Skip to content

Oct 31: GP3 Feedback, SQL Injection

Learning Objectives

After today's class, you should be able to:

  • Identify ways that your database build scripts can be improved.
  • Demonstrate how to perform and prevent an SQL injection attack.

Lesson Outline

Announcements [10 min]

GP3 Review [40 min]

Section 1 Schedule
Time Instructor Review Peer Feedback Peer Feedback
12:55 PM Team 3: dfdc T5 reviews T1 T6 reviews T2
1:00 PM Team 4: gg " "
1:05 PM Team 5: tj T1 reviews T4 T7 reviews T3
1:10 PM Team 6: dbs " "
1:15 PM Team 7: databros T2 reviews T5
1:20 PM Team 1: goob "
1:25 PM Team 2: alt T3 reviews T6 T4 reviews T7
1:30 PM "
Section 2 Schedule
Time Instructor Review Peer Feedback Peer Feedback
2:30 PM T4 reviews T1 T5 reviews T2
2:35 PM Team 3: chefs " "
2:40 PM Team 4: sqls T3 reviews T6
2:45 PM Team 5: legends "
2:50 PM Team 6: bestaurant T2 reviews T5
2:55 PM Team 1: mmm "
3:00 PM Team 2: dr T1 reviews T4 T6 reviews T3
3:05 PM " "

Mini Lecture [25 min]

SQL Injection and Security

Example vulnerable application:

  • hack.py
  • hack.html
    • Input 1: '; DROP TABLE account; --
    • Input 2: <script>alert("Hi");</script>

Your To-Do List

  • Due TODAY: PE1 via Canvas
  • Due Monday: HW5 via GitHub