Like the SQL injection attack, you can often easily deal with the threat if you follow best practices to develop secure applications.
与SQL注入攻击类似,如果使用最佳实践开发安全的应用程序,通常可以轻松地处理该威胁。
This method removes the potential for an SQL injection attack.
这种方法消除了SQL注入攻击的可能性。
Also, by using static SQL you reduce the opportunity for malicious injection, which is a well-known security issue with dynamic SQL.
另外,通过使用静态SQL,您可以降低恶意注入的机会,这是动态sql的一个众所周知的安全问题。
Also, by using static SQL, you reduce the opportunity for malicious injection, which is a well-known security issue with dynamic SQL.
另外,通过使用静态SQL,您可以降低恶意注入的机会,这是动态sql的一个众所周知的安全问题。
Here is how an SQL injection works: First, assume an SQL statement accepts user-supplied data to look up a team member's contact information from a database without input validation rules.
下面是SQL注入的工作方式:首先,假设一条sql语句接受用户提供的数据,没有输入确认规则就可在数据库中查找团队成员的联系信息。
This removes the need to do preparation at runtime and can reduce SQL injection risk.
这样就无需在运行时执行准备工作,且可以减少SQL注入风险。
An attacker may use directory traversal and cross-site ccripting during a scan phase and then hit it with an SQL injection or an RFI in the exploit phase.
在扫描阶段,攻击者可能会利用路径遍历和跨站点脚本;在攻击阶段,黑客可能会利用SQL注入或远程文件包含进行攻击。
Doing so makes the SQL easier to maintain and secures your application from SQL injection attacks.
这样做可使SQL更加易于维护,且可使您的应用程序免受SQL注入攻击。
Blind SQL injection attacks are a well know and recognized form of code injection attack, but there are many other forms, some not so well documented or understood.
SQL盲注攻击是一种为人熟知的代码注入攻击形式,但是也有很多其他形式,有些尚未得到很好的记载和了解。
SQL injection attacks are a vulnerability that tend to hurt high-value sites.
SQL注入攻击是一个可能会损害高价值站点的漏洞。
Protection against more elaborate attacks such as SQL injection and Dictionary attacks require more customized configuration, such as user-defined dictionaries containing allowable syntax.
保护免受更复杂的攻击(如SQL注入和字典攻击)需要更多自定义的配置,如用户自定义字典所允许的语法。
By supporting parameterized statements, you exploit the advanced features provided by these, like access path reuse and SQL injection prevention.
由于支持参数化语句,您可以利用这种语句提供的高级特性,例如访问路径重用和SQL注入预防。
In addition to the overflow exploits, SQL injection is one other type of attack that relies on developer oversight by not testing incoming data.
除了溢出的利用以外,SQL注入是另一类依赖于开发人员没测试输入数据的疏漏的攻击。
Although this example demonstrates an SQL injection in its simplest form, you can see just how easy it is for an attacker to use.
尽管本例以最简单的形式演示了一个SQL注入,但是您可以看出攻击者利用SQL注入有多么容易。
In an SQL injection attack, a program creates an SQL command and sends it to an SQL interpreter.
在SQL注入攻击中,程序会创建一个SQL命令,并将其发送给SQL解释器。
In some cases, this may be as easy as going to the right URL or executing a SQL injection, while in other cases it may require much more effort on behalf of an attacker.
在某些情况下,这可能和达到正确的URL或执行SQL注入一样简单,而在其他情况下,它可能需要比黑客多得多的工作。
A SQL injection vulnerability occurs when a user is able to pass SQL code directly to the application in such a way that the code will be executed in a query.
如果用户能够将SQL代码直接传递给应用程序,此代码将在一个查询中执行,那么就可能发生SQL注入攻击。
Many intrusion vulnerabilities such as SQL injection, CSRF, and XSS are preventable using a comprehensive input-validation framework.
如果使用一个综合的输入验证框架,许多输入漏洞,如SQL注入、CSRF和XSS,都是可以避免的。
SQL injection is still one of the most common types of an injection flaw.
SQL注入仍然是最常见的一种注入缺陷。
SQL injection is a technique which enables an attacker to execute unauthorized SQL commands by taking advantage of non-scrutinized input opportunities in applications that build dynamic SQL queries.
SQL注入这种技术使攻击者可以利用应用程序中未仔细检查的输入机会来执行未经授权的SQL命令,而应用程序的本意是使用该输入来构造动态sql查询。
SQL injection is the second most popular vulnerability, primarily because of the growing dependence Web sites have on databases.
SQL注入是第二个最流行的漏洞,这主要是因为Web站点对数据库的依赖性日益增加。
The software can also be scanned for security issues, such as cross-site scripting and Structured Query Language (SQL) injection vulnerabilities.
软件还可以扫描安全性问题,例如跨站点的脚本以及StructuredQueryLanguage (SQL)注射脆弱性。
SQL injection is essentially the same problem as the shell meta-character one, but with an SQL interpreter instead of the shell.
SQL注入本质上与shell元字符的问题是相同的,不过它是由SQL解释器进行解释的,而不是由shell进行解释的。
Editable Data Validation - HDIV analyzes all editable fields to remove cross-site scripting and SQL injection attacks.
可编辑数据验证——为了去除跨站点脚本和SQL注入攻击,HDIV分析所有的可编辑数据域。
If a less-than-careful developer entered the text from Listing 5 (in the hopes of embedding the values directly), the call would be exposed to SQL injection attacks.
如果一位粗心大意的开发人员输入了清单5中的文本(以便直接嵌入值),这个调用将面临SQL注入攻击的风险。
Prevent SQL injection in applications.
防止应用程序中的SQL注入。
Does Structured Query Language (SQL) injection fail?
结构化查询语言(Structured Query Language,SQL)注入是否失败?
SQL and XML injection to the server.
对服务器的SQL和XML注入。
Using the Hacme Casino site again, let's look at the vulnerability that WebScarab found: an SQL injection exploit at the login.
再次使用Hacme Casino站点,我们来看一下WebScarab发现的漏洞:在登录时出现一个SQL注入exploit。
In an SQL injection attack, Mallory finds a Web site that Alice has created to sell electronics.
在SQL注入攻击中,Mallory找到Alice创建来售电的一个Web站点。
应用推荐