See Full Story
The term "SQL injection" sounds pretty scary -- kind of medical, painful, maybe even lethal. And it can be, for websites that fall victim to it. It involves tricking a site into forming a rogue SQL command that prompts a database to deliver its contents right into the hands of the attacker. If it's successful, a hacker can gain access to a ton of sensitive information. The bright side of SQL injection is that it's not exactly cutting edge. It's something security pros have seen time and time again, and they've developed a whole set of precautions and best practices.
Nice article, an SQL injection hack can happen to the best of us, with one slip up anywhere in our code. But it still baffles me that so many companies especially large companies are not hashing and salting sensitive information such as passwords, this takes seconds to do and limits damages and embarrasment when data is leaked when will people learn?