Summary

Previous page
Table of content
Next page

Summary

Database applications are incredibly common, and unfortunately, many of these applications are vulnerable to injection attacks. By following some simple rules, you can eliminate the risk of such attacks from your applications:

  • Do not trust the user's input!

  • Be strict about what represents valid input and reject everything else. Regular expressions are your friend.

  • Use parameterized queries not string concatenation to build queries.

  • Do not divulge too much information to the attacker.

  • Connect to the database server by using a least-privilege account, not the sysadmin account.


Previous page
Table of content
Next page
Writing Secure Code
Writing Secure Code, Second Edition
ISBN: 0735617228
EAN: 2147483647
Year: 2001
Pages: 286
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
Qshell for iSeries
Certified Ethical Hacker Exam Prep
Systematic Software Testing (Artech House Computer Library)
Visual C# 2005 How to Program (2nd Edition)
The Java Tutorial: A Short Course on the Basics, 4th Edition
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy