sql injection
SQL injection means that the web application does not judge the legality of user input data or filter it laxly. The attacker can add additional SQL statements at the end of the pre-defined query statement in the web application, without the administrator's knowledge. In the case of illegal operation, it can deceive the database server to execute any unauthorized query, so as to further obtain the corresponding data information.
Because the rationality of the user input data was not judged when writing the program, the attacker can execute the code mixed with the injection point of SQL Injection, and obtain the information needed for the next attack through the prompt returned by the page. According to the input parameters, SQL injection methods can be roughly divided into two categories: numeric injection and character injection.
1. Digital injection
When the input parameters are integers, such as ID, age, page number, etc., if there is an injection vulnerability, it can be considered as digital injection. This kind of digital injection occurs most in weakly typed languages such as ASP and PHP. The weakly typed language will automatically deduce the variable type. For example, if the parameter id=8, PHP will automatically deduce the data type of the variable id as int type, then id=8 and 1=1, it will be deduced as a string type, which is a feature of a weakly typed language. For strongly typed languages such as Java and C#, if you try to convert a string to an int type, an exception will be thrown and execution cannot continue. Therefore, strongly typed languages rarely have numeric injection vulnerabilities.
2. Character type injection
When the input parameter is a character string, it is called a character type. The biggest difference between numeric and character injections is that numeric types do not need to be closed with single quotes, while string types generally need to be closed with single quotes.
SQL injection attacks are very harmful, and it is difficult for firewalls to intercept attacks. The main methods for preventing SQL injection attacks include the following aspects. [9]
1. Hierarchical management
Manage users at different levels and strictly control user permissions. For ordinary users, it is forbidden to grant related permissions such as database creation, deletion, and modification. Only system administrators have the authority to add, delete, modify, and check . For example, in the above example, the user added drop table to the query statement. It must not be allowed to execute, otherwise the database security of the system cannot be guaranteed. Therefore, it is restricted by the design of permissions. Even malicious attackers embed relevant attack codes when submitting data. But because the permissions are set, the code cannot be executed. Thereby reducing the security threat of SQL injection to the database. [9]
2. Parameter value transfer
When programmers write SQL language, it is forbidden to directly write variables into SQL statements, and must pass related variables by setting corresponding parameters. Thereby suppressing SQL injection. Data input cannot be directly embedded in a query statement. At the same time, it is necessary to filter the input content and filter out unsafe input data. Or pass input variables by passing parameters by value. This can prevent SQL injection attacks to the greatest extent. [9]
3. Basic filtering and secondary filtering
Before the SQL injection attack, the intruder submits special characters such as "and" by modifying the parameters to determine whether there is a vulnerability, and then writes the SQL injection statement through various characters such as select and update. Therefore, to prevent SQL injection, it is necessary to check user input to ensure the security of data input. When checking input or submitted variables, convert or filter characters such as single quotes, double quotes, and colons, thereby effectively preventing SQL injection. Of course, there are many dangerous characters. When obtaining the parameters submitted by the user, basic filtering must be performed first, and then secondary filtering should be performed according to the function of the program and the possibility of user input to ensure the security of the system. [9]
4. Use security parameters
SQL database to effectively suppress the impact of SQL injection attacks. Special SQL security parameters are set during the SQLServer database design. When programming, try to use security parameters to prevent injection attacks. Thereby ensuring the security of the system. [9]
The SQLServer database provides the Parameters collection. Its function in the database is to perform type checking and length verification on the data. When the programmer adds the Parameters collection during program design, the system will automatically filter out the execution code in the user input. Recognize it as a character value. If the user input contains malicious code, the database can also filter it out during inspection. At the same time, the Parameters collection can also perform mandatory execution checks. Once the check value is out of range. An abnormal error will appear in the system, and the information will be sent to the system administrator at the same time, so that the administrator can take corresponding preventive measures. [9]
5. Vulnerability scanning
In order to prevent SQL injection attacks more effectively, as a system administrator, in addition to setting up effective preventive measures, it is also necessary to discover SQL attack security vulnerabilities in the system in a timely manner. System administrators can purchase some special system SQL vulnerability scanning tools, and through professional scanning tools, they can scan the corresponding vulnerabilities in the system in a timely manner. Although the vulnerability scanning tool can only scan for SQL injection vulnerabilities, it cannot prevent SQL injection attacks. However, the system administrator can take corresponding preventive measures to block the corresponding vulnerabilities through the scanned security holes according to different situations, so as to close the door of SQL injection attacks and ensure the security of the system. [9]
6. Multi-layer verification
The function of the current website system is becoming more and more complex. In order to ensure the security of the system, the visitor's data input must be strictly verified before entering the system, and the input that fails the verification will be directly refused to access the database, and an error message will be sent to the upper-level system. At the same time, the relevant input information of the visitor is verified in the client access program, so as to prevent simple SQL injection more effectively. But if the lower layer in the multi-layer authentication passes the authentication data, an attacker who bypasses the client can access the system at will. Therefore, when performing multi-layer authentication, each layer needs to cooperate with each other. Only when effective authentication protection is carried out on both the client and the system side can SQL injection attacks be better prevented. [9]
7. Database information encryption
Traditional encryption and decryption methods can be roughly divided into three types: [9]
(1) Symmetric encryption: that is, both the encrypting party and the decrypting party use the same encryption algorithm and key. The preservation of the key is very critical, because the algorithm is public, but the key is kept secret. Once the key is leaked, hackers can still easily decrypt it. Common symmetric encryption algorithms are: AES, DES, etc. [9]
(2) Asymmetric encryption: use different keys for encryption and decryption, the keys are divided into public key and private key, the data encrypted with the private key must be decrypted with the public key, and encrypted with the public key The data must be decrypted with the corresponding private key. Common asymmetric encryption algorithms include: RSA, etc. [9]
(3) Irreversible encryption: use the hash algorithm to make the data encrypted and cannot be decrypted back to the original data. Such hash algorithms are commonly used: md5, SHA-1, etc.