SQL Injection |
Article ID: 587 |
Back to Search
|
SQL injection refers to the act of someone inserting or modifying a SQL statement executed against your database without your knowledge or intention by way of flaws in your code. This is done by exploiting the way your code passes and handles parameters related to SQL execution by your code... therefore a SQL injection is unique to how your code is written, and must be protected against at the level of your code. In general, there are no protection mechanisms against SQL injection at the firewall or webserver level... the holes that allow SQL injection are as a result of exploitable holes you create in your code... so it's up to you to modify your code in a manner to prevent SQL inject type attacks from being possible.
If you google/yahoo on "SQL injection", you will find a multitude of helpful articles on how to write your code to protect you against SQL injection type attacks, for example:
|
|
Downloads Associated With This Article |
No downloads are currently associated with this article. |