A novel approach for prevention of SQL injection attacks using cryptography and access control policies

Abstract

In this era of social and technological development, SQL injection attacks are one of the major securities in Web applications. They allow attackers to obtain an unrestricted and easy access to the databases to gain valuable information. Although many researchers have proposed various effective and useful methods to address the SQL injection problems, all the proposed approaches either fail to address the broader scope of the problem or have limitations that prevent their use and adoption or cannot be applied to some crucial scenarios. In this paper we propose a global solution to the SQL injection attacks by providing strong encryption techniques and policy based access control mechanism on the application information. We initially encrypt the message using an encryption engine in the server before we store the values into the database with Policy-based Access Control, data is stored in the encrypted form and while accessing it again we decrypt them and provide the data for the user in a secured manner with the control of policy based access. © 2011 Springer-Verlag.