Preventing SQL Injection Attacks in Stored Procedures

12 years 3 months ago
Preventing SQL Injection Attacks in Stored Procedures
An SQL injection attack targets interactive web applications that employ database services. These applications accept user inputs and use them to form SQL statements at runtime. During an SQL injection attack, an attacker might provide malicious SQL query segments as user input which could result in a different database request. By using SQL injection attacks, an attacker could thus obtain and/or modify confidential/sensitive information. An attacker could even use a SQL injection vulnerability as a rudimentary IP/Port scanner of the internal corporate network. Several papers in literature have proposed ways to prevent SQL injection attacks in the application layer by examining dynamic SQL query semantics at runtime. However, very little emphasis is laid on securing stored procedures in the database layer which could also suffer from SQL injection attacks. Some papers in literature even refer to stored procedures as a remedy against SQL injection attacks. As stored procedures reside ...
Ke Wei, Muthusrinivasan Muthuprasanna, Suraj Kotha
Added 10 Jun 2010
Updated 10 Jun 2010
Type Conference
Year 2006
Authors Ke Wei, Muthusrinivasan Muthuprasanna, Suraj Kothari
Comments (0)