Identify Database Injection Points in Your Code

We briefly talked about database injection earlier. It’s a variation of code injection, but the intended target is the back-end database and not the application server. Let’s look at this widely used attack in detail and discuss ways to prevent it.

If an application has code injection issues, it means the application is not correctly validating all input fields on the site. The same thing applies to database injection. Attackers enter a series of database commands into the application’s input fields (such as a textbox in a blog’s comment form) to trick the application into executing the commands within the database. If the application builds its database queries by concatenating user input with ...

Get Secure Your Node.js Web Application now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.