Armed with advanced server-side technologies like ASP.NET and powerful database servers such as Microsoft� SQL Server�, developers are able to create dynamic, data-driven Web sites with incredible ease. But the power of ASP.NET and SQL can easily be used against you by hackers mounting an all-too-common class of attack�the SQL injection attack.
The basic idea behind a SQL injection attack is this: you create a Web page that allows the user to enter text into a textbox that will be used to execute a query against a database. A hacker enters a malformed SQL statement into the textbox that changes the nature of the query so that it can be used to break into, alter, or damage the back-end database. How is this possible? Let me illustrate with an example.
This article discusses:
How SQL injection attacks work
Testing for vulnerabilities
Validating user input
Using .NET features to prevent attacks
Importance of handling exceptions
See: http://msdn.microsoft.com/en-us/magazine/cc163917.aspx
0 comments:
Post a Comment
mohon saran dan komentar teman² semua