English subtitles

← Spammy Tables - Intro to Relational Databases

Get Embed Code
4 Languages

Showing Revision 3 created 05/24/2016 by Udacity Robot.

  1. SQL injection attacks are a common
    security problem with code that
  2. uses a database without
    being careful enough.
  3. But they're not the only one.
  4. Here's another exciting opportunity
    to mess with your forum app.
  5. Copy the text from the instructor notes,
    and put it into a forum post,
  6. like so, and hit the Post button.
  7. Oh, no.
  8. Spam, and more spam, and even more spam.
  9. Where's all this spam coming from?
  10. Every time the forum page loads,
  11. our web browser is submitting spam
    messages back into the forum.
  12. Remember back in lesson one when I
    asked you to think about the meaning of
  13. data in particular columns?
  14. Well here is a case where that's
    not an abstract concern at all.
  15. The forum program is treating each
    post as if it's just a piece of text.
  16. But your browser on the other hand,
  17. your browser is interpreting it with
    a different meaning, as a piece of code.
  18. This is another security
    problem a web app can have,
  19. it's called a script injection attack.
  20. And this is why real web
    forums don't allow users to
  21. put arbitrary JavaScript
    code in their comments.
  22. Okay, so how do we fix it?