A Primer on how SQL Injection is used to Hack into Website Databases

[regic]

An article with some background info on how hackers use SQL Inection to hack into website databases:

SQL Injection is one of the most common security vulnerabilities on the web. Here I'll try to explain in detail these kinds of vulnerabilities with examples of bugs in PHP and possible solutions.

If you are not so confident with programming languages and web technologies you may be wondering what SQL stands for. Well, it's an acronym for Structured Query Language (pronounced "sequel"). It's "de facto" the standard language to access and manipulate data in databases.

Nowadays most websites rely on a database (usually MySQL) to store and access data...

full article: http://www.webpronews.com/blogtalk/blogt...ction.html

[regic]

In related news  , Visa has issued a warning about an increase in the number of SQL Injection attacks on ecommerce web sites.  They also offer some tips to minimize the risks. 

SQL is the coding that appears in the URL box after a consumer initiates a search on the merchant’s web site. Hackers use this string of data to query the database for information that should not be provided, Elliott says.

“We’ve seen an uptick in the bad guys using SQL injection attacks on shopping carts,” he says. “We want to give merchants these best practice recommendations to stay ahead of this and not have it turn into a large issue.” ...

full article: http://www.internetretailer.com/dailyNews.asp?id=18718

Among the suggested tips are purging CVV2 data after card authorization, testing your site for SQL Injection vulnerabilities, promptly applying security patches from vendors, using only secure web servers, and more.

[valleygirl]

“We’ve seen an uptick in the bad guys using SQL injection attacks on shopping carts,”

Security was a factor in my decision to use a hosted cart.  I'd rather pay extra and have Make-a-store who is familiar with security apply the patches than take time away from my business to do it.