Sql injection, DOT NET Programming

What is SQl injection?

This is a Form of attack on the  database-driven Web site in which the attacker executes the unauthorized SQL commands by taking merits of insecure code on a system connected to the Internet, or bypassing the firewall. The SQL injection attacks are always used to steal the information from a database from which the data would normally not be available and/or to gain access to an organization's host computers through the computer which is hosting the database.

The SQL injection attacks typically are simple to avoid by ensuring that a system has strong input validation.

As the name suggest we inject SQL which can be relatively dangerous for the database.

For Example this is a simple SQL

SELECT email, passwd, login_id, full_name

 FROM members

WHERE email = 'x'

Now someone does not put "x" as the input but puts "x ; DROP TABLE members;". So the actual SQL which will execute is :-

SELECT email, passwd, login_id, full_name

 FROM members

 WHERE email = 'x' ; DROP TABLE members;

Posted Date: 9/24/2012 3:22:41 AM | Location : United States







Related Discussions:- Sql injection, Assignment Help, Ask Question on Sql injection, Get Answer, Expert's Help, Sql injection Discussions

Write discussion on Sql injection
Your posts are moderated
Related Questions
What are the four workflow principles? According to Microsoft, there are four main principles that define the behavior and working of workflows. Developers can use these princi

Project Description: I am seeking software that can do the subsequent: 1. Check position for a URL in Google, Bing, Yahoo. 2. Check position for a Youtube video in Youtube

What is Extensible Markup Language (XML). XML is an easy and flexible mark-up language in the text format. Nowadays, it is widely used to exchange a large variety of data over

Update present website backend (asp.NET) as well as build Rest API to expose data I will soon build an HTML5 cross-platform mobile app. I previously have a website with a backen

UDP Based, Data Transfer Server/ Client in .NET C# Project Description: We require the Network Level Functionalities (NLFs) of a Server/ Client for transferring data among tw

How can we perform transactions in .NET? The common sequence of steps that would be performed for developing a transactional application is as follows: 1)In the first step o

The ASP.NET provides two namespaces. The first is System.WEB.mailmessage class and the second is System.Web.Mail.Smtpmail class.

What is Data Independence? Data independence means that "the application is independent of the storage structure and access method of data". In other words, the ability to cha

In What scenarios you use a DOM parser and SAX parser? 1) If you do not require all the data from the XML file then SAX approach is most preferred than DOM as DOM can quiet mem

current available topics on computer graphics