Free Republic
Browse · Search 		Bloggers & Personal
Topics · Post Article

To: Zakeet
A SQL injection attack against the username field is a common technique that yields massive exposure for little effort. The typical naive backend SQL script will directly substitute a browser field into a SQL "where" clause e.g. select ssn where username = '$username'; You fill in the username field with the value ' or '1' -- which changes the substituted value to select ssn where username where username = '' or '1' -- That yields a wildcard match on all usernames and spews all the ssn fields. The actual values will differ, but that is the gist of a SQL injection attack.

See SQL Injection attack

11 posted on 01/20/2014 9:15:15 PM PST by Myrddin
[ Post Reply | Private Reply | To 1 | View Replies ]

To: Myrddin

That is exactly why the process control industry uses so many layers of protection to it’s servers running SQL servers process layer servers.

That and of course Windows OS running on the servers.

Also most of this is edicts sent down from above by boards that have direct ties to Federal Government Security Regs for Process Control. Oh, that is right, that only goes BOOM not someones life savings


14 posted on 01/20/2014 10:13:38 PM PST by eartick (Been to the line in the sand and liked it)
[ Post Reply | Private Reply | To 11 | View Replies ]

Free Republic
Browse · Search 		Bloggers & Personal
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson