Preventing SQLIA

Question

davy_yg 2 Posting Whiz

5 Years Ago

How to prevent Illegel/ Logically Incorrect Queries?

Illegal/Logically Incorrect Queries

1)Original
URL:http://www.arch.polimi.it/eventi/?id_nav=886
2)SQLInjection:
http:/`/www.arch.polimi.it/eventi/?id_nav=8864'
3) Error message showed:
SELECT name FROM Employee WHERE id =8864\' from
the message error we can find out name of table and fields:
name; Employee; id. By the gained information attacker can
arrange more strict attacks

Should I hide the error message into 404 - Error instead of showing all of them? or is there any other method to prevent this?

security

2 Contributors
1 Reply
422 Views
12 Hours Discussion Span
Latest Post 5 Years Ago Latest Post by rproffitt

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

rproffitt 2,565 "Nothing to see here." Moderator · Answer 1 · 2018-07-15T17:17:30+00:00

@D, how many posts/discussions do you have open on SQLIA? My answer is too many.