POTD 8: DB security
Due 30-October-2020, 11:00am EST
(Submit to Collab)
Name(s) and
ComputingID(s):
Purpose:
- Understand database security
- Experience with SQL injection
You may make a copy of a
worksheet
and complete this activity, or simply type your answers in any text editor.
You may work alone or with at most two other students in this course
(feel free to make use of any communication channels of your choice,
or simply type in Zoom's chat .. or talk if that works for your team).
Instruction:
On the SQL Injection Attack site mentioned during class,
guess the password by performing systematic SQL injection attacks.
Using only lowercase letters, numbers, and wildcards ( _ and % ),
can you find the whole password?
Describe how you did it.
(You may cut-and-paste the code you injected in your submission.
Briefly describe your procedure and why it works.)
Grading rubric
[Total: 10 points]: Done (or provide evidence of your attempt, full or reasonable effort)
- (5 points) — Providing evidence of your attempt, minimal effort
Submission
- [optional] Take a selfie (or picture) of you or your team and submit it with your POTD
- Save your POTD as a .txt or .pdf file.
No word document. No hand writing (see exceptions). (we have to apply -10 for word document or hand writing.)
- Submit your POTD to Collab (under Assignments/POTD8).
If you have multiple files, no need to zip them.
- Each team submit only one copy
-
When submitting your POTD to Collab,
make a note in a submission textarea (or text box), clearly specifying all team members' computingIDs and names.
This will help us record your team's grades efficiently.