Project: SQL Injection Vulnerabilities and Prevention in a Login System

Objective:

The purpose of this project is to help you understand SQL injection vulnerabilities and how to protect a login system from such attacks through input validation and SQL protections. You will create a simple registration and login system, demonstrate SQL injection attacks, and then apply mitigation techniques to make the system secure$.($review lecture $11$ for details of SQL injection$).$

Core Features:

Phase $1$: Create a Login System with SQL Injection Vulnerabilities $1.$ Registration and Login Page:

$-$ Implement a basic registration page where users can sign up by providing a username and password.

$-$ The password should be hashed before storing it in the database for security. $-$ Implement a simple login page where users can enter their credentials to log in$.$

$2.$ Database:

$-$ Create one or two tables in the database to store user$-$related information $($e$.$g$.,$ users table with username and password columns$).$

$-$ Add some sample data to the database for testing purposes, including a few registered users.

$3.$ SQL Injection Demonstration:

$-$ Demonstrate at least three examples of SQL injection attacks on the login page.

$-$ Show how these SQL injection attacks can exploit vulnerabilities in your code, and explain how they affect the application. For example:

$$ Bypassing authentication by injecting malicious SQL queries.

$$ Extracting sensitive user information from the database.

$$ Modifying or deleting data in the database.

Phase $2$: Secure the System with SQL Injection Prevention Techniques

$1.$ Input Validation and SQL Protections:

You need to correct your code using proven mitigation techniques. Here are some examples.

$$ Correct your code by implementing input validation techniques to ensure user inputs are properly sanitized.

$$ Use parameterized queries $($prepared statements$)$ to protect the system from SQL injection attacks.

$2.$ SQL Injection$-$Proof Demonstration:

$-$ Perform the same three SQL injection examples from Phase $1$ after applying your code fixes.

$-$ Show the results and demonstrate how your updated code prevents SQL injection attacks, making the system secure$.$

User Interface: Create a user$-$friendly interface for interacting with the system. Note: Don't need to spend too much time on the fancy interface; just a working interface is good enough.

Technical Requirements:

$1.$ Programming Language: You can use Java, Python, C#$,$ or any language proficient in handling cryptographic functions.

$2.$ Encryption Algorithm: Utilize AES $($Advanced Encryption Standard$)$ with a key size of $256$ bits.

$3.$ Database: Use SQLite or any lightweight database to store encrypted data. The database name should be your lastname. For example, if your last name is "smith", the database name should be $$smithDB$.$