Sql injection, DOT NET Programming

What is SQl injection?

This is a Form of attack on the  database-driven Web site in which the attacker executes the unauthorized SQL commands by taking merits of insecure code on a system connected to the Internet, or bypassing the firewall. The SQL injection attacks are always used to steal the information from a database from which the data would normally not be available and/or to gain access to an organization's host computers through the computer which is hosting the database.

The SQL injection attacks typically are simple to avoid by ensuring that a system has strong input validation.

As the name suggest we inject SQL which can be relatively dangerous for the database.

For Example this is a simple SQL

SELECT email, passwd, login_id, full_name

 FROM members

WHERE email = 'x'

Now someone does not put "x" as the input but puts "x ; DROP TABLE members;". So the actual SQL which will execute is :-

SELECT email, passwd, login_id, full_name

 FROM members

 WHERE email = 'x' ; DROP TABLE members;

Posted Date: 9/24/2012 3:22:41 AM | Location : United States







Related Discussions:- Sql injection, Assignment Help, Ask Question on Sql injection, Get Answer, Expert's Help, Sql injection Discussions

Write discussion on Sql injection
Your posts are moderated
Related Questions
A CRM based on .net and Oracle as backend with import data, Transaction Reporting and management Capabilities Project Description: 1. Introduction ADA recovery Branch gets

What is Unicode? In order to understand the concept of Unicode we require  to move a little back and understand the ANSI code. The ASCII (ask key) stands for American Standard

How object pooling in .NET is done COM+ reduces overhead by creating object from scratch. Thus  in COM+ when object is activated its activated from pool and when its deactivate

Assembly: 1) Assembly is a unit of deployment such as EXE or a DLL. 2) An assembly consists one or more files (dlls, exe's, html files etc.),& represents a group of resources,

Write a XML with database with book details (BOOK ID, Title, Author, subject, published Year, language, vendor, price)

I am seeking asp.net developers, and will raise depends on skills and work, we are a web development firm in mexico and i want full time developers that can focus 100 percent my pr

Help with making a wrapper in c# for ffmpeg to extract audio from video

Need Report Generation in SQL / .NET Project Description: Prepare a report generation web page by pulling information from an SQL Database. Filter parameters per report :

Explain Compare Validator and Range Validator Compare Validator uses Control To Validate, Control To Compare and operator properties to compare a control's value with another

I need a POS like openbravo Project Description: i want a POS like openbravo in .net with sql azure and c#. Must be designed also for touch screen.  Web platform Also m