5.6 Figure 5.14 shows a fragment of code that implements the login functionality

Question

5.6 Figure 5.14 shows a fragment of code that implements the login functionality for a database application. The code dynamically builds an SQL query and submits it to a database 1. String login, password, pin, query 2. login= getParameter ("login 3. password- getParameter ("pass") 3. pin getParameter ("pin") ; 4. Connect!n conn .createC nnection ("MyDataBase") 5. query"SELECT accounts FROM users WHERE login-" login + "'AND pass = '" + password + " 'AND pin-"+ pin; 8. Resultset result-conn.executeQuery (query) 9. if (result !=NULL) 10 11 else 12 displayAccounts (result): displayAuthFailed (); Figure 5.14 Code for Generating an SQL Query a Suppose a user submits login, password, and pin as doe, secret, and 123. Show the SQL query that is generated b. Instead, the user submits for the login field the following or 1 1 What is the effect?

Explanation / Answer

Answer)

a) User submits login as "doe", password as "secret" and pin as "123".

Then the resulting SQL query would be:

SELECT accounts FROM users WHERE login='doe' AND

pass='secret' AND

pin='123';

This query results from the query that is formed by the programming.

b) User submits for the login field: ' or 1=1.

This is called a SQL injection attack, where the query formed will be:

SELECT accounts FROM users WHERE login='doe' OR 1=1 AND

pass='secret' AND

pin='123';

' OR 1=1 is the part is appended to username doe.

This as 1=1 holds true, the user will get access and the attack will be successful.

In short using such a query or login, using SQL injection attack techniques as above, attackers can gain access to user accounts easily. In this case, the username will not be checked if it not matches, as 1=1 is always true and ' brace is used to close the string earlier.

Related Questions

Navigate

• Browse (All)
• Browse 5
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.