Recently I conducted an interview with Jacky Chen, EVERWORKS’S Leading System Architect. I was rather shocked to find out that a SQL Injection Attack is rather serious. Don’t take my word for it; hear what Jacky has to say with his experience with it.
This brings me back to one of my bad experiences few years back when I just stepped into my 1st employment after my graduation. In those days, security is more emphasized on exposure of the source codes, or a networking related issue; seldom looking over the security of the database. On one Monday morning, after coming back from a long weekend, the whole development team was shocked after discovering that the whole production database was gone. Lucky for the team the database was restored from daily backups that had earlier been implemented. After much investigation, we discovered a security loophole on the website pages which led to this catastrophic issue. The ‘hacker’ has injected SQL commands to delete all the tables in the database via the form’s input boxes.
This brings me back to one of my bad experiences few years back when I just stepped into my 1st employment after my graduation. In those days, security is more emphasized on exposure of the source codes, or a networking related issue; seldom looking over the security of the database. On one Monday morning, after coming back from a long weekend, the whole development team was shocked after discovering that the whole production database was gone. Lucky for the team the database was restored from daily backups that had earlier been implemented. After much investigation, we discovered a security loophole on the website pages which led to this catastrophic issue. The ‘hacker’ has injected SQL commands to delete all the tables in the database via the form’s input boxes.
I want to give you a solution so that you can perform a fix-it-yourself action with stuff that actually make sense! (Hey I am no software engineer, coder, or programmer; when I see code all I see is stuff from Matrix.)
