A lot of SQL queries function behind our everyday use, be it on Facebook, Twitter, Gmail or university result. The information that we enter in the web pages or web apps are taken and put into SQL queries to fetch our resutls. The simplest that anyone understands is their username and password for a specific online service. Okay, good. But what if someone passes some tricky input to those fields in order to mess up the system or just by mistake. If there is strong validation in presentation layer (in the user front-end itself), then user will be notified about the wrong/undesirable input, and what if there's no stringent validation?
This is SQL injection when the user allegedly tries to trick the system by passing in on tricky, cautiously and intelligently formed inputs, that tend to modify the intended behavior of the back-end SQL queries.
This is SQL injection when the user allegedly tries to trick the system by passing in on tricky, cautiously and intelligently formed inputs, that tend to modify the intended behavior of the back-end SQL queries.
Find a very good example here: SQL injection at www.Veracode.com. Click on the image to enlarge.
Courtesy: Veracode
No comments:
Post a Comment
Liked or hated the post? Leave your words of wisdom! Thank you :)