官术网_书友最值得收藏!

SQL injection in URLs and ways to avoid them

SQL injection is a process of attacking a database with malicious scripts. If one is not careful when defining URL routes, there may be an opportunity for SQL injection. These attacks can happen for all kinds of REST operations. For example, if we are allowing the client to pass parameters to the server, then there is a chance for an attacker to append an ill-formed string to those parameters. If we are using those variables/parameters directly into an SQL query executing on our database, it could lead to a potential vulnerability.

Look at the following Go code snippet that inserts username and password details into the database. It collects values from an HTTP POST request and appends raw values to the SQL query:

username := r.Form.Get("id")
password := r.Form.Get("category")
sql := "SELECT * FROM article WHERE id='" + username + "' AND category='" + password + "'"
Db.Exec(sql)

In the snippet, we are executing a database SQL query, but since we are appending the values directly, we may include malicious SQL statements such as -- comments and ORDER BY n range clauses in the query:

?category=books&id=10 ORDER BY 10--

If the application returns the database response directly to the client, it can leak information about the columns the table has. An attacker can change the ORDER BY to another number and extract sensitive information:

Unknown column '10' in 'order clause'

 We will see more about this in our upcoming chapters where we build fully-fledged REST services with other methods, such as POST, PUT, and so on:

Now, how to avoid these injections. There are several precautions:

  • Set the user level permissions to various tables in the database
  • Log the requests and find the suspicious ones
  • Use the HTMLEscapeString function from Go's text/template package to escape special characters in the API parameters, such as body and path 
  • Use a driver program instead of executing raw SQL queries
  • Stop relaying database debug messages back to the client
  • Use security tools such as sqlmap to find out vulnerabilities

With the basics of routing and security covered, in the next section we present an interesting challenge for the reader. It is to create a URL shortening service. We provide all the background details briefly in the next section.

主站蜘蛛池模板: 和龙市| 张家港市| 嘉祥县| 全椒县| 长治市| 吉隆县| 原阳县| 隆化县| 布拖县| 金湖县| 天全县| 盐山县| 老河口市| 宜黄县| 宝山区| 雅江县| 大连市| 海宁市| 东莞市| 阜南县| 民县| 呈贡县| 丹凤县| 延庆县| 靖江市| 五原县| 安达市| 靖安县| 江山市| 额济纳旗| 阜阳市| 丰镇市| 江达县| 新田县| 安达市| 德昌县| 济宁市| 湾仔区| 崇州市| 延津县| 莎车县|