官术网_书友最值得收藏!

SQL injection in URLs and ways to avoid them

SQL injection is a process of attacking a database with malicious scripts. If one is not careful when defining URL routes, there may be an opportunity for SQL injection. These attacks can happen for all kinds of REST operations. For example, if we are allowing the client to pass parameters to the server, then there is a chance for an attacker to append an ill-formed string to those parameters. If we are using those variables/parameters directly into an SQL query executing on our database, it could lead to a potential vulnerability.

Look at the following Go code snippet that inserts username and password details into the database. It collects values from an HTTP POST request and appends raw values to the SQL query:

username := r.Form.Get("id")
password := r.Form.Get("category")
sql := "SELECT * FROM article WHERE id='" + username + "' AND category='" + password + "'"
Db.Exec(sql)

In the snippet, we are executing a database SQL query, but since we are appending the values directly, we may include malicious SQL statements such as -- comments and ORDER BY n range clauses in the query:

?category=books&id=10 ORDER BY 10--

If the application returns the database response directly to the client, it can leak information about the columns the table has. An attacker can change the ORDER BY to another number and extract sensitive information:

Unknown column '10' in 'order clause'

 We will see more about this in our upcoming chapters where we build fully-fledged REST services with other methods, such as POST, PUT, and so on:

Now, how to avoid these injections. There are several precautions:

  • Set the user level permissions to various tables in the database
  • Log the requests and find the suspicious ones
  • Use the HTMLEscapeString function from Go's text/template package to escape special characters in the API parameters, such as body and path 
  • Use a driver program instead of executing raw SQL queries
  • Stop relaying database debug messages back to the client
  • Use security tools such as sqlmap to find out vulnerabilities

With the basics of routing and security covered, in the next section we present an interesting challenge for the reader. It is to create a URL shortening service. We provide all the background details briefly in the next section.

主站蜘蛛池模板: 隆化县| 新郑市| 三原县| 阳西县| 秀山| 永春县| 日照市| 文化| 灯塔市| 阿尔山市| 西和县| 托克逊县| 沂南县| 民和| 隆回县| 梁平县| 鸡泽县| 青岛市| 伊宁县| 石楼县| 海门市| 昆明市| 台中县| 桑日县| 稻城县| 什邡市| 和平县| 茂名市| 常州市| 长兴县| 南丹县| 蓬安县| 营山县| 前郭尔| 江北区| 根河市| 荆州市| 隆子县| 织金县| 禄丰县| 长武县|