sql injection Computerphile video
Terms in this set (17)
Language that talks to databases
Websites use databases
To send back personalised results to users
SELECT * FROM USERS
retrieves all information from the User database table
Add new records
An example of text that would produce a database error
SELECT * FROM USERS WHERE username = Tom
Finds records matching "Tom"
SELECT * FROM USERS WHERE username = Tom"
Creates an error in the database which can start an attack
DROP ALL DATABASES
Can be added into a attack to remove all databases
SELECT * FROM USERS WHERE username = Tom" ; DROP ALL DATABASES
Triggers an error, causing an attack and then deletes the databases
Adding in / (slashes) to make the data form safe from SQL attack as the commands are not run
Used on websites to add in functionality eg web search forms
SQL injection attack
Allows maliciously coded search queries to trigger: editing, deleting, reading of data from an online SQL database
It is easy to make mistakes in programming the search features of a website and therefore allow a malicious user to run a SQL injection attack
The preferred way to protect a SQL database, it stops the input from running as code.
would trigger an SQL injection attack on a vulnerable system as 1 = 1 true which would try to retrieve all records from a database
YOU MIGHT ALSO LIKE...
Test Preparation TOEIC, SAT, TOEFL
CEH Module 13 - Hacking Web Applications
Chapter 7 Practice Questions
Chapter 4 (Types of attacks)
OTHER SETS BY THIS CREATOR
y9 topics: 1.4 networks y9, 1.6 System Security y9, 2.1 Algorithms - y9 revision v2, computer history v2
1.6 System Security y9
2.1 Algorithms - y9 revision v2
computer history v2
THIS SET IS OFTEN IN FOLDERS WITH...
OCR Computer Science A Level Definitions
Wired and Wireless Networks
Fixed & Floating Point Binary