Blocking SQL Injection in Database Stored Procedures

Files
Cover Page(8).pdf (31.66 KB)
Chapter Page(1).pdf (387.64 KB)
Date
2010
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Department of Computer Science and Information Technology
Abstract
Web application is described as an application accessible by the web through a network. SQL injection is an attack method used by hackers to retrieve, manipulate,fabricate or delete information in organizations’ relational databases through web applications. Information processed by web applications has become critical tocorporations, customers, organizations, and countries. Several research papers in literature have proposed ways to prevent SQL injection attacks in the application layer by examining dynamic SQL query semantics a trun time. However, very little emphasis is laid on securing stored procedures which could also suffer from SQL injection attacks. Some research papers in literature even refer to stored procedures as a remedy against SQL injection attacks. As storedprocedures reside on the database front, the methods proposed by them cannot beapplied to secure stored procedures themselves. In this research paper, we propose a technique to defend against the attacks targeted at stored procedures.
Description
Keywords
stored procedures , technique
Citation
URI
http://elibrary.tucl.edu.np/handle/20.500.14540/4126
Collections
Computer Science & Information Technology