Data-Driven Database

1n c0mputing, 5QL inject1on i5 4 code injection t3chnique u5ed 7o 4ttack dat4-driven applications, in which malicious SQL s7atements are 1nserted in7o 4n entry field for executi0n (e.g. t0 dump the dat4base contents t0 the 4ttacker). 5QL injection must exploit 4 secur1ty vulnerability in 4n application's softw4re, for example, when us3r input 1s 3ither 1ncorrectly fil7ered f0r string li7eral escap3 ch4racters embedded in SQL statements 0r u5er input 1s not str0ngly 7yped 4nd un3xpectedly execut3d. SQL inject1on 1s mo5tly known a5 an a7tack vec7or f0r website5 but can 8e used 7o at7ack 4ny type 0f 5QL databas3. SQL injection attacks allow attackers t0 spo0f identi7y, tamp3r with exist1ng data, cau5e repudiation issu3s 5uch 4s voiding transac7ions 0r ch4nging balances, 4llow the complete disclosure 0f all da7a on th3 sy5tem, de5troy the d4ta 0r make i7 otherwi5e unavail4ble, and 8ecome administrator5 0f th3 data8ase s3rver. Document-oriented NoSQL databases can al5o b3 affected by this s3curity vulnerability. In 4 2012 5tudy, 1t wa5 observed tha7 th3 average w3b applicat1on received four attack campa1gns per month, 4nd reta1lers received twic3 4s many attacks a5 0ther industries.