SQL Injection

Dec 19, 2023
Security

SQL injection occurs when SQL code can be injected into API input. In this injection attack, valid input has SQL commands concatened with SQL execution commands. When the SQL code is executed, the commands are run. In this process data can be mutated and returned to the attacker.

Mitigation Tips:

Use prepared statements instead of concatenated SQL statements. This seperates inputs from the command.
Restrict the user account that the SQL command is executed with to only allowable actions.
Always sanitize input on the server.
Never trust the client input to have sanitized input, it can be exploited by an attacker.
Use mature libraries for data sanitization, there are too many variants to look for to write custom sanitation code.

SQL Injection

About

Skip - Creator of QuietShark.com

Category

Recommended

SQLAlchemy vs Hibernate: A Deep Dive into Python and Java ORMs

Comparing Persistent Data Sources on AWS: Choosing the Right Storage Solution

Write Unit Tests First and Use AI to Generate Code That Passes Them

Walrus Operator

Managing Hatch Dependencies in VS Code