• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint

SQL Injection

Behind the scenes of a Web-based email application is a database that stores the messages and allows each user to see his or her emails, folders, and address books. However, if attackers can fool the application into giving them direct access to the database, all the information stored in the database can be compromised. This can allow an attacker to not only read email, but also alter or even delete the messages.

Case Study 9-4

Sandy was suspicious that her boyfriend was seeing someone else. The more she thought about it, the more convinced she became. One of her girlfriends asked if she had looked through his email to find any suspicious emails.

Sandy knew her boyfriend's email address but not his password. Pierre, one of Sandy's friends, was good with computers. He showed her how to access her boyfriend's account without having the password. Within seconds, Sandy was reading through all his email, looking for a smoking gun.



PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint