Tuesday, March 26, 2013

Basics: Avoiding SQL Injection

SQL injection is a pretty big deal.  The attack is easy to carry out, the vulnerabilities are prevalent and the payoff is potentially large.  Many of the password breaches reported over the last year or two are known or thought to have been carried out via SQL injection. 

SQL injection attacks allow attackers to execute arbitrary queries or commands against a database.  Developers introduce the vulnerabilities into their code when they concatenate or substitute user input into the elements of a SQL query.  In the following Python example, the program will accept any input as the "user_id" variable (returned as a part of login_data) and tack it onto the end of a string that is subsequently executed as a sql query:  

login_data = web.input()
query_string = "SELECT * FROM USERS WHERE ID = '%s'" %
login_data.user_id
cursor.execute(query_string)
Read more »
at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)

Understanding Scope in Go

As per my New Year's resolution, I've been learning to program in Go and reading  The Go Programming Language .   On page 141 of the...

  • How big is 2**128?
    Most cryptographic algorithms deal with numbers that are 128 bits or larger.   A 128-bit number has 2 128 possible values, but how big ...
  • Passwords Matter
    This is in response to a Tenable blog post " Do Passwords Matter? "  I have several issues with the post that I address here. Pa...