SQL injection and Data security:
Sql Server Interview Que:
- Different Types of SQL Server Stored Procedures
- SQL-QUERY TYPES, ALIASES, JOINS, CLAUSES, FUNCTIONS
- Sql-determine the version and edition of SQL Server
Some importent points Related to SQL injection:
- SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.
- SQL injection attacks allow attackers to spoof identity, tamper with existing data, because repudiation issues such as voiding transactions or changing balances of data allow the complete disclosure of all stored data on the system, destroy the data from database and become administrators of the database server.
- SQL injection attack refers insertion or "injection" of a SQL query via the input data from the client to the asp.net application.
- A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), and execute administration operations on the database,
- SQL injection also use Recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.
- SQL Injection is very common with PHP and ASP applications due to the prevalence of older functional interfaces. By the nature of programmatic interfaces available.
- J2EE and ASP.NET applications are less likely to have easily exploited SQL injections.