• +1-818-527-9935
  • Register
Assignment Help

Home >> Computer Science Help >> Asp dot net Project Homework >> SQL Injection Protection

Submit Assignment

Payment Online Assignment Help sfsf

SQL Injection Protection

There are two primary methods to protect your database from SQL injection.  First, make sure that applications validate user input by blocking invalid characters.  In many cases, only alphanumeric characters should be accepted.  At minimum, single quotes should be blocked.  Second, use protected queries that bind variables rather than combining SQL statements together as strings such as stored procedures.

These suggestions may also help:

Use original names for tables and columns to make the names harder to guess.

Use aliases to provide more layers of separation between the data and the intruder.  (For example, an intruder might find the alias "b" after some digging.  But "b" is an alias for "book," and the actual term is necessary to perform the correct query.)

Set length limits on form fields and validate data for content length and format.

Keep up-to-date on patches.

Make your schema unique.

Use stored procedures, which use parameters, at all times.

Avoid using query strings for Web page building.

Use Push and Get for HTML commands.

Audit your code to expose vulnerabilities.

• Lock down your server: Make sure the application is running with the minimal rights necessary to complete its task.  Remove any unnecessary accounts and any unnecessary information, such as example databases and unused features.  Also remove or disable unnecessary stored procedures.

Of course, if you work with developers who are less seasoned or unaware of programming security risks, train them.  Going through all exposed ASP, PHP, Cold Fusion, Visual Basic, Perl, CGI, and other scripts and pages may be time consuming, but it's necessary for database protection.  A programming guidebook on protecting against SQL injection would help prevent future exposures.

Another option is to use a Web application assessment tool such as Poison, which searches for known security flaws on remote Web documents.  Poison helps identify and flag weaknesses in applications.

Database Worms

Since the Slammer worm hit SQL Server in 2003, the awareness of database worms has grown.  Although no one can predict the future, the general belief in the database community is that database worms aren't a major security concern.  You might be better off spending time on security against targeted attacks on your salable data (such as SQL injection) as opposed to destructive attacks (such as database worms).

Services: - SQL Injection Protection Homework | SQL Injection Protection Homework Help | SQL Injection Protection Homework Help Services | Live SQL Injection Protection Homework Help | SQL Injection Protection Homework Tutors | Online SQL Injection Protection Homework Help | SQL Injection Protection Tutors | Online SQL Injection Protection Tutors | SQL Injection Protection Homework Services | SQL Injection Protection