The most popular hacking tactic is with SQL injections. What this does is that it manipulates the code and from only one data display it displays all information under that column. An example from our tutor was showed and explained in detail of how this works.
This is an example of an SQL injection where instead of David one writes or 1 which means to display all data since all data is 1.
$query = "SELECT * FROM students WHERE empname='David'";
The above query can be exploited as:
$query = "SELECT * FROM students WHERE empname='' or '1'";
In order to avoid such attacks one must take precautions. Errors must be hidden for the public or personally changed to codes that only you can understand and limit the privileges on the database of commands like drop. mysql_escape_string was used from my side to prevent.
Another security concern should be the password of the user. Blowfish is an encryption system that is very simple to use yet efficient. It encrypts the password to mixture of characters that no has yet manage to unveil. Companies used Blowfish and have edited to increase super extra security to it.
Hackers also aims for cookies to steal. Online cookies have data built in them all about the users. In order to prevent stealing of cookies one should create a time window when it expires and a key. This way a prevention is added.
No comments:
Post a Comment