lundi 1 décembre 2014

Validating Credentials - Logic in Application vs Database



I am studying


Web Application Security, A Beginner's Guide Paperback – November 3, 2011 by Bryan Sullivan (Author), Vincent Liu (Author)


On pp 69, "Validating Credentials", they say you can validate credentials based on



  1. Comparison logic in application with plaintext passwords

  2. Comparison logic in database with plaintext passwords ....


I cannot understand the difference between logic in application vs database.


The text for "Comparison logic in application..." says:



The application sends a request (for example, SQL query or LDAP query) to the back-end database to retrieve the record associated with the username...



The text for "Comparison logic in database..." says:



This technique involves crafting a SQL query or LDAP request to the back-end system with a conditional statement that asks the back end to return any records with matching fields that correspond to the



I cannot grasp the difference between the two. I would think that the application also crafts an SQL query or LDAP request to the back-end system with a conditional statement.


How do I visualize this? Thanks!



supplied username and the supplied password






Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)