B
B
BotaniQ_Q2017-06-18 02:10:35
Programming languages
BotaniQ_Q, 2017-06-18 02:10:35

Are there vulnerabilities like sql injection in other languages?

I have never understood the work of compilers, interpreters, but let's say we have a Pit's input and similar inputs in other languages, is it possible to put an analogue of a quote in sql somewhere in order to write our code further? Don't write for reverse :)

Answer the question

In order to leave comments, you need to log in

2 answer(s)
N
nirvimel, 2017-06-18
@BotaniQ_Q

In all languages ​​that have an eval function , it is possible to inject anything through it. And if in SQL it is still possible to somehow solve this problem with the help of proper character escaping, then in Turing-complete languages ​​it is theoretically possible to distinguish between malicious code that is safe in only one way: by executing it in the same environment and with the same input data as in real conditions.
Therefore, by the majority of coding conventions (by the way, how would it be in Russian?) , the use of eval is completely prohibited. Code review in most large companies and large open-source projects will wrap up any pull-request in which eval is found, and after that, most likely, will not even consider subsequent requests from the same author.
Many antiviruses also have a heuristic analyzer designed to search for eval in scripts (turns on after the language is defined).

T
TyzhSysAdmin, 2017-06-18
@POS_troi

The presence or SQL Injection does not depend on the language, this vulnerability belongs to the category of "implementation errors" - when the developer forgot about the rule "do not trust any data coming from outside, check everything."
Read this article https://habrahabr.ru/post/148151/ , a general understanding of mechanics will come.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question