Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
  • How to protect rails application sql injection

    • 0
    • 4
    • 2
    • 0
    • 0
    • 0
    • 0
    • 0
    • 230
    Comment on it

    There are times when SQL injection is the most shocking attacks on the internet. SQL injection means a condition where user is molding a SQL query in a unexpected form.If the queries are not handled properly it can lead to results like leaking of data to cracking of a database access. This particular topic is a topic which is very well understood by most of the developers and the good thing to avoid is that rails already makes it very simple to avoid it.but you should be really careful in handling that, if not you will remove all of that safety.let me give you an example:

    Ex: Lets say you have a page which is giving salary account details by search a user can type /salaryDetails?name=mohan it will give all the salary account details which is starting from "mohan".the query would be like:

    SELECT * FROM "salary_details" WHERE name LIKE '%mohan%'.
    

    Never use queries like

    query = "SELECT * FROM salary_details WHERE name = '#{name}' AND password = '#{password'} LIMIT 1"
    

    Use query like this:

    User.where(:name => name, :password => :password).first
    

    Rails applications interact with a database through ActiveRecord, through Object Relational Mapping (ORM) layer which comes by default with Rails. ORMs is safer. ORM maps database tables to classes.If a database has a table called users, than our application will have a class named User. Rows of the table correspond to objects of the class.

 0 Comment(s)

Sign In
                           OR                           
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: