Warning: Toxic SQL! I wasn’t especially surprised to read not long ago that Russian hackers had succeeded in stealing an estimated 1.2 billion login/password credentials for online websites. It seems to have become accepted that internet security is hopelessly more porous than originally envisioned, and that more large-scale breaches involving well known companies exist than are publicized. What piqued my curiosity, however, was a press report that the chief technique used for this record-shattering theft was SQL Injection: a technique which I had supposed to be long ago defeated. It turns out that although basic preventive measures had been worked out towards the end of last century, in practice SQL Injection (SQLI) is still a very popular and fruitful technique. Is this apparent contradiction due strictly to developer laxity, or are other factors involved?
w h i t e s p a c e
SQL Injection still a go-to…
View original post 2,473 more words