0

How to prevent Illegel/ Logically Incorrect Queries?

Illegal/Logically Incorrect Queries

1)Original
URL:http://www.arch.polimi.it/eventi/?id_nav=886
2)SQLInjection:
http:/`/www.arch.polimi.it/eventi/?id_nav=8864'
3) Error message showed:
SELECT name FROM Employee WHERE id =8864\' from
the message error we can find out name of table and fields:
name; Employee; id. By the gained information attacker can
arrange more strict attacks

Should I hide the error message into 404 - Error instead of showing all of them? or is there any other method to prevent this?

2
Contributors
1
Reply
3
Views
1 Month
Discussion Span
Last Post by rproffitt
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.