Access Control Mechanism For Web Databases By Using Parameterized Cursor

Web applications have gained an enormous increase in popularity for providing various facilities online, such as e-shopping, e-banking, e-ticketing, e-learning etc. As the use of web applications grow, there is an increase in the attacks on web applications as well. Among these attacking techniques, SQL Injection has been emerging as one of the most dangerous threats to web applications. SQL Injection technique is mostly an attack on data driven web applications. By providing especially built user input through the web form fields, the attacker can access and modify the contents of the underlying database of a web application. This research work presents a technique, which will be used for the detection and prevention from SQL Injection. The parameterized cursor is used to implement the concept. The user session information will be passed as a parameter to cursor. If the user is an authorized user then the cursor will fetch the desired tuples else will fail to execute. This research work can easily be adopted and implemented in any platform and database. An example application is developed in Oracle Internet Developer suite 10g and Oracle Database 10g to test the performance against SQL Injection.