A Novel Approach for SQL Injection Prevention Using Hashing & Encryption (SQL-ENCP)
نویسندگان
چکیده
SQL Injection Attack (SQLIA) is a technique that helps the attackers to direct enters into the database in an unauthorized way and reach the highest or most decisive point in extracting or updating sensitive information from any organizations database. In this paper, we studied the scenario of the different types of attacks with descriptions and examples of how attacks of that type could be performed and their detection & prevention schemes. It also contains strengths and weaknesses of various SQL injection attacks. It is known to all that SQL injection attacks easily prevented by applying more secure schemes in login phase and after login phase. Therefore, we implement our proposed scheme called SQLENCP, the SQL injection prevention by encryption & hashing techniques, to handle the SQLIA and prevent them. Although, the proposed implemented system is unable to handle all the SQL injection attacks, but it can prevent tautology attacks, union based query attacks & illegal structured query attacks.
منابع مشابه
User Authentication Method against SQL Injection Attacks
The Internet and web applications are playing very important role in our today’s modern day life. Most of the web applications use the database as a back end to store critical information. SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. De...
متن کاملAn Approach to Detect and Prevent SQL Injection Attacks in Database Using Web Service
SQL injection is an attack methodology that targets the data residing in a database through the firewall that shields it. The attack takes advantage of poor input validation in code and website administration. SQL Injection Attacks occur when an attacker is able to insert a series of SQL statements in to a ‘query’ by manipulating user input data in to a web-based application, attacker can take ...
متن کاملThe Multi-Tier Architecture for Developing Secure Website with Detection and Prevention of SQL-Injection Attacks
SQL injection is an attack methodology that targets the data residing in a database. The attack takes advantage of poor input validation in code and website administration. SQL Injection Attacks occur when an attacker is able to insert a series of SQL statements into a ‘query’ by manipulating user input data into a web-based application, an attacker can take advantages of web application progra...
متن کاملWeb Security by Preventing SQL Injection Using Encryption in Stored Procedures
SQL Injection attacks target databases that are accessible through a web front-end, and take advantage of flaws in the input validation logic of Web components such as CGI scripts. SQL Injection attacks can be easily prevented by applying more secure authentication schemes in login phase itself. In this paper we are going to prevent SQLIA (SQL Injection Attacks) by using encryption in Stored Pr...
متن کاملSQL-Based Fuzzy Query Mechanism Over Encrypted Database
With the development of cloud computing and big data, data privacy protection has become an urgent problem to solve. Data encryption is the most effective way to protect privacy; however, it will change the data format and result in: 1. database structure and application software will be changed; 2. structured query language (SQL) operations cannot work properly, especially in SQL-based fuzzy q...
متن کامل