- Hands-On RESTful Web Services with Go
- Naren Yellavula
- 394字
- 2021-06-24 17:04:27
SQL injection in URLs and ways to avoid them
SQL injection is a process of attacking a database with malicious scripts. If one is not careful when defining URL routes, there may be an opportunity for SQL injection. These attacks can happen for all kinds of REST operations. For example, if we are allowing the client to pass parameters to the server, then there is a chance for an attacker to append an ill-formed string to those parameters. If we are using those variables/parameters directly into an SQL query executing on our database, it could lead to a potential vulnerability.
Look at the following Go code snippet that inserts username and password details into the database. It collects values from an HTTP POST request and appends raw values to the SQL query:
username := r.Form.Get("id")
password := r.Form.Get("category")
sql := "SELECT * FROM article WHERE id='" + username + "' AND category='" + password + "'"
Db.Exec(sql)
In the snippet, we are executing a database SQL query, but since we are appending the values directly, we may include malicious SQL statements such as -- comments and ORDER BY n range clauses in the query:
?category=books&id=10 ORDER BY 10--
If the application returns the database response directly to the client, it can leak information about the columns the table has. An attacker can change the ORDER BY to another number and extract sensitive information:
Unknown column '10' in 'order clause'
We will see more about this in our upcoming chapters where we build fully-fledged REST services with other methods, such as POST, PUT, and so on:
Now, how to avoid these injections. There are several precautions:
- Set the user level permissions to various tables in the database
- Log the requests and find the suspicious ones
- Use the HTMLEscapeString function from Go's text/template package to escape special characters in the API parameters, such as body and path
- Use a driver program instead of executing raw SQL queries
- Stop relaying database debug messages back to the client
- Use security tools such as sqlmap to find out vulnerabilities
With the basics of routing and security covered, in the next section we present an interesting challenge for the reader. It is to create a URL shortening service. We provide all the background details briefly in the next section.
- Android開發精要
- Practical UX Design
- Oracle從新手到高手
- Java從入門到精通(第4版)
- 新編Premiere Pro CC從入門到精通
- Expert Android Programming
- Hands-On Full Stack Development with Go
- Python深度學習:基于TensorFlow
- Python算法指南:程序員經典算法分析與實現
- Babylon.js Essentials
- Flink技術內幕:架構設計與實現原理
- Java 11 and 12:New Features
- 大話代碼架構:項目實戰版
- 輕松學Scratch 3.0 少兒編程(全彩)
- Mastering Responsive Web Design