Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I protect Amazon SimpleDB from SQL Injection?

Tags:

sql-injection

amazon-simpledb

Under the principle of "if it walks like a duck and it sounds like a duck," it sure seems like the SQL-flavored queries that Amazon's SimpleDB supports should be susceptible to SQL injection-type attacks. Here's a simple example that assumes the attacker's input is going into the variable $category, and that he can guess a column name:

$category = "Clothes' OR Category LIKE '%";
$results = $sdb->select("SELECT * FROM `{$domain}` WHERE Category = '$category'");

If you're playing the home game, these lines can be an in-place replacement for line 119 in the file html-sdb_create_domain_data.php in the sample code in Amazon's PHP SDK (1.2).

Amazon publishes quoting rules, and I suppose I could write something that ensures that any " or ' in user input gets doubled up... but I've always understood that escaping is basically an arms race, which makes parametrization my weapon of choice when using, for example, MySQL.

What are other people using to defend SimpleDB queries?

like image 613
Jeremy Wadhams Avatar asked Dec 15 '10 05:12

Jeremy Wadhams

People also ask

How can SQL injection be prevented?

The only sure way to prevent SQL Injection attacks is input validation and parametrized queries including prepared statements. The application code should never use the input directly. The developer must sanitize all input, not only web form inputs such as login forms.

Which AWS service helps you to protect from SQL injection attacks?

AWS Firewall Manager is a security management service that enables you to centrally configure and manage firewall rules across your accounts and applications in AWS Organizations. Firewall Manager supports configuring sensitivity levels for SQL injection rules.

1 Answers

The SimpleDB Select operation is non destructive, so the only thing to protect against is extra query data going out to the attacker.

The solution to sanitize user input to the query is pretty easy with SimpleDB since sub-selects and compound statements are not allowed. So it's not really an arms race; sequences of one or more quote characters in the input must be escaped if the length of the sequence is odd.

like image 56
Mocky Avatar answered Oct 24 '22 16:10

Mocky
Sign in to Comment

Related questions

Rails - How to properly escape values in a update_all query
SQL Injection Protection - Cast from string to int
I found a lot of weird string in my database, someone trying to get into my site?
Compose dynamic SQL string with psycopg2
How to escape user-supplied parameters with a SQL query?
PDO in Codeigniter - Protect vs SQL Injection
SQL injection is not working correctly
Dynamic SQL WHERE clause generation
Can JSF standard validation prevent code injection?
Need help understanding MySQL injection
how to prevent SQL Injection in JSP?
How do I prevent SQL injection with ColdFusion
Specify parameters with SQLMAP
Can I get SQL injection attack from SELECT statement?
Preventing SQL Injection in ASP.Net
Rails ActiveRecord - Search on Multiple Attributes
Setting CursorType with ADODB.Command.Execute
Handling the data in an IN clause, with SQL parameters?
Prevention against SQL Injection in Hibernate
How to confirm SQL injection

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!