This post was provided by Samantha Strauss on behalf of Drexel University Online. She has written freelance tech articles for a number of educational institutions, including Drexel University. A self-taught programmer, she has spent over a decade working in the tech industry.
Though it’s been plaguing us for quite a while, SQL injection is still one of the most common forms of web site security breaches, as evidenced by recent hacking attacks on such web giants as Sony, Yahoo and LinkedIn, among others. SQL, which stands for Structured Query Language, is just what it sounds like: a language–almost, in fact, THE language that databases use to store, manage, and retrieve information.
For instance, if your website wants to do business with visitors (as most do), your database will have to be able to interact with users; requesting, storing and using such critical data as passwords and credit card numbers in the process. A hacker who wants a piece of that action simply enters SQL commands where your legitimate visitor is asked to enter personal information. It could be a form for logging on, searching or completing a checkout transaction. At that malicious command, a weakness in the site’s code will grant entry to a supposedly protected database.
If it’s such a recognized problem–and SQL injections, which account for over eighty percent of web attacks, rose by over seventy percent in 2012 alone– why hasn’t it been rectified? There a few reasons, and one of them is simply the vastness of the Internet and the virtually limitless opportunities for attack.
As online business grows exponentially, so does interaction between web site databases and visitors. And even as the opportunities for mischief expand, so do the number and skill levels of hackers after information or disruption. Meanwhile, poorly designed code leaves existing web sites vulnerable, and though a lot has been learned about more secure coding, there are just too many programmers and designers out there to guarantee a consistently high degree of security in design.
And then, there’s the problem of ongoing maintenance and updates, which are critical to protecting against the ever-more-clever masters of SQL injection: some sites just don’t do it, or don’t do it with enough savvy to foil a hacker. Firewalls and antivirus programs are no defense. Only improved design and constant examination, updating, and patching of servers and applications will minimize this ongoing risk.
Be very careful…it’s dangerous out there.
Please comment on this article; we all learn from each other when our views and opinions are shared.
I hope you found this article of interest. If you enter your email address in the Email Subscriptions box on the right column of this page, I’ll send you an email when a new article is posted. I don’t share your email address with anyone…no one; I hate spam too. Please share my site with your friends and family. Thanks.
Remember, personal computing is a blast…keep it safe, productive and enjoyable.
I’m also on Twitter, @PaulsInternet.
Images courtesy of FreeDigitalPhotos.net and FreeByte.com