欢迎进入Oracle社区论坛,与200万技术人员互动交流 >>进入 上周,安全研究专家David Litchfield发现了一种能让黑客访问Oracle数据库的新攻击方法,并发表了关于这个新攻击类型的技术细节。 这种新的攻击方法被称为侧面SQL注入(lateral SQL injection),利
欢迎进入Oracle社区论坛,与200万技术人员互动交流 >>进入
上周,安全研究专家David Litchfield发现了一种能让黑客访问Oracle数据库的新攻击方法,并发表了关于这个新攻击类型的技术细节。
这种新的攻击方法被称为侧面SQL注入(lateral SQL injection),利用这个方法能够非法获取Oracle服务器上的数据库管理员权限,这样就可以修改或删除数据库的数据,甚至还可以在服务器上安装软件。
Litchfield在二月的黑客大会上首次披露了这种类型的攻击,并在上周四发表了一篇文章里详细讲述了关于这种工具的技术细节问题。
在SQL注入攻击中,攻击者往往会巧妙地设计一些搜索条件,骗过数据库运行非法的SQL指令。在此之前,安全专家都一直认为SQL注入只有在攻击者将字符型字符串输入到数据库的情况下才会生效,但Litchfield在文章中展示了用新的日期和数字数据类型也能进行SQL注入攻击。这种攻击的目标编程语言是广为Oracle开发人员所使用的Procedural语言和SQL语言。
Litchfield并不确定这种侧面SQL攻击漏洞是否广泛存在,不过他认为这种攻击有可能会在某些情况下引发严重的损害。如果你正好使用的是Oracle数据库,而且你在数据库上编写了自己的应用程序,那么你可能会编写进了带有漏洞的代码。虽然这不是什么可以让天塌下来的大事,不过大家都应当对此有所警觉。
数据库程序员应当检查他们的代码,确保所有对于数据的处理都是合法的而不是注入的SQL指令。
Oracle目前还没有对此发表任何回应性的评论。
What Are the Limitations of Using Views in MySQL?May 14, 2025 am 12:10 AMMySQLviewshavelimitations:1)Theydon'tsupportallSQLoperations,restrictingdatamanipulationthroughviewswithjoinsorsubqueries.2)Theycanimpactperformance,especiallywithcomplexqueriesorlargedatasets.3)Viewsdon'tstoredata,potentiallyleadingtooutdatedinforma
Securing Your MySQL Database: Adding Users and Granting PrivilegesMay 14, 2025 am 12:09 AMProperusermanagementinMySQLiscrucialforenhancingsecurityandensuringefficientdatabaseoperation.1)UseCREATEUSERtoaddusers,specifyingconnectionsourcewith@'localhost'or@'%'.2)GrantspecificprivilegeswithGRANT,usingleastprivilegeprincipletominimizerisks.3)
What Factors Influence the Number of Triggers I Can Use in MySQL?May 14, 2025 am 12:08 AMMySQLdoesn'timposeahardlimitontriggers,butpracticalfactorsdeterminetheireffectiveuse:1)Serverconfigurationimpactstriggermanagement;2)Complextriggersincreasesystemload;3)Largertablesslowtriggerperformance;4)Highconcurrencycancausetriggercontention;5)M
MySQL: Is it safe to store BLOB?May 14, 2025 am 12:07 AMYes,it'ssafetostoreBLOBdatainMySQL,butconsiderthesefactors:1)StorageSpace:BLOBscanconsumesignificantspace,potentiallyincreasingcostsandslowingperformance.2)Performance:LargerrowsizesduetoBLOBsmayslowdownqueries.3)BackupandRecovery:Theseprocessescanbe
MySQL: Adding a user through a PHP web interfaceMay 14, 2025 am 12:04 AMAdding MySQL users through the PHP web interface can use MySQLi extensions. The steps are as follows: 1. Connect to the MySQL database and use the MySQLi extension. 2. Create a user, use the CREATEUSER statement, and use the PASSWORD() function to encrypt the password. 3. Prevent SQL injection and use the mysqli_real_escape_string() function to process user input. 4. Assign permissions to new users and use the GRANT statement.
MySQL: BLOB and other no-sql storage, what are the differences?May 13, 2025 am 12:14 AMMySQL'sBLOBissuitableforstoringbinarydatawithinarelationaldatabase,whileNoSQLoptionslikeMongoDB,Redis,andCassandraofferflexible,scalablesolutionsforunstructureddata.BLOBissimplerbutcanslowdownperformancewithlargedata;NoSQLprovidesbetterscalabilityand
MySQL Add User: Syntax, Options, and Security Best PracticesMay 13, 2025 am 12:12 AMToaddauserinMySQL,use:CREATEUSER'username'@'host'IDENTIFIEDBY'password';Here'showtodoitsecurely:1)Choosethehostcarefullytocontrolaccess.2)SetresourcelimitswithoptionslikeMAX_QUERIES_PER_HOUR.3)Usestrong,uniquepasswords.4)EnforceSSL/TLSconnectionswith
MySQL: How to avoid String Data Types common mistakes?May 13, 2025 am 12:09 AMToavoidcommonmistakeswithstringdatatypesinMySQL,understandstringtypenuances,choosetherighttype,andmanageencodingandcollationsettingseffectively.1)UseCHARforfixed-lengthstrings,VARCHARforvariable-length,andTEXT/BLOBforlargerdata.2)Setcorrectcharacters
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Atom editor mac version download
The most popular open source editor
WebStorm Mac version
Useful JavaScript development tools
SublimeText3 English version
Recommended: Win version, supports code prompts!
Dreamweaver Mac version
Visual web development tools
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
