International Journal of Computer Applications |
Foundation of Computer Science (FCS), NY, USA |
Volume 52 - Number 13 |
Year of Publication: 2012 |
Authors: Asha. N, M. Varun Kumar, Vaidhyanathan.g |
10.5120/8264-1809 |
Asha. N, M. Varun Kumar, Vaidhyanathan.g . Preventing SQL Injection Attacks. International Journal of Computer Applications. 52, 13 ( August 2012), 28-32. DOI=10.5120/8264-1809
With the recent rapid increase in web based applications that employ back-end database services, results show that SQL Injection and Remote File Inclusion are the two frequently used exploits rather than using other complicated techniques. With the rise in use of web applications, SQL injection based attacks are gradually increasing and is now one of the most common attacks in the internet. It allows an attacker to gain control over the database of an application, thereby able to read and alter confidential data. This paper illustrates few different forms of SQL injection and based on observation, it is seen that SQL Injection is interpreted differently on different databases. Finally, an effective solution is proposed for the prevention of these kinds of injection attacks, in such a way that it is independent of the underlying platform and database. Two levels of user authentication has been proposed in this method, SQL based authentication and an XML based authentication, and has been found to be very effective in preventing such attacks.