SQLwork.doc.docVIP

SQL INJECTION ATTACKS By Zelinski Radu, Technical University of Moldova Where someone is building a Web application, often he need to use databases to store information, or to manage user accounts. And also very often, developers does not think that the security of their application depends of how they interact the database with the script. Any database use SQL language to manage the data stored in it. And an specific attack that can use this is so-called “SQL Injection Attack”. SQL injection is a attack technique which is used to pass SQL commands through a Web application directly to the database by taking advantage of insecure codes non-validated input values. Its source is the incorrect escaping of dynamically-generated string literals embedded in SQL statements. It is in fact an instance of more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL is a keyword based language. Each statement begins with a keyword, such as SELECT, INSERT, or other. The basic structure of SQL is the query. A query consists of a single or more than one statement. The statement of SQL consists of clauses. We can represent a SQL statement, and how it is implemented this way: By using multiple statement queries, we can force the database to execute the statements one after other, in a more complex query. We already said that SQL Injection in Web applications works using the dynamically-generated SQL queries. What is a dynamic query and how it works? Most Web applications that use databases do a specific task. But a lot of applications must build and process a variety of SQL statements at run time. Such statements can, and probably will, change from execution to execution. They are called dynamic SQL statements. Unlike static SQL statements, dynamic SQL statements are not embedded in our source code. Instead, they are stored in character strings input build by the program at run time. For our applications, w