As a guest user you are not logged in or recognized by your IP address. You have
access to the Front Matter, Abstracts, Author Index, Subject Index and the full
text of Open Access publications.
Databases are essential to modern-day web applications. Structured Query Language (SQL) used to retrieve information from relational database is prone to injection attack by a malicious user. Losing access to application database destroys all credibility for the organization. Mitigating against SQL injection attacks is a critical concern. This paper proposes a methodology for the safe flow of SQL query from the user layer to the database layer. The proposed methodology uses the process of client-side input sanitization to validate user input before a dynamic SQL query is constructed. On the server-side, another process provides server-side query sanitization to ensure a full-proof validation of the SQL query before it is run on the database. The client-side input sanitization process is presented in the paper. On comparison with related methodologies, the proposed methodology is robust, lightweight, and fast.
This website uses cookies
We use cookies to provide you with the best possible experience. They also allow us to analyze user behavior in order to constantly improve the website for you. Info about the privacy policy of IOS Press.
This website uses cookies
We use cookies to provide you with the best possible experience. They also allow us to analyze user behavior in order to constantly improve the website for you. Info about the privacy policy of IOS Press.