Understanding general weaknesses and SQL injection enablers
SQL is an immensely powerful and effective tool for interacting with relational databases as it provides an opportunity to perform various tasks through the wide array of functions and commands available. Unfortunately, from a security standpoint, this boon is also a bane; allowing access to many different types of operations means that if no control is in place, anyone could potentially turn an application that utilizes databases on its head, leaving malicious imagination as the only limit to what attackers could achieve.
You saw firsthand what a vulnerable application can lead to (and we hope you also had fun in the process) in the previous chapter, and if you've reached this point in the book, you may also be wondering whether there's any way to improve security to prevent all of this. SQL databases are still extensively used today, so you can probably guess that the short answer is definitely yes. The long...