Analysis of Java interview questions and prevention of SQL injection, semi QL

Source: Internet
Author: User

Analysis of Java interview questions and prevention of SQL injection, semi QL

This article focuses on a common question in the Java interview questions, how to judge and prevent SQL Injection problems. The details are as follows.

SQL injection is currently the most common attack method for hackers. Its principle is to use a database to forcibly pass in the resolution of special identifiers from the page to the background. Change the SQL statement structure to expand permissions, create high-level users, and forcibly modify user data.

So how can we determine whether SQL injection has been performed?

Based on the principles of SQL injection, we know that we can determine the data that can be imported through the page through SQL injection. The background should not trust any data imported from the background, especially special Integer Parameters and special character parameters!

Preventing SQL injection is actually quite simple.

1. Check the variable data type and format

As long as it is a variable in a fixed format, we should strictly follow the fixed format check before executing the SQL statement to ensure that the variable is in the expected format!

2. filter special characters

For variables with fixed formats that cannot be determined, special symbols must be carried out or transferred. One star SQL has ambiguity.

When we upload images

enctype=\”multipart/form-data\”enctype=”multipart/form-data”

No "/", enctype = "multipart/form-data" in the form means to set the MIME encoding of the form. By default, the encoding format is application/x-www-form-urlencoded and cannot be used for file upload. Only multipart/form-data can be used to completely transmit file data, perform the following operations.

3. bind variables and use precompiled statements.

In fact, using precompiled statements to bind variables is the best way to prevent SQL injection. The Semantics of pre-compiled SQL statements will not change. In SQL statements, question marks are used for variables? The hacker cannot change the format of the SQL statement even if he has a higher skill level, which fundamentally prevents the occurrence of SQL injection attacks.

4. database information encryption security

Sometimes the database information is leaked. We should encrypt the Database Password and other information (such as MD5), so that the information leakage and loss can also be controlled within a certain range.

Note the following when using JSP:

1. Do not open a production environment to summarize the error display of Webserver.

2. never trust variable input from the user end. Variables with fixed formats must strictly check the corresponding format. Variables without fixed formats must be filtered and escaped for special characters such as quotation marks.

3. Use pre-compiled SQL statements bound to variables

4. Manage database account Permissions

5. Strictly encrypt and process user confidential information

A good program must pay attention to security, otherwise it is only suitable for practice.

Summary

The above is all the content about the analysis of Java interview questions and the prevention of SQL injection. I hope it will be helpful to you. If you are interested, you can continue to refer to other related topics on this site. If you have any shortcomings, please leave a message. Thank you for your support!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.