Sql injection, DOT NET Programming

What is SQl injection?

This is a Form of attack on the  database-driven Web site in which the attacker executes the unauthorized SQL commands by taking merits of insecure code on a system connected to the Internet, or bypassing the firewall. The SQL injection attacks are always used to steal the information from a database from which the data would normally not be available and/or to gain access to an organization's host computers through the computer which is hosting the database.

The SQL injection attacks typically are simple to avoid by ensuring that a system has strong input validation.

As the name suggest we inject SQL which can be relatively dangerous for the database.

For Example this is a simple SQL

SELECT email, passwd, login_id, full_name

 FROM members

WHERE email = 'x'

Now someone does not put "x" as the input but puts "x ; DROP TABLE members;". So the actual SQL which will execute is :-

SELECT email, passwd, login_id, full_name

 FROM members

 WHERE email = 'x' ; DROP TABLE members;

Posted Date: 9/24/2012 3:22:41 AM | Location : United States







Related Discussions:- Sql injection, Assignment Help, Ask Question on Sql injection, Get Answer, Expert's Help, Sql injection Discussions

Write discussion on Sql injection
Your posts are moderated
Related Questions
I need a Custom Report - Crystal Reports Project Description: I am seeking a custom report for our syrinx hire software, all reports are made from Crystal Reports. Skills

Explain ExpandoObject and DynamicObject classes. The ExpandoObject class refers to a class whose members can be explicitly added and removed at runtime. In other words, the Exp

I need help in Web application that will run stand alone in IIS (MS SQL) 2 activities / Tasks Code web user management module (create user, assign license, simple authorizati

Develop PC Cleaner Software Project Description: We are seeking experienced developer who can develop Registry Cleaner / PC Cleaner software for us. Software should be like c

What is XML? Extensible markup language (XML) is all about describing the data. Below is a XML which describes an invoice data. Shoes   12 10

How do we access view state value of the page in the next page? The View state is page specific; it contains information about controls embedded at the particular page. ASP.NET

What is garbage collection? Explain the difference among garbage collections in .NET 4.0 and earlier versions. Garbage collection stops memory leaks during execution of pro

I need very easy project in metatrader Project Description: I have 3 indicators.... ADX, emas crossover and macd crossover! They are all signals, arrows! But i would like to

Normal 0 false false false EN-IN X-NONE X-NONE MicrosoftInternetExplorer4

Are you available to discuss about my project. I'd like you to show first and then accept the project provided if we both agree to continue with each other. Skills required: