India, the biggest democratic ruling system in terms of population utilises the Electronic Voting Machine or EVM for their general elections. Any EVM comprises of two units: The Control unit and the Ballot unit. O n g o i n g re s e a rc h h a s i n d i c a t e d m a n y disadvantages in the system. One of the main disadvantages we encounter is that many researchers have claimed that the EVM can easily be tampered with. EVMs also encounter many physical threats. To prevent these drawbacks, we have proposed an online voting s y s t e m w h i c h c o u n t e r m a n y p h y s i c a l difficulties faced by the EVM. One main difficulty in the online system is the SQL Injection attack. SQL injection is messing with the database and controlling it with the help of SQL Queries. Our project focuses on the Tautology based SQL Injection attack. In this attack, a statement whose value will always be true or 1 is passed instead of username and password by the hacker. This allows access to t h e d a t a b a s e w h i c h a l l o w s h i m / h e r t o manipulate it. Manipulation can be of several kinds. Web based Voting is another innovation that is rising which has the possibility of countering numerous downsides looked by the EVMs. The online voting application works as any other web application. Each voter who wants to vote needs to fill all the required details and create an account on the website first. On the day of voting, when voters cast their vote, they need to sign in with their respective credentials. When the credentials match with the data from database, the voter can get to the voting page and make his choice. An affirmation mail is the sent to the client after effectively making the choice. The votes cast by the voters are sent to a separate database which is viewed in the administration s i d e . We u s e s t o r e d p r o c e d u r e s a n d parameterized queries to prevent the Tautology based SQL attack. If a malicious user enters any query which has a value, it will simply be passed as a parameter to the SQL statement and wont be a component of the SQL statement itself, thus rendering the stored procedure invulnerable to SQL injection attacks. We also use the Secure Hash Algorithm 256 (SHA-256). It is a type of cryptographic hash function which generates a unique 256 bit long hash key for each vote. It is a one way function and so it cannot be decrypted. This ensures that the votes are not manipulated.
WEB APPLICATION PROTECTION AGAINST SQL INJECTION ATTACK
