Amidst the research and engineering in security, database security remains an issue. The hacking process is wireless and is involves codes that the security systems use to protect the databases.
Structure Query Language (SQL) is the program that runs databases. The coded information is standardized globally, although there exists different types of SQL programs. Hackers utilize different hacking tools to login in on the databases. Hackers hack in the databases by changing “the intended effect of an SQL query by inserting new SQL keywords or operators in the query,” (Halfond, Viegas, & Orso, 2006, p. 1). The introduced query is recognized by the security features but works to alter the security system such as the change of administrator password.
Entry of these malicious codes is done through; cookies, hypertext transfer protocol (http) header, or second-order injections. The process of injection is (Halfond, Viegas, & Orso, 2006, p. 2);
- Injection through caches- cache refers to the information stored on user’s device. Malicious hackers’ alter the information stored so that when the user revisits a website, the code stored in cache is downloaded and alters the database according to the hackers’ preference.
- Injection through HTTP- communication between a client and a database is through the HTTP header which conveys the request and feedback instructions. Hackers alter the information in the header, so that when a database downloads the information, the code performs the hacker’s prompt.
- Second-order injection- the attacker inputs the code in the login and other areas. The code manifests itself in another area apart from the point of injection.
Detection and prevention of the attacks is difficult because the programming codes are similar to the attackers’ codes (Halfond, Viegas, & Orso, 2006, p. 5). This relates with the recent hacking of Facebook databases. The attackers were undetected because the scanning techniques cannot detect these codes because they are similar to the engineering codes.
Halfond, W. G., Viegas, J., & Orso, A. (2006). A Classification of SQL Injection Attacks. Proceedings of the IEEE International Symposium on Secure Software Engineering, 1, 1-11. Retrieved from https://www.cc.gatech.edu/fac/Alex.Orso/papers/halfond.viegas.orso.ISSSE06.pdf