Database Security: Database Vulnerability
Posted hbuwyg
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Database Security: Database Vulnerability相关的知识,希望对你有一定的参考价值。
Security breaches are an increasing phenomenon.
As more and more databases are made accessible via the Internet and web-based applications, their exposure to security threats will rise.
The objective is to reduce susceptibility to these threats.
Perhaps the most publicized database application vulnerability has been the SQL injection.
SQL injections provide excellent examples for discussing security as they embody one of the most important database security issues, risks inherent to non-validated user input.
SQL injections can happen when SQL statements are dynamically created using user input.
The threat occurs when users enter malicious code that ‘tricks’ the database into executing unintended commands.
The vulnerability occurs primarily because of the features of the SQL language that allow such things as embedding comments using double hyphens (- -), concatenating SQL statements separated by semicolons, and the ability to query metadata from database data dictionaries.
The solution to stopping an SQL injection is input validation.
SQL injections can be prevented by validating user input.
Three approaches are commonly used to address query string validation: using a black list, using a white list, or implementing parameterized queries.
The black list parses the input string comparing each character to a predefined list of non-allowed characters. The disadvantage to using a black list is that many special characters can be legitimate but will be rejected using this approach. The common example is the use of the apostrophe in a last name such as O’Hare.
The white list approach is similar except that each character is compared to a list of allowable characters. The approach is preferred but special considerations have to be made when validating the single quote.
Parameterized queries use internally defined parameters to fill in a previously prepared SQL statement.
The importance of input validation cannot be overstated. It is one of the primary defense mechanisms for preventing database vulnerabilities including SQL injections.
以上是关于Database Security: Database Vulnerability的主要内容,如果未能解决你的问题,请参考以下文章
Laravel 测试身份验证。使用 Illuminate\Database\Eloquent\ModelNotFoundException 的后续登录尝试失败
Common Database Security Tasks_5_30
Oracle LiveLabs实验:DB Security - Database Vault