parser icon indicating copy to clipboard operation
parser copied to clipboard

Published 20 hours ago verified publisher icon pingcap

Does this parser detect sql injection?

Open fineday009 opened this issue 5 years ago • 1 comments

Does this parser detect sql injection? how?

fineday009 avatar Oct 27 '20 15:10 fineday009

SQL injection is valid syntax, so 100% confidence detection is difficult. But there are methods to mitigate it:

  • Save the digest of expected queries to an allow list, block new queries that do not match.
  • Disallow multiple statements from being executed at once. This prevents a SELECT statement being early terminated, and then an injected DELETE statement following.

ghost avatar Oct 27 '20 15:10 ghost