Printer Friendly
The Free Library
22,725,466 articles and books

New technique threatens databases.



Edited by Zeid Nasser Database security expert David Litchfield David Litchfield (born 1975) is a renowned security expert from the United Kingdom, who focuses on the discovery and publication of computer security vulnerabilities with a special focus on database server software.  has published details of a new type of database attack technique. Lateral SQL injection SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not  creates a means for hackers to access database data or inject in┬Ěject
v.
1. To introduce a substance, such as a drug or vaccine, into a body part.

2. To treat by means of injection.
 hostile code onto vulnerable systems. Exploitation is difficult and only possible in limited circumstances, Litchfield notes. Nonetheless, the discovery of the approach - a variant on earlier attack methods - means that database admins can no longer consider DATE or NUMBER data types safe from attack. Lateral SQL injection is a variant of SQL injection attacks, one of the most common methods for attacking database systems. SQL injection attacks involve attempts by hackers to trick database servers into running SQL SQL
 in full Structured Query Language.

Computer programming language used for retrieving records or parts of records in databases and performing various calculations before displaying the results.
 commands, typically after crackers use vulnerabilities to inject character strings onto databases. Lateral SQL injections are a variant of the theme that use other forms of data - DATE and NUMBER data types. These attacks relate to Procedural Language/SQL (language) Procedural Language/SQL - (PL/SQL) Oracle Corporation's proprietary procedural language extension of industry-standard SQL.  programming language used by Oracle developers, and involves the possible development of exploits that involve hostile DATE or even NUMBER data types instead of user input. A*New technique threatens databases

2003 Jordan Press & publishing Co. All rights reserved.

Provided by Syndigate.info an Albawaba.com company
COPYRIGHT 2008 Al Bawaba (Middle East) Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2008 Gale, Cengage Learning. All rights reserved.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Publication:The Star (Amman, Jordan)
Date:May 5, 2008
Words:198
Previous Article:Jordan Insurance Co. goes live with ESKADENIA E-insurance and ERP products.
Next Article:Saudi blogger freed after 4 months in Jail.
Topics:

Terms of use | Copyright © 2014 Farlex, Inc. | Feedback | For webmasters