Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Authentication. SQL Injection Many web developers are unaware of how SQL queries can be tampered with SQL queries are able to circumvent access.

Published byDulcie Tucker Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Authentication. SQL Injection Many web developers are unaware of how SQL queries can be tampered with SQL queries are able to circumvent access."— Presentation transcript:

1 Secure Authentication

2 SQL Injection Many web developers are unaware of how SQL queries can be tampered with SQL queries are able to circumvent access controls If you ever take raw user input and insert it into a database, you may have opened yourself to SQL Injection

3 SQL Injection SQL queries can be tampered with Username: Password:

4 What Is SQL Injection? SQL injection refers to the act of someone inserting a MySQL statement to be run on your database without your knowledge. Injection usually occurs when you ask a user for input, like their name, and instead of a name they give you a MySQL statement that you will unknowingly run on your database.

5 Typical User Authentication // a good user's name $name = "timmy"; $query = "SELECT * FROM users WHERE username = '$name'"; echo "Normal: ". $query. " "; Normal: SELECT * FROM users WHERE username = 'timmy‘ Injection: SELECT * FROM customers WHERE username = '' OR 1'' The normal query is no problem, as our MySQL statement will just select everything from customers that has a username equal to timmy. However, the injection attack has actually made our query behave differently than we intended. By using a single quote (') they have ended the string part of our MySQL query username = ' ' and then added on to our WHERE statement with an OR clause of 1 (always true). username = ' ' OR 1 This OR clause of 1 will always be true and so every single entry in the "customers" table would be selected by this statement! What about this injection? DELETE FROM customers WHERE 1 or username = '"

6 Prevention Lucky for you, this problem has been known for a while and PHP has a specially-made function to prevent these attacks. All you need to do is use the mouthful of a function mysql_real_escape_string. What mysql_real_escape_string does is take a string that is going to be used in a MySQL query and return the same string with all SQL Injection attempts safely escaped. Basically, it will replace those troublesome quotes(') a user might enter with a MySQL-safe substitute, an escaped quote \'.

7 More Prevention Check the length of strings for usernames and passwords Check for certain unwanted punctuation for all user input

8 Don’t Store Passwords Another common problem is stored passwords Hackers would love to get their hands on your list of passwords There is no need to store passwords when you can use a one-way hash One-way hash the password and only store the hash value

9 Don’t Store Passwords If the hacker gets his/her hands on the hash value they cannot derive the password More on PHP password hashing: http://php.net/manual/en/faq.passwords.php

Download ppt "Secure Authentication. SQL Injection Many web developers are unaware of how SQL queries can be tampered with SQL queries are able to circumvent access."

Similar presentations

Module XIV SQL Injection

Module XIV SQL Injection
PHP SQL. Connection code:- mysql_connect(server, username, password); Connect to the Database Server with the authorised user and password. Eg $connect.

PHP SQL. Connection code:- mysql_connect("server", "username", "password"); Connect to the Database Server with the authorised user and password. Eg $connect.
Understand Database Security Concepts

Understand Database Security Concepts
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.

-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.
Introduction The concept of “SQL Injection”

Introduction The concept of “SQL Injection”
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
SQL Injection Attacks Prof. Jim Whitehead CMPS 183: Spring 2006 May 17, 2006.

SQL Injection Attacks Prof. Jim Whitehead CMPS 183: Spring 2006 May 17, 2006.
1. What is SQL Injection 2. Different varieties of SQL Injection 3. How to prevent it.

1. What is SQL Injection 2. Different varieties of SQL Injection 3. How to prevent it.
Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.

Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.
Encrypted Passwords. your_password + username $u = crypt ( your_password ) PHP insert username + $u SQL MySQL database username | encrypted password username.

Encrypted Passwords. your_password + username $u = crypt ( your_password ) PHP insert username + $u SQL MySQL database username | encrypted password username.
SQL-Injection attacks Damir Lizdek & Dan Rundlöf Language-based security.

SQL-Injection attacks Damir Lizdek & Dan Rundlöf Language-based security.
SQL Injection Attacks CS 183 : Hypermedia and the Web UC Santa Cruz.

SQL Injection Attacks CS 183 : Hypermedia and the Web UC Santa Cruz.
{ Code Injection Cable Johnson.  Overview  Common Injection Types  Developer Prevention Code Injection.

{ Code Injection Cable Johnson.  Overview  Common Injection Types  Developer Prevention Code Injection.
PHP-MySQL By Jonathan Foss. PHP and MySQL Server Web Browser Apache PHP file PHP MySQL Client Recall the PHP architecture PHP can communicate with a MySQL.

PHP-MySQL By Jonathan Foss. PHP and MySQL Server Web Browser Apache PHP file PHP MySQL Client Recall the PHP architecture PHP can communicate with a MySQL.
Preventing SQL Injection ~example of SQL injection $user = $_POST[‘user’]; $pass = $_POST[‘pass’]; $query = DELETE FROM Users WHERE user = ‘$user’ AND.

Preventing SQL Injection ~example of SQL injection $user = $_POST[‘user’]; $pass = $_POST[‘pass’]; $query = DELETE FROM Users WHERE user = ‘$user’ AND.
Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.

Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.
SJSU CS157B Dr. Lee1  2004 Jenny Mitchell Two Useful Tools You Can’t Live Without by Jenny Mitchell SJSU CS157B Section 1 09-21-04 PHP and MySQL.

SJSU CS157B Dr. Lee1  2004 Jenny Mitchell Two Useful Tools You Can’t Live Without by Jenny Mitchell SJSU CS157B Section PHP and MySQL.
PHP Security.

PHP Security.
MIS 5211.001 Week 11 Site:

MIS Week 11 Site:
Databases with PHP A quick introduction. Y’all know SQL and Databases  You put data in  You get data out  You can do processing on it very easily 

Databases with PHP A quick introduction. Y’all know SQL and Databases  You put data in  You get data out  You can do processing on it very easily 

Similar presentations

Ads by Google