Please explain SQL Ingestion with a example?

295 pts.
Tags:
SQL Server integration/interoperability
SQL Server security
Please explain SQL Ingestion with a example?

Answer Wiki

Thanks. We'll let you know when a new response is added.

Most of the applications are in the client server architecture, these applications use a database to store and retrive data to be displayed, etc.,

For example when a web portal (or applicaiton) registers a new user it uses a form to accept user data like name, date of birth, etc.,
These data is then stored into the backend database through SQL queries in the program.

Like
INSERT INTO USERS (`user_name`,`user_password`) VALUES (‘andrea123′,’mypassword’)

The values provided in the form by the users in the above example would be andrea123 and mypassword (as username and password).

And similarly when a user logs into the system into the application, the query would be somethign like this

SELECT user_name,user_password FROM USERS WHERE user_name=andrea123 AND user_password=’mypassword’

If a users enters his password as
mypassword AND 1=(SELECT * FROM USERS)

The SQL statement becomes
SELECT FROM USERS user_name,user_password WHERE user_name=andrea123 AND user_password=’mypassword” AND 1=(SELECT * FROM USERS)

The above statement selects and displays the entire content of the table users.
The above can be acheived if the user successfully guesses the table name (which may not be difficult).

Thus an <b>SQL injection</b> is
“subset of the an unverified/unsanitized user input vulnerability (“buffer overflows” are a different subset), and the idea is to convince the application to run SQL code that was not intended” (reference <a href=”http://www.unixwiz.net/techtips/sql-injection.html”>SQL Injection Attacks by Example</a>)

The above url helps you to better understand various scenarios on the same vulnerability and different things an user can acheive which was not intended by the actual applications programmers.

Hop the above helps

Note that the correct term is ‘<b>SQL Injection</b>’ (not ingestion).

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following