A: SQL Injection is an attack on databases with a web server front-end. The issue involves the application not properly 'sanitizing' input data. By submitting a carefully crafted response the attacker is able to gain unauthorized access to the database. This access can take various forms including read access, the ability to change data and can also be used in some cases to completely compromise the entire database server.
|