Why Are SQL Injections Still A Problem In This Day And Age?

When we think about some of the greatest problems of our times they are usually magnified not by the size of the initial destruction but for its ability to come back. When we looked at the horrors of World War I we thought that humanity had learned its lesson and we would never have to go through something like that again. That was of course not the case and the next struggle was with emergence of World War II. When we think about some of the worst diseases that have ravaged mankind, again they are ones that have killed people over time and not just in one fare swoop. So when you have a problem that keeps on persisting, no matter how benign it originally might seem, it can be one that can do an untold amount of damage.

This is what we see in some of the computer problems that we come across every day. It is not that the problems are hard to solve. The problem lays in the fact that we cannot get rid of them permanently no matter which solution that we try. The problem keeps popping up over and over again. Even though you will see a lot of resources thrown at the problem it still comes up and we will still see it in the wild.

One good example of this is SQL injections. Even though it is a simple problem to avoid, it still shows up in quite a lot of places. There has been programmer education and new libraries introduced into programming packages to be able to combat the problem but somehow it still seems to show up. It shows up so much that you start to wonder if anything can be done to stop it. Black hat hackers are having a field day and all you can do is sit still and put out the fires.

Why Are SQL Injections Still A Problem In This Day And Age?

What is an SQL injection attack?

If you are new to programming or network security then you might not know what a SQL injection attack is exactly. And that is part of the problem. A lot of the code that is being written is put out there by people who do not know the basics in security paradigms. It is still not taught seriously enough where people get educated in learning how to program.

Well to answer the initial question, a SQL injection attack is when you use a spot on a web page or an application that connects to the web, which allows you to control the server in the background. This spot is usually a form where the user has to place input so that the server can collect his or her information. Normally the data that goes through this form is benign and would not hurt anyone. But a black hat hacker who knows what they are doing can manipulate the data that is being inputted into a command that will tell the database server what to do. They can cause damage by erasing the entire database or collect information by making the database spill out data that it is not supposed to. Either result is not something that you want the database to be able to do.

How do you stop SQL injection attacks?

The reason why it so frustrating that SQL injection attacks still happen is because they are so easy to stop. You would think that after all of this time that people would get the message and start to teach young programmers how to avoid security problems such as this. Also you would think that people who have legacy code in their servers would go back and take a look to see if there are any spots that deem themselves vulnerable. But no, this does not happen and we still have a lot of problems from SQL injection attacks.

But to stop it, all you have to do is to sanitize the input that comes into the server. In simple terms this means that any piece of data that is brought in by a human means needs to be checked. Once it is checked it can then be allowed to commence the command that it was trying to do. If it fails the check then it should be kicked out into the cold. In most mainstream programming languages these days there are security checks for these types of problems and all it would take is for programmers to implement them.

If you want to stop a problem then education and persistence is the key. You should make sure that all the code you right basic at least the most basic of security checks. Once you do that then at least 99% of your security problems will go away.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind

*