There is an article about SQL Injection: SQL Injection (資料隱碼) -- 駭客的SQL填空遊戲 (上)
Recently we execute code review in our company. It's a step about checking the coding error of others programs in developing software. One senior engineer checked my codes and picked up some SQL injection problems. At first I didn't know what is SQL injection. After surfing the net, I realized that I committed a very serious error.
SQL injection is a method that hackers input some SQL codes in the page. If programmers don't process string-type variable carefully, these codes would change the actions in your SQL codes in the backend. Maybe a hacker could enter your website as an administrator without passwords. Maybe your system would show detailed data of customers to others who are not authorized. These security problems resulted from SQL injection are fatal.
I should keep this event in mind and make sure I won't commit it again!
Recently we execute code review in our company. It's a step about checking the coding error of others programs in developing software. One senior engineer checked my codes and picked up some SQL injection problems. At first I didn't know what is SQL injection. After surfing the net, I realized that I committed a very serious error.
SQL injection is a method that hackers input some SQL codes in the page. If programmers don't process string-type variable carefully, these codes would change the actions in your SQL codes in the backend. Maybe a hacker could enter your website as an administrator without passwords. Maybe your system would show detailed data of customers to others who are not authorized. These security problems resulted from SQL injection are fatal.
I should keep this event in mind and make sure I won't commit it again!
Posts
No comments:
Post a Comment