- Hands-On RESTful Web Services with Go
- Naren Yellavula
- 394字
- 2021-06-24 17:04:27
SQL injection in URLs and ways to avoid them
SQL injection is a process of attacking a database with malicious scripts. If one is not careful when defining URL routes, there may be an opportunity for SQL injection. These attacks can happen for all kinds of REST operations. For example, if we are allowing the client to pass parameters to the server, then there is a chance for an attacker to append an ill-formed string to those parameters. If we are using those variables/parameters directly into an SQL query executing on our database, it could lead to a potential vulnerability.
Look at the following Go code snippet that inserts username and password details into the database. It collects values from an HTTP POST request and appends raw values to the SQL query:
username := r.Form.Get("id")
password := r.Form.Get("category")
sql := "SELECT * FROM article WHERE id='" + username + "' AND category='" + password + "'"
Db.Exec(sql)
In the snippet, we are executing a database SQL query, but since we are appending the values directly, we may include malicious SQL statements such as -- comments and ORDER BY n range clauses in the query:
?category=books&id=10 ORDER BY 10--
If the application returns the database response directly to the client, it can leak information about the columns the table has. An attacker can change the ORDER BY to another number and extract sensitive information:
Unknown column '10' in 'order clause'
We will see more about this in our upcoming chapters where we build fully-fledged REST services with other methods, such as POST, PUT, and so on:
Now, how to avoid these injections. There are several precautions:
- Set the user level permissions to various tables in the database
- Log the requests and find the suspicious ones
- Use the HTMLEscapeString function from Go's text/template package to escape special characters in the API parameters, such as body and path
- Use a driver program instead of executing raw SQL queries
- Stop relaying database debug messages back to the client
- Use security tools such as sqlmap to find out vulnerabilities
With the basics of routing and security covered, in the next section we present an interesting challenge for the reader. It is to create a URL shortening service. We provide all the background details briefly in the next section.
- Vue 3移動Web開發與性能調優實戰
- Hands-On Image Processing with Python
- 程序員面試筆試寶典
- Flink SQL與DataStream入門、進階與實戰
- HTML5+CSS3基礎開發教程(第2版)
- Servlet/JSP深入詳解
- Silverlight魔幻銀燈
- Mastering Yii
- Bootstrap 4:Responsive Web Design
- 計算機應用基礎實踐教程
- 響應式Web設計:HTML5和CSS3實戰(第2版)
- 從程序員角度學習數據庫技術(藍橋杯軟件大賽培訓教材-Java方向)
- Angular Design Patterns
- AI自動化測試:技術原理、平臺搭建與工程實踐
- 微前端設計與實現