259fd19c1b
- Now using Spring Boot for classloading, this way local development does not need to restart the complete server - Fixed all kinds of dependencies on the names of the lessons necessary to keep in mind during the creation of a lesson. - Simplied loading of resources, by adding resource mappings in MvcConfig. - Refactored plugin loading, now only one class is left for loading the lessons.
18 lines
486 B
Plaintext
18 lines
486 B
Plaintext
== Severity of SQL Injection
|
||
|
||
=== The severity of SQL Injection attacks is limited by
|
||
* Attacker’s skill and imagination
|
||
* Defense in depth countermeasures
|
||
** Input validation
|
||
** Least privilege
|
||
* Database technology
|
||
|
||
=== Not all databases support command chaining
|
||
* Microsoft Access
|
||
* MySQL Connector/J and C
|
||
* Oracle
|
||
|
||
=== Not all databases are equal (SQL Server)
|
||
* Command shell: `master.dbo.xp_cmdshell 'cmd.exe dir c:'`
|
||
* Reqistry commands: `xp_regread`, `xp_regdeletekey`, …
|