3. Introduction
• SQLIA is a type of attack in which the attacker tries to enter the
system by manipulating SQL queries i.e. by injecting malicious
queries in input fields of a web application
• Random4 algorithm is basically used to encrypt the data from
the input fields of application by using a lookup table for
encryption
• Hirschberg algorithm uses dynamic programming approach for
finding an optimal sequence alignment
4. Types of SQLI attacks
• Tautology
SELECT * FROM TABLE WHERE UNAME=”ABC” AND PWD=”ANYTHING” OR ‘1’=’1’;
As 1=1 is always true, attacker gains access to the database.
• Incorrect queries
Error: SELECT USERNAME,PASSWORD FROM STUDENT WHERE USERNAME=ABC’
• Piggy backed queries
SELECT * FROM USER WHWRE ID=123; DROP TABLE USER;
• Blind Injection
7. Prevention strategies
• For Tautology
‘1’=‘1’ gets encrypted so it returns false
• For Piggy backed queries
Eg. “User” becomes “UserA2;h”
• For Incorrect queries
Similar to piggy backed queries
• For Blind Injection
Eg. “123” becomes “g4a”
8. Complexity analysis
• Hirschberg algorithm
– Time Complexity
O(nm)
where n is string in the database and m is the input data
– Space Complexity
O(min(m , n))
• Random4 algorithm
– Time Complexity
Encryption requires to access the lookup table which increases the time complexity compared to
Hirschberg algorithm
– Space Complexity
The lookup table also needs to be stored which increases the space complexity
9. Comparison
Sr. no. Parameters Random4 Hirschberg
1. Encryption User input Not required
2. Computational overhead Less More
3. Time complexity Less More
4. Space complexity Less More