What is SQL-Injection?

Hearing the Oracle

Warning: Toxic SQL Warning: Toxic SQL! I wasn’t especially surprised to read not long ago that Russian hackers had succeeded in stealing an estimated 1.2 billion login/password credentials for online websites. It seems to have become accepted that internet security is hopelessly more porous than originally envisioned, and that more large-scale breaches involving well known companies exist than are publicized. What piqued my curiosity, however, was a press report that the chief technique used for this record-shattering theft was SQL Injection: a technique which I had supposed to be long ago defeated. It turns out that although basic preventive measures had been worked out towards the end of last century, in practice SQL Injection (SQLI) is still a very popular and fruitful technique. Is this apparent contradiction due strictly to developer laxity, or are other factors involved?
w h i t e s p a c e
SQL Injection still a go-to technique SQL Injection still a go-to…

View original post 2,473 more words

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s