It's funny how little coincidences play out from time to time in our lives. I was just listening to JK Rowling's "A Casual Vacancy" on audiobook in which some teenagers inadvertently learn about SQL injections at school from a computer teacher's slip of the tongue. Several of them later decide to expose the brutal hypocrisy of their parents by hacking their small town parish council website and baring family secrets to the world.
Naturally, when I returned home from my roadtrip to catch up on my work I saw that we would be diving in to SQL this week, and that injections was one of the tech blog topics, I was amused.
As the above fictional example shows, SQL injections are a common way for hackers to exploit a databases weaknesses if its not set up properly. They are common for two reasons:
In the book, the teens use SQL statements in the login screen to retrieve the username and password of a recently deceased council member. Once the login information was secured, they had admin access to post under someone elses name on the site.
Of course, SQL injections can be far more harmful than damaging the pride of local citizens. They can be used to alter or even drop large swaths of data in a database. For more sensitive information, say medical records, bank records, or online payment forms, this could be a big problem.Imagine all the forms online that ask for a credit card number of a social security number. A hacker could wreak serious harm with either of these pieces of information.
In more technical terms, SQL injection refers to an attempt by a user pass SQL statements directly to an online form. These statements then have the potential to alter the SQL query that has access to the database. Think of all the ways in which web browsers and websites allow user input to query a database. Without proper protection all it takes is some guesswork as to the appropriate table and column names and the right line of code.
One of the most common hacks looks like this. Let's say a form asks for a username. If the user passes a userid "1012 or 1=1" the SQL query might look something like this: SELECT * FROM users WHERE userid = 1012 or 1=1. Since 1 does in fact equal 1 and we are looking at a boolean operator, this would return true even if there was no userid 1012.
Fortunately there are ways to prevent these simple hacks.
Coming Soon!
Copyright Jordan M. Schreuder 2014