Database Security: Database Vulnerability

内容导读

互联网集市收集整理的这篇技术教程文章主要介绍了Database Security: Database Vulnerability，小编现在分享给大家，供广大互联网技能从业者学习和参考。文章包含2312字，纯文字阅读大概需要4分钟。

内容图文

As more and more databases are made accessible via the Internet and web-based applications, their exposure to security threats will rise.

The objective is to reduce susceptibility to these threats.

Perhaps the most publicized database application vulnerability has been the SQL injection.

SQL injections provide excellent examples for discussing security as they embody one of the most important database security issues, risks inherent to non-validated user input.

SQL injections can happen when SQL statements are dynamically created using user input.

The threat occurs when users enter malicious code that ‘tricks’ the database into executing unintended commands.

The vulnerability occurs primarily because of the features of the SQL language that allow such things as embedding comments using double hyphens (- -), concatenating SQL statements separated by semicolons, and the ability to query metadata from database data dictionaries.

The solution to stopping an SQL injection is input validation.

SQL injections can be prevented by validating user input.

Three approaches are commonly used to address query string validation: using a black list, using a white list, or implementing parameterized queries.

The black list parses the input string comparing each character to a predefined list of non-allowed characters. The disadvantage to using a black list is that many special characters can be legitimate but will be rejected using this approach. The common example is the use of the apostrophe in a last name such as O’Hare.

The white list approach is similar except that each character is compared to a list of allowable characters. The approach is preferred but special considerations have to be made when validating the single quote.

Parameterized queries use internally defined parameters to fill in a previously prepared SQL statement.

The importance of input validation cannot be overstated. It is one of the primary defense mechanisms for preventing database vulnerabilities including SQL injections.

Database Security: Database Vulnerability

标签：code   ica   because   this   enter   spec   hat   prevent   string   

本文系统来源：https://www.cnblogs.com/hbuwyg/p/11031422.html

内容总结

以上是互联网集市为您收集整理的Database Security: Database Vulnerability全部内容，希望文章能够帮你解决Database Security: Database Vulnerability所遇到的程序开发问题。 如果觉得互联网集市技术教程内容还不错，欢迎将互联网集市网站推荐给程序员好友。

内容备注

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 gblab@vip.qq.com 举报，一经查实，本站将立刻删除。

内容手机端

---