Youre dismayed to discover the following Java code in the client login section of an online banking site:

/** * Check whether a username and password combination is valid.

*/

ResultSet checkPassword(Connection conn, String username, String password) throws SQLException {

String query = "SELECT user_id FROM Customers WHERE username = "

+ username + " AND password = SHA1(" + password + ");";

Statement s = conn.createStatement();

return s.executeQuery(query);

}

For the purposes of this problem, you can treat SHA1 as doing a deterministic scrambling of password into the format in which passwords are stored inside the database. The particulars of this behavior are not important for the problem.

(a) What username could an attacker enter in order to delete the Customers table?

(b) What username could an attacker enter in order to create a new user (assume they know that admin.USERS has columns [ usr , pass])?

(c) What are some ideas you can come up with to prevent against this attack?