Identify the critical security vulnerability in the following Node.js code snippet that constructs an SQL query:

Node.js interview question for Advanced practice.

Answer

The query is vulnerable to SQL Injection because user input is directly concatenated into the query string.

Explanation

This code is a classic example of a SQL Injection vulnerability. By embedding the username and password variables directly into the query string, an attacker could provide malicious input to bypass authentication or manipulate the database. While hashing the password (C) is also a critical security practice, the immediate vulnerability in the provided SQL construction is injection. The correct way to fix this is to use parameterized queries (prepared statements), which separate the SQL command from the data.

Identify the critical security vulnerability in the following Node.js code snippet that constructs an SQL query:

Answer

Explanation

Related Questions