Return to Video

Spammy Tables - Intro to Relational Databases

  • 0:01 - 0:04
    SQL injection attacks are a common
    security problem with code that
  • 0:04 - 0:07
    uses a database without
    being careful enough.
  • 0:07 - 0:08
    But they're not the only one.
  • 0:08 - 0:11
    Here's another exciting opportunity
    to mess with your forum app.
  • 0:12 - 0:17
    Copy the text from the instructor notes,
    and put it into a forum post,
  • 0:17 - 0:21
    like so, and hit the Post button.
  • 0:22 - 0:23
    Oh, no.
  • 0:23 - 0:28
    Spam, and more spam, and even more spam.
  • 0:29 - 0:31
    Where's all this spam coming from?
  • 0:31 - 0:33
    Every time the forum page loads,
  • 0:33 - 0:36
    our web browser is submitting spam
    messages back into the forum.
  • 0:37 - 0:40
    Remember back in lesson one when I
    asked you to think about the meaning of
  • 0:40 - 0:42
    data in particular columns?
  • 0:42 - 0:45
    Well here is a case where that's
    not an abstract concern at all.
  • 0:45 - 0:50
    The forum program is treating each
    post as if it's just a piece of text.
  • 0:50 - 0:52
    But your browser on the other hand,
  • 0:52 - 0:56
    your browser is interpreting it with
    a different meaning, as a piece of code.
  • 0:56 - 0:59
    This is another security
    problem a web app can have,
  • 0:59 - 1:01
    it's called a script injection attack.
  • 1:01 - 1:04
    And this is why real web
    forums don't allow users to
  • 1:04 - 1:07
    put arbitrary JavaScript
    code in their comments.
  • 1:07 - 1:09
    Okay, so how do we fix it?
Title:
Spammy Tables - Intro to Relational Databases
Description:

more » « less
Video Language:
English
Team:
Udacity
Project:
ud197 - Intro to RDB
Duration:
01:10

English subtitles

Revisions Compare revisions