Question for the day
Jignesh Gor
How will you secure the website with SQL injection?
This is most critical problem till date for all public facing websites.
Aalap Shah
How will you secure the website with SQL injection?
This is most critical problem till date for all public facing websites.
--
You received this message because you are subscribed to the Google Groups "Elite Techie Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elite-techie-gr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Aalap Shah
pate...@gmail.com
Sent from my iPhone
Jignesh Gor
Agreed. Sanitize and SP will help till most extent....
Most critical area to protect is login page than any other page....as other pages we know the culprit...but any unknown can damage through login screen as that is the only screen open to public anonymously....
Also, additonal rules by not allowing certain characters in login protects the system....hence in most banking sites does not allow specific characters as username and password...
Also, username should be verified in separate query and password in separate...as it is logical....
Without having some defined rules for characters as input and restrictions on those characters, even SPs will not help...until each parameter is passed in parameter object instead of inline Sp call...let me know if I need example here....
Hope we all remember Target stores sql injection incident during 2014 black Friday....lost billions...in stock value....
pate...@gmail.com
Sent from my iPhone
BHAVIN SHAH
On Tuesday, March 8, 2016 at 11:21:35 PM UTC-5, Jimi wrote:
Agreed. Sanitize and SP will help till most extent....
Most critical area to protect is login page than any other page....as other pages we know the culprit...but any unknown can damage through login screen as that is the only screen open to public anonymously....
Also, additonal rules by not allowing certain characters in login protects the system....hence in most banking sites does not allow specific characters as username and password...
Also, username should be verified in separate query and password in separate...as it is logical....
Without having some defined rules for characters as input and restrictions on those characters, even SPs will not help...until each parameter is passed in parameter object instead of inline Sp call...let me know if I need example here....
Hope we all remember Target stores sql injection incident during 2014 black Friday....lost billions...in stock value....
On Mar 8, 2016 8:24 PM, <pate...@gmail.com> wrote:
In laymen terms I say that Encode all user input n validate them properly.Also as Aalap said don't use inline quest like FHEMS apps is using.And don't give full rights to user account under which you connect to SQL
Sent from my iPhone
That is achieved mostly by frameworks we use like razor views, entity framework/Linq even IIS.They all help to prevent sql injection but we have to be careful writing queries eg. Use stored procedures instead of inline queries/use entity sql in entity framework.
Never directly use user input into query, we have to sanitize it first then pass it to database server to query.
How will you secure the website with SQL injection?
This is most critical problem till date for all public facing websites.
--
You received this message because you are subscribed to the Google Groups "Elite Techie Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elite-techie-group+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Thanks and Regards,
Aalap Shah
--
You received this message because you are subscribed to the Google Groups "Elite Techie Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elite-techie-group+unsub...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Elite Techie Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elite-techie-group+unsub...@googlegroups.com.
Aalap Shah
Aalap Shah
To unsubscribe from this group and stop receiving emails from it, send an email to elite-techie-gr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Thanks and Regards,
Aalap Shah
--
You received this message because you are subscribed to the Google Groups "Elite Techie Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elite-techie-gr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Elite Techie Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elite-techie-gr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Elite Techie Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elite-techie-gr...@googlegroups.com.
BHAVIN SHAH
To unsubscribe from this group and stop receiving emails from it, send an email to elite-techie-group+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Thanks and Regards,
Aalap Shah
--
You received this message because you are subscribed to the Google Groups "Elite Techie Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elite-techie-group+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Elite Techie Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elite-techie-group+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Elite Techie Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elite-techie-group+unsub...@googlegroups.com.
Aalap Shah
Aalap Shah
Aalap,
To unsubscribe from this group and stop receiving emails from it, send an email to elite-techie-gr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Thanks and Regards,
Aalap Shah
--
You received this message because you are subscribed to the Google Groups "Elite Techie Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elite-techie-gr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Elite Techie Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elite-techie-gr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Elite Techie Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elite-techie-gr...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Elite Techie Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elite-techie-gr...@googlegroups.com.
Jignesh Gor
This is different question...coincidentally I had asked this to Arun....will share some thoughts when get a chance... Busy morning...
pate...@gmail.com
Sent from my iPhone
SHAH BHAVIN
--
You received this message because you are subscribed to a topic in the Google Groups "Elite Techie Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/elite-techie-group/d2_Y7mRneIg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to elite-techie-gr...@googlegroups.com.
Shah Bhavin
shahb...@gmail.com
http://www.linkedin.com/in/bhavinjshah
732-372-1832(Mobile)