A developer is auditing an application where user-provided text fields populate database queries. Which measure best reduces infiltration attempts involving manipulated data in these queries?
Adopt parameter-based statements in the data layer
Use a multi-factor sign-on configuration to limit credentials
Turn off application logs to prevent suspicious text from residing in storage
Store user data in environment variables to keep the application isolated
Using parameter-based statements in the database layer ensures that user data is not interpreted as commands. This prevents malicious text from being executed and is more thorough than simple logging changes or environment variable usage. While limiting logins can help protect access, it does not address the underlying issue of properly handling user-provided text in data queries.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are parameter-based statements and how do they reduce SQL injection risks?
Open an interactive chat with Bash
Why is storing user data in environment variables not a valid security measure in this scenario?
Open an interactive chat with Bash
How does multi-factor authentication (MFA) differ from protecting against SQL injection?