-4

I want to know what type of server facebook uses ? If they use sql server , then is it vulnerable to sql injection ? Are all sql servers vulnerable to sql injection ? I just want to know this information and i have no intention of hacking as i have just started reading sql injection attacks and defense book

AviD
  • 72,138
  • 22
  • 136
  • 218
kishan keswani
  • 29
  • 2
  • 7
  • possible duplicate of [How can I explain SQL injection without technical jargon?](http://security.stackexchange.com/questions/25684/how-can-i-explain-sql-injection-without-technical-jargon) – dr jimbob Aug 02 '14 at 12:59

1 Answers1

2

Facebook uses a custom version of MySQL. The site is almost certainly not vulnerable, since it's basically the biggest target on the web and people have been attacking it for years, mostly without success.

SQL injection vulnerability isn't a weakness in a database, it's a weakness in the application using the database. An SQL engine's job is to execute SQL statements, and injection works by tricking an application into sending statements that the developer didn't intend it to.

Mark
  • 34,390
  • 9
  • 85
  • 134
  • Can sql injection be done only on sql servers? – kishan keswani Aug 02 '14 at 10:53
  • @hellruler - SQL injection by definition requires an SQL database (e.g., oracle, postgresql, sqlite, mysql, MSSQL, etc) and a badly designed application. (It doesn't require the microsoft product with the dumb name of "SQL Server", but better known as MSSQL.) Granted SQL injection is only one type of injection attack; you can have injection attacks on NoSQL databases, code injection in bash/shell/php scripts, etc. Anytime a statement is `eval` (or equivalent) that contains untrusted user input you are vulnerable to an injection attack. It's only SQL injection if its an SQL statement. – dr jimbob Aug 02 '14 at 12:57