Problem
1. Give three examples of a SQL injection attack, explaining in each case how a naive implementation of the server program will allow the attack to succeed. In each case, show how better coding can prevent the attack from succeeding.
2. A system authenticates users by storing an encrypted version of their passwords in a table indexed by their user ID. When a user logs in they first enter their user ID. This is used to retrieve their encrypted password, which is read into an array. The user then enters their password into another array. This password is then encrypted, with the encrypted version being stored in a third array. The newly calculated encrypted password is then compared with the version retrieved from the table and if they are the same the user is allowed into the system. Show with an example how a poor implementation of this system can allow an attacker to get into the system without knowing the user's password using a buffer overflow attack. How can this attack be prevented?
3. What is a poisoned null byte attack? Give an example to explain the coding errors that allow it to work? How can it be prevented?