New technique threatens databases.
Edited by Zeid Nasser Database security expert David Litchfield David Litchfield (born 1975) is a renowned security expert from the United Kingdom, who focuses on the discovery and publication of computer security vulnerabilities with a special focus on database server software. has published details of a new type of database attack technique. Lateral SQL injection SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not creates a means for hackers to access database data or inject in·ject
1. To introduce a substance, such as a drug or vaccine, into a body part.
2. To treat by means of injection. hostile code onto vulnerable systems. Exploitation is difficult and only possible in limited circumstances, Litchfield notes. Nonetheless, the discovery of the approach - a variant on earlier attack methods - means that database admins can no longer consider DATE or NUMBER data types safe from attack. Lateral SQL injection is a variant of SQL injection attacks, one of the most common methods for attacking database systems. SQL injection attacks involve attempts by hackers to trick database servers into running SQL SQL
in full Structured Query Language.
Computer programming language used for retrieving records or parts of records in databases and performing various calculations before displaying the results. commands, typically after crackers use vulnerabilities to inject character strings onto databases. Lateral SQL injections are a variant of the theme that use other forms of data - DATE and NUMBER data types. These attacks relate to Procedural Language/SQL (language) Procedural Language/SQL - (PL/SQL) Oracle Corporation's proprietary procedural language extension of industry-standard SQL. programming language used by Oracle developers, and involves the possible development of exploits that involve hostile DATE or even NUMBER data types instead of user input. A*New technique threatens databases
2003 Jordan Press & publishing Co. All rights reserved.
Provided by Syndigate.info an Albawaba.com company