Home > Developer > ASP

SQL injection attacks (SQL injection) in ASP. NET development practices)

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
Security Vulnerabilities at the data layer include SQL commands in input data strings. Poor Design ProgramCheck is ignored.

Main reasons
Use string connection to combine SQL commands
Accounts with excessive Permissions
Functions that are not necessary but with excessive power are enabled
Too much trust in the data entered by the user, no limit on the number of characters entered, and no potential command Check on the data entered by the user

Injection Principle
If the SQL command string is not replaced by a single quotation mark string, the string variable is maliciously tampered with when it is entered into the command string.

The role of SQL syntax.

Hazards
Use others' ID to log on to the system
Unauthorized access to the database
Malicious deletion/modification of databases/Data Tables/records
Modify or change the Operating System
Obtain Higher system Permissions
Damage Hard Disk Data

Defend against SQL injection attacks
Use parameterized Query
Replace input parameters with characters
Use other safer methods to connect to the SQL database, such as the database connection component that has fixed the SQL Injection problem. For example, the sqldatasource pair of ASP. NET

For example, or as a result
Use SQL anti-injection system.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More