#CyberSecurity #InfoSec #SQLInjection #WebDev #DatabaseSafety
Attackers use commands like PG_SLEEP to confirm vulnerabilities when the database doesn't return direct error messages. If the page takes 5 seconds longer to load, they know they’ve found a hole. How to stay safe: {KEYWORD} AND 8756=(SELECT 8756 FROM PG_SLEEP(5))
Never concatenate user input directly into SQL strings. {KEYWORD} AND 8756=(SELECT 8756 FROM PG_SLEEP(5))
I was just looking at a classic example of a attack: {KEYWORD} AND 8756=(SELECT 8756 FROM PG_SLEEP(5)) {KEYWORD} AND 8756=(SELECT 8756 FROM PG_SLEEP(5))
To a regular user, this looks like gibberish. To a database, it’s an instruction to pause for 5 seconds before responding.