NEWS
NEWS
NEWS
SQL Injections: How To Avoid Getting a Dose
Anytime a value is placed on something, one has to note that at some point in time others may want it. Not only will someone want it, but someone might use covert methods to obtain it. This of course not foreign to the web and the vast amount of valuable information it contains. A malicious hacker may be trying to obtain passwords, pin numbers, credit card information, and the like. While there are various methods that these hackers can use, one that has a noted increase is SQL injection.
Put simply, a SQL injection is an injection of code into a website’s software that will allow the hacker access to information. These injections are done by user input that tricks the database and there by allows malicious code to provide a path to the sensitive information. With any form of attack, it’s important to know what can be done to protect one’s self from such an attack. Since the injection is done into the website itself, the security of the information falls on the owner of the site. How can a site prevent SQL injections and maintain the integrity of its users’ information?
Data Validation
Since input is the source of these injections, one good practice is to validate the data being entered. If user input limited to certain character types and lengths, then it becomes more difficult to place an injection because the format is fixed. In some cases sites do not actually check input. To be clear on the input it would help to be sure that an email address is an email address, or that a phone number is indeed a phone number.
Query Parameters
The input is what starts a query to the database, so it is also suggested that queries be parameterized. If access to the sensitive information is limited to a certain path of code or commands, then the introduction of an injection to the database will be turned away since not all query forms are allowed.
Limit User Privileges
User accounts have privileges to access the database for various types of information, so another aid in stopping injections would be to limit the database privileges of user accounts. If a user only needs access to certain information stored on the database, then there is no reason to give them free roaming of the entire database and all it contains.
These are just a few of the suggested things that can help in stopping SQL injections. With the growth of Big Data and the money being thrown at it, startups should be factoring in the security of the large amount of information that they will be managing. The personal information of users is of great import and should not be neglected.
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
