CSC309 TA: Sukwon Oh
Security
CSC309 TA: Sukwon Oh
Outline
¡ñ
¡ñ
¡ñ
¡ñ
¡ñ
¡ñ
SQL Injection
NoSQL Injection (MongoDB)
Same Origin Policy
XSSI
XSS
CSRF (XSRF)
SQL Injection
What is SQLI?
¡ñ Malicious user input is injected into SQL
statements and evaluated by RDBMS
SQL Injection
SQL stmts consists of 2 things:
¡ñ control structure
¡ð SELECT, INSERT, WHERE, DELETE, ¡
¡ñ data values
¡ð 1, 2, 3, ¡, ¡°str1¡±, ¡°str2¡±, ¡°str3¡±, ¡
SQL Injection
Web applications typically contain control part
of SQL statements
sql_query = "SELECT pizza, toppings, quantity, order_day " +
"FROM orders " +
"WHERE userid=" + session.getCurrentUserId() + " " +
"AND order_month=" + request.getParameter("month");
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.