Modifications and deletion of records to a database are made with calls to the database manager using SQL code.
Injected SQL is the technique of modifying SQL guidelines released by a program to the database manager.
What could happen then? Not only unauthorized access to the database data, but you could take control of the operating system that supports it, and therefore a very high level risk. The reason is that database managers have consoles of the operating systems where those managers are located.
On the other hand, these accesses are hardly detectable to network administrators. Why?
There are attacks that involve a high knowledge of database managers. Databases are sometimes encrypted by the application servers themselves.In addition, one of the advantages of an injected SQL attack compared to others is that you should not have a great knowledge of database managers, and the hacker can achieve enormously harmful results without even an "exploit".
In this case, having a FIREWALL, or "Oracle", understanding that having a network security mechanism, or a specific DATABASE Manager, does not have special relevance in itself to combat this attack. Only technical experts in information security, who combine knowledge of data database management, together with specific protection tools can guarantee the security of the information.
Information Security Department
Legal Department
www.audea.com
