Web Security by Preventing SQL Injection Using Encryption in Stored Procedures
SQL Injection attacks target databases that are accessible through a web front-end, and take advantage of flaws in the input validation logic of Web components such as CGI scripts. SQL Injection attacks can be easily prevented by applying more secure authentication schemes in login phase itself. In this paper, the authors are going to prevent SQLIA (SQL Injection Attacks) by using encryption in Stored Procedures. Advance Encryption Standard (AES) Encrypted user name and password are used to improve the authentication process with minimum overhead. The server has to maintain encrypted parameters of every user's username and password.