Monday, January 6, 2020
Web Application Development Techniques For Database Security
Web Application Development Techniques for Database Security Databases are a core component of many web applications. The number of web applications that use databases continues to increase each year, and the rate at which malicious users are hacking into databases is growing at an alarming rate. The hackerââ¬â¢s intent is to destroy data or steal sensitive information such as credit card numbers, social security numbers, and passwords. This produces a strong need to ensure the integrity of the data and secure the data from unintended access. As a web developer, there are many techniques that can be used to program security into a web application to lessen the likelihood of a malicious user being able to access confidential information. It isâ⬠¦show more contentâ⬠¦These passwords should be a minimum of 10 alphanumeric characters. A strong password would be one that is short enough to remember, but long enough to make it difficult for others to guess. It takes much longer to randomly guess a long password than a short one. However, w eb developers must be careful about forcing users to create overly complex passwords because this often leads to unsafe practices such as writing down passwords, which then leaves an opportunity for malicious database infiltration. Also, never store passwords in a database in plain text. Any compromise to the database should not allow a userââ¬â¢s data to be put at risk, especially the passwords they use. To solve this problem, passwords and other important data should be encrypted before being stored. SQL Injection It is a common practice in web applications to allow users to enter information into web forms. This user input, unfortunately, opens up the possibility of SQL injection. SQL injection is the most common and well known web application vulnerability. SQL injections can happen when SQL statements are dynamically created when processing user input. It is not difficult for a malicious user to enter SQL directly into the input fields to dynamically change the SQL statement in order to obtain information from the database. The PHP code could look like this: $user_input = ââ¬Å"Lucy ; DROP TABLE CUSTOMERS;--â⬠; $query = ââ¬Å"SELECT username, password FROM CUSTOMERS WHERE
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.