To check out your database system is secure or not, you can try this testing below. We call it 'SQL Injection' testing. This method will try to enter the system without knowing the username and password. Just use magic string. Try this :
1.Enter phrase 'or''=' for username and password
2.Enter phrase ' or 1=1--' for username and password
3.Enter phrase 'or''=' for username and empty password
4.Enter phrase John'-- for username and phrase 'or''=' for password
How to protect from these method? Basically you just permit characters A to Z, a to z and 0 to 9 only for username and password.
by. msmunir@batan.go.id
No comments:
Post a Comment