Preventing SQL injection attack

SQL injection attacks occur when an application generates a SQL query that are concatenated along  with user input. The user enters information through the application interface that becomes part of the SQL statement executed against the database.

Practices for preventing SQL injection attacks.

1.Cleaning and Validating input.

Cleaning and validating  the input from the user ie trim() and validating the length of the user input,if the length of user input in more than expected  then it may be affected by sql injection.

2.Using stored procedures.

stored procedures type-check input parameters,static stored procedures don’t take parameters and hence they are safe to use,Stored procedures which contain only parameterized SQL are also resistant to sql injection.

3.Using dynamic SQL.

Using prepared statements which generates dynamic query.

4.Use Least Privilege Database account.

giving least privileges access to database giving only selected permissions

to particular tables.

This entry was posted in Java. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s