site in which the attacker executes the unauthorized SQL commands by taking merits of insecure code on a system connected to the Internet, or bypassing the firewall. The SQL injection attacks are always used to steal the information from a database from which the data would normally not be available and/or to gain access to an organization's host computers through the computer which is hosting the database.

The SQL injection attacks typically are simple to avoid by ensuring that a system has strong input validation.

As the name suggest we inject SQL which can be relatively dangerous for the database.

For Example this is a simple SQL

SELECT email, passwd, login_id, full_name

 FROM members

WHERE email = 'x'

Now someone does not put "x" as the input but puts "x ; DROP TABLE members;". So the actual SQL which will execute is :-

SELECT email, passwd, login_id, full_name

 FROM members

 WHERE email = 'x' ; DROP TABLE members;

Posted Date: 9/24/2012 3:22:41 AM | Location : United States







Related Discussions:- Sql injection, Assignment Help, Ask Question on Sql injection, Get Answer, Expert's Help, Sql injection Discussions

Write discussion on Sql injection
Your posts are moderated
Related Questions
Name the classes that are introduced in the System.Numerics namespace. The following two new classes are introduced in the System.Numerics namespace:  BigInteger - Refers

What is a class? A class explains all the attributes of objects, as well as the methods that execute the behavior of member objects. It is a comprehensive data type, which show

The project aims at converting a rough hand drawn diagram to a neat diagram. Is it a good project for B.Tech level?Please tell how to go about it??

JIT compiler is the part of the runtime execution environment. In Microsoft .NET there are three types  of JIT compilers are available: 1) Pre-JIT :- The Pre-JIT compiles the co



What are the improvements made in CAS in .NET 4.0? The CAS mechanism in .NET is used to control and configure the ability of managed code. Previously, as this policy was applic

Could not find any resources appropriate for the specified culture or the neutral culture. Make sure "Textilepro.frmLogin.resources" was correctly embedded or linked into assembly

What is CTS and CLS? => CLS stands for common language specification where as CTS stands for common type system. => CLS : cls is a standard for .net . cls is small set of sp

What Is The Difference Between ViewState and SessionState? View State persist the values of controls of certain page in the client (browser) when post back operation done. When