An authentication mechanism to prevent SQL injection by syntactic analysis

With the growth in web based applications that employ database services, SQL Injection is becoming one of the repeatedly used exploits. It permits an intruder to gain control over the database of an application, thereby able to read and modify confidential data. This paper illustrates few different forms of SQL injection and based on observation, it is seen that SQL Injection is interpreted differently on different databases. Also, an effective solution is proposed for the prevention of these categories of injection attacks. The authors suggest an approach in which the value entered for every field is checked for an SQL injection attack by parsing it through a grammar that detects SQL injection. If successfully parsed then probably, an SQL injection attack was intended. If not, the entry was legitimate and the database can be coordinated.