SQL Injection is a common security vulnerability for applications that use
database. It is one of the most common security vulnerabilities for web
applications today. This sample application shows how SQL injection works,
and how to protect the application from it.
| Methods |
|---|
| static String |
changePassword(Connection conn, String userName, String password)
Utility method to change a password of a user.
|
| static String |
changePassword(Connection conn, String userName, String password) throws Exception
Utility method to change a password of a user.
This method is secure, except that the old password is not checked.
Parameters:
conn - the database connection
userName - the user name
password - the password
Returns:
the new password
|
| static ResultSet |
getUser(Connection conn, String userName, String password)
Utility method to get a user record given the user name and password.
|
| static ResultSet |
getUser(Connection conn, String userName, String password) throws Exception
Utility method to get a user record given the user name and password.
This method is secure.
Parameters:
conn - the database connection
userName - the user name
password - the password
Returns:
a result set with the user record if the password matches
|
| static void |
main(String... args)
This method is called when executing this sample application from the
command line.
|
| static void |
main(String... args) throws Exception
This method is called when executing this sample application from the
command line.
Parameters:
args - the command line parameters
|
| String |
input(String prompt)
Utility method to get user input from the command line.
|
| String |
input(String prompt) throws Exception
Utility method to get user input from the command line.
Parameters:
prompt - the prompt
Returns:
the user input
|
| void |
limitRowAccess()
Sample code to limit access only to specific rows.
|
| void |
limitRowAccess() throws Exception
Sample code to limit access only to specific rows.
|
| void |
listActiveItems()
List active items.
|
| void |
listActiveItems() throws Exception
List active items.
The method uses the hard coded value '1', and therefore the database
can not verify if the SQL statement was constructed with user
input or not.
|
| void |
listActiveItemsUsingConstants()
List active items.
|
| void |
listActiveItemsUsingConstants() throws Exception
List active items.
The method uses a constant, and therefore the database
knows it does not contain user input.
|
| void |
listItemsSortedInsecure()
List items using a specified sort order.
|
| void |
listItemsSortedInsecure() throws Exception
List items using a specified sort order.
The method is not secure as user input is used to construct the
SQL statement.
|
| void |
listItemsSortedSecure()
List items using a specified sort order.
|
| void |
listItemsSortedSecure() throws Exception
List items using a specified sort order.
The method is secure as the user input is validated before use.
However the database has no chance to verify this.
|
| void |
listItemsSortedSecureParam()
List items using a specified sort order.
|
| void |
listItemsSortedSecureParam() throws Exception
List items using a specified sort order.
The method is secure as a parameterized statement is used.
|
| void |
loginByIdInsecure()
Simulate a login using an insecure method.
|
| void |
loginByIdInsecure() throws Exception
Simulate a login using an insecure method.
|
| void |
loginByIdSecure()
Simulate a login using a secure method.
|
| void |
loginByIdSecure() throws Exception
Simulate a login using a secure method.
|
| void |
loginByNameInsecure()
Simulate a login using an insecure method.
|
| void |
loginByNameInsecure() throws Exception
Simulate a login using an insecure method.
|
| void |
loginByNameSecure()
Simulate a login using a secure method.
|
| void |
loginByNameSecure() throws Exception
Simulate a login using a secure method.
|
| void |
loginStoredProcedureInsecure()
Simulate a login using an insecure method.
|
| void |
loginStoredProcedureInsecure() throws Exception
Simulate a login using an insecure method.
A stored procedure is used here.
|
| void |
run(String driver, String url, String user, String password)
Run the test against the specified database.
|
| void |
run(String driver, String url, String user, String password) throws Exception
Run the test against the specified database.
Parameters:
driver - the JDBC driver name
url - the database URL
user - the user name
password - the password
|
| void |
storePasswordHashWithSalt()
This method creates a one way hash from the password
(using a random salt), and stores this information instead of the
password.
|
| void |
storePasswordHashWithSalt() throws Exception
This method creates a one way hash from the password
(using a random salt), and stores this information instead of the
password.
|