Question: Consider the following Python program #dbuser and dbpwd are obtained from a # configuration file con = pymysql.connect('localhost', dbuser, dbpwd, 'database') # get parameters

Consider the following Python program #dbuser and dbpwd are obtained from a # configuration file con =

Consider the following Python program #dbuser and dbpwd are obtained from a # configuration file con = pymysql.connect('localhost', dbuser, dbpwd, 'database') # get parameters from web request uid = getRequest Parameter("uid") with con: cur = con.cursor() Python cur.execute("SELECT * FROM users WHERE user_id=" + uid) firstname, lastname = cur.fetchone () print("Welcome " + firstname + " " + lastname) (i) What vulnerability does this program have? Briefly explain the vulnerability in general and, in particular, why this program is vulnerable. DO (ii) Modify this program to fix the vulnerability. (iii) Briefly explain why your modified version is secure.

Step by Step Solution

3.39 Rating (155 Votes )

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock

Vulnerability in the Python program The Python program is vulnerable to SQL injectionSQL injection is a type of injection attack that allows an attacker to interfere with the queries that an applicati... View full answer

blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Programming Questions!

Q:

Illustrate how to construct a regular expression representing the following automation step by step b 40 a,b

Q:

Planning is one of the most important management functions in any business. A front office managers first step in planning should involve determine the departments goals. Planning also includes...

Q:

The TGF Care Facility (TGF) is a not- for- profit organization dedicated to providing services in the care and rehabilitation of seniors with physical or mental disabilities. The main programs are...

Q:

In Problem 10.16, we projected financial statements for Walmart Stores for Years +1 through +5. The data in Chapter 12s Exhibits 12.1612.18 include the actual amounts for 2008 and the projected...

Q:

A direct current I flows in a long round uniform cylindrical wire made of paramagnetic with susceptibility X Find: (a) The surface molecular current Is; (b) The volume molecular current Iv. How are...

Q:

Expand the rules of protocol Stages described in Section 3.3.4, so as to enforce message ordering.

Q:

In the article Hypoglycemia in patients with type 2 diabetes mellitu published in the Archives of Internal Medicine (Miller et al., 2001), the authors reported the odds ratios for a logistic...

Q:

A machine part consists of a thin 40.0-cm-Iong bar with small l.15-kg masses fastened by screws to its ends. The screws can support a maximum force of 75.0 N without pulling out. This bar rotates...

Q:

White phosphorus, P_(4) , ignites in air to produce heat, light, and P_(4)O_(10) according to the following reaction.\ P_(4)(s)+5O_(2)(g)longrightarrowP_(4)O_(10)(s) \ If 67.2g of P_(4) is burned,...

Q:

You are called by the daughter of an elderly woman who lives alone. The daughter lives in another city and is concerned because her mother does not drive and has seemed unhappy and listless on the...

Q:

The Production Department of Hruska Corporation has submitted the following forecast of units to be produced by quarter for the upcoming fiscal year: Units to be produced 1st Quarter 10,000 2nd...

Q:

The International Space Station considers what many believe to have been the ultimate international engineering project in history. The initial plans involved the direct participation of 16 nations,...

Q:

Two days after talking with Karen, Daniel received a packet of information from the mayor s office. The information included news clippings, minutes from community meetings, and the telephone numbers...

Q:

Decedent is a citizen of the Philippines and a resident of Quezon City, died leaving the following: Rest house in Batangas inherited from his father during marriage Car received as gift from his...

Q:

ion 16 of 21 > Identify whether each scenario is an example of a marginal cost, marginal benefit, or neither. Answer Bank a marginal cost. not marginal. a marginal benefit. Chipset, Inc. sells...

Q:

Choose 2-3 changes you would consider making to deal with some of the potential issues that might be leading to turnover. what key concepts you think apply, some potential solutions to the problem...

Q:

On November 1, Alan Company signed a 120-day, 10% note payable, with a face value of $69,000. Alan made the appropriate year-end accrual. What is the journal entry as of March 1 to record the payment...

Q:

The water in tank A is at 270 F with quality of 10% and mass 1 lbm. It is connected to a piston/cylinder holding constant pressure of 40 psia initially with 1 lbm water at 700 F. The valve is opened,...

Q:

During 2012, Tom sold Sears stock for $10,000. The stock was purchased 4 years ago for $13,000. Tom also sold Ford Motor Company bonds for $35,000. The bonds were purchased 2 months ago for $30,000....

Q:

Rebecca and Walter Bunge have been married for 5 years. They live at 883 Scrub Brush Street, Apt. 52B, Las Vegas, NV 89125. Rebecca is a homemaker and Walt is a high school teacher. Rebecca's Social...

Q:

Jerry made the following contributions during 2012: His synagogue (by check).....................................................$680 The Democratic Party (by check)...

Q:

Calculate the missing value.

Q:

Broadway Mazda usually spends half as much on radio advertising as on newspaper advertising, and 60% as much on television advertising as on radio advertising. If next years total advertising budget...

Q:

Jose works in a toy-manufacturing plant. The wooden toy he fabricates requires three steps: cutting, assembly, and painting. Assembly takes two minutes longer than half the cutting time, and painting...