Code issue affects 40% of websites

As many as 40% of websites using back-end relational databases are susceptible to a programming error that could enable a hacker...

As many as 40% of websites using back-end relational databases are susceptible to a programming error that could enable a hacker to take full control of the database.

Richard Brain, technical director at security specialist Procheckup, said the problem, known as SQL Injection, came about because users were not making adequate checks on web-based data entry forms.

Websites usually connect to back-end databases - whether Oracle, DB/2 or Microsoft SQL Server - using code written as a Java Server Page or Active Server Page. The code's purpose is to check the data input and pass it from the web server to the database server.

However, if an end-user enters an apostrophe or a semi-colon in a web form, these characters can be interpreted as a "line-break" command in the SQL language.

Following an apostrophe or a semi-colon, an intruder could type in any valid SQL command and gain full access to the database.

Brain urged users to ensure their JSP and ASP code was able to handle the apostrophe and semi-colon characters purely as plain text, rather than as SQL commands. He suggested users modify their ASP and JSP code to filter all user input.

Brain also suggested that users should build custom web pages to handle errors prod-uced by the back-end database server. This would avoid giving hackers important information about the back-end systems, which could then be used to launch an attack.

Read more on Business applications

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close