I am planning to do my Thesis on SQLIA and now I am trying to understand something about SQLrand.

SQLrand - a system for preventing SQLIA against web servers. The main intuition is that by using a randomized SQL query language, specific to a particular CGI application, it is possible to detect and abort queries that include injected code.

Now, I do not understand how to randomized the SQL query language?


is that how you randomize the SELECT SQL command ?

Please gives me some guidelines.

Thanks in advance.

From your link I read:

Return a random decimal number (no seed value - so it returns a completely random number >= 0 and <1):

Then I read your question about SELECT SQL and do not get how these two SQL commands/functions are related. I certainly found nothing in the SQL documentation that included both.

On top of that, your question about SQLrand "a system" is about "a system" and not the SQL function.

Do you understand that "a system" is not "a function"?

There's an implementation of SQLRand
available on GitHub and you can read the original paper that proposed the idea here.

Personally I think the approach is over complicated and would instead opt for a sane ORM and coding standards that eliminate the angles of attack.

commented: Anti-pattern. Thanks for this. +15