During a review of a web application, a team highlights that user-supplied data might be used to run unintended commands. Developers implemented input checks for each field. Which approach best strengthens those checks to limit harmful queries reaching the database?
Enforce logging on every request to detect suspicious activity
Restrict traffic based on IP address ranges
Enable strong password complexity for all user accounts
Add parameterized calls so that the database distinguishes between code and user values
Enforcing parameterized calls ensures that user-supplied values are not treated as executable statements. This applies controls that stop harmful input from changing how queries run. Other approaches are valuable security measures but do not directly mitigate the risk of improperly executed parameters or commands within the database calls.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are parameterized calls in databases?
Open an interactive chat with Bash
How does SQL injection exploit non-parameterized queries?
Open an interactive chat with Bash
Why are strong passwords insufficient in preventing harmful database queries?