The first step to online account security is choosing a good password. However, before storing anything important online, you should consider that there are other potential security holes - those which do not require a password at all. The most prominent of these is "SQL injection", which I will attempt to explain to an average computer user now.
SQL stands for Standard Query Language or something like that, but that's not really important now. What is important is that there are computers that store a whole lot of data and use SQL to access (e.g. on log-in) and modify it (e.g. on account creation). SQL is based on text-based code which is sent to the data server to request information (e.g. to find the user whose name was typed on the log-in form).
Since it's based entirely on text, it's vulnerable to hackers who know SQL and type fragments of its code into log-in forms, causing their code to be executed by the SQL server. If the web page does not "clean up" the input - removing characters that would cause SQL to do bad things - then anybody can make the server do anything.
Frequently, it's possible to type in SQL code that will cause the server to think that the hacker entered the correct password for any account. (This usually results in the hacker being logged in as the first user in the database.) More terrifyingly, it's possible to enter code that will result in the server destroying all its stored data. Once that's done - just once, by anyone - everybody's account info is either stolen or destroyed.
What can you do to avoid SQL injections? Ask the website's creator. Search the Internet for information pertaining to the vulnerability of that particular server. Finally, be aware that the Internet is an amazingly volatile and dangerous place for data.
No comments:
Post a Comment