8.11 SQL Injection
Database applications must take security precautions to protect a database against a form of attack known as SQL injection. The term injection refers to the fact that user input from a client through the application interface can be designed to take advantage of vulnerabilities associated with the dynamic construction of SQL queries. Using SQL injection, an attacker can insert (or inject) code into a query that can be used to retrieve information that the attacker is not authorized to see, maliciously delete or modify data, or insert data that would give an attacker unauthorized access to the database. SQL injection was first discovered around 1998 and is now ranked as a top software security concern by the Open Web Application ...
Get Databases Illuminated, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
