We are using database, so there is a risk to SQL-injections.
How is SQL-injection done?
i.e To login to a site, we need to enter 2 parameters; username and password.
The site validate it by calling a POST method to a servlet/jsp i.e http://epic4security.com/login.jsp?username=blabla&password=blabla.
Over at login.jsp, there is a SQL statement, i.e "SELECT username, password from TABLE where USERNAME = 'username' AND PASSWORD = 'password'";
What an attacker can do is enter the following in the field of username & password:
Username = admin
Password = pass' OR username = 'admin
So he alter the SQL statement to:
"SELECT username, password from TABLE where USERNAME = 'username' AND PASSWORD = 'pass' OR username = 'admin'";
Dangerous right?
Prevention
Thus to prevent this from happening, what we can do is:
1) check length of parameter
2) hash it to a message digest i.e SHA256 or SHA512
No comments:
Post a Comment