Talk:SQL injection: Difference between revisions

<quote> Sometimes vulnerabilities can exist within the database server software itself, as was the case with the MySQL server's real_escape_chars() functions recently. </quote> This lacks a source, a date, and the version(s) of MySQL effected. I assume it is in reference to CVE-2006-2753, MySQL Bug#8378 (See: http://dev.mysql.com/doc/refman/5.0/en/news-5-0-22.html), but this is a flaw in a database server, not SQL injection. Anyone else believe it should be deleted? — Preceding unsigned comment added by 203.206.98.80 (talk • contribs) 05:37, 6 August 2006 (UTC)

Agree that it should be deleted or expanded

"incorrectly filtered for string literal escape characters"

As is incorrect because there is no filtering of escape characters or filtered but not very well? Might be just the way I read this line.

MS SQL and quoting

The statement "On MS SQL Server any valid SQL command may be injected via this method, including the execution of multiple statements" is quite incorrect, at least no more correct than the other languages listed. In most languages you can glue your sql text together and have problems or do the things the right way. In mssql the right way is like

command.commandtext="select * from animals where animal='@animal'"

command.parameters.add(new sqlparameter("@animal", "dog")))

Whitelisting

"For instance, if you wanted to defend against this attack, you could verify the userid variable to ensure its contents were numeric like so: if(!ctype_digit($userid)){ die("Invalid characters in userid."); }"

The problem is that in this example, we check the type of data in one the host language, i.e. in a language other than SQL. The host language could have notations (e.g. hexadecimal, scientific notation...) in which one could write strings which would pass the numericity test in this language, but would not be numeric in SQL. Apokrif 21:47, 5 September 2007 (UTC)

Link farm

Yes, I removed a ton of links. No, the number of links removed does not entitle you to automatically revert this edit. I did this in accordance with the wikipedia policies, which were being disregarded here. First, the most obvious: "Wikipedia is not a directory" per WP:NOT. Secondly, most of these links blatantly disrespect the guidelines on what the purpose of external links is, per WP:EXT. Links should be informational. They serve to improve an encyclopedia article by providing information about a topic. Linking to something that merely concerns the same topic in some way is not the same as linking to something that gives a person information about the topic. Wikipedia is not one stop shopping for programming tutorials, guides, and hacking tools. The essay lamenting the fact that is threat is too largely ignored, and the general "what is SQL injection?" link, seem to be fairly good candidates for inclusion. But all the other programmer's guides, as well as the links that seem to be "how to hack a site", need to go and stay gone TheBilly (talk) 01:40, 19 December 2007 (UTC)

Name

An important thing to research is the history behind SQL Injection. I get what it's name means logically, but who named it such? When were people first aware of this problem etc.? Have there been any big "worms" or "mass-hackings" using this vulnerability.

My Two cents. Gigitrix (talk) 13:12, 5 January 2008 (UTC)

Microsoft UK page hacked

The source, which is not of notable reliability, cites another equally unreliable source, who merely SPECULATES that it may have been an SQL injection attack. I think this should be removed.

Straussian (talk) 01:59, 12 January 2008 (UTC)