European Journal of Scientific Research ISSN 1450-216X Vol.38 No.4 (2009), pp 604-611 © EuroJournals Publishing, Inc. 2009 http://www.eurojournals.com/ejsr.htm SQLIPA: An Authentication Mechanism Against SQL Injection Shaukat Ali Department of Computer Science, University of Peshawar, Peshawar N.W.F.P, Pakistan E-mail: shaukat191@yahoo.com Tel: +923469015382 Azhar Rauf Department of Computer Science, University of Peshawar, Peshawar N.W.F.P, Pakistan E-mail: azhar.rauf@upesh.edu.pk Tel: +92919216732 Huma Javed Department of Computer Science, University of Peshawar, Peshawar N.W.F.P, Pakistan E-mail: humajaved15@yahoo.com Tel: +92919216732 Abstract Web application has been developed with very rapid progress. Web applications use database at backend for storing data and SQL for insertion and retrieval of data. There are some malicious attacks which can deceive this SQL. These attacks are called SQL injection. To stop SQL injection many techniques have been proposed but they require large code modification and/or large extra time overhead. The work of this paper proposes a technique using hash values of user name and password, to improve the authentication process. We had built a prototype, SQL Injection Protector for Authentication (SQLIPA), for the evaluation of idea. Keywords: Database security, SQL injection, Authentication 1. Introduction In Today’s world of ubiquities computing every person remains connected to the internet. In these situations the web security is very necessary and it is a challenging part of the web applications(A. Kiezun and Ernst 2009). A number of techniques are in use for securing the web applications. The most common way is the authentication process through the username and password. One of the major problems in the authentication process is the input validation checking (Boyd and Keromytis 2004; K. Wei and Kothari 2006; R. Ezumalai 2009). There are some major threads in web application security for example SQL injection and Buffer overflow which can break the web application security (Geer 2008).