Bird
0
0

You notice your Django site is vulnerable to SQL injection attacks. Which of the following is the most likely cause?

medium📝 Debug Q14 of 15
Django - Security Best Practices
You notice your Django site is vulnerable to SQL injection attacks. Which of the following is the most likely cause?
AUsing raw SQL queries without parameterization.
BForgetting to add {% csrf_token %} in forms.
CSetting ALLOWED_HOSTS to ['*'].
DUsing Django's ORM for database queries.
Step-by-Step Solution
Solution:

  1. Step 1: Identify cause of SQL injection

    SQL injection happens when raw SQL queries include user input without safe parameterization.

  2. Step 2: Evaluate options

    Using Django's ORM prevents SQL injection; forgetting CSRF token or ALLOWED_HOSTS misconfigurations cause other issues.

  3. Final Answer:

    Using raw SQL queries without parameterization. -> Option A

  4. Quick Check:

    Unsafe raw SQL = SQL injection risk [OK]
Quick Trick: Avoid raw SQL; use ORM or parameterized queries [OK]
Common Mistakes:
MISTAKES
  • Confusing CSRF with SQL injection
  • Thinking ALLOWED_HOSTS affects SQL injection
  • Believing ORM causes SQL injection

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Django Quizzes
Caching - Per-view caching - Quiz 5medium Celery and Background Tasks - Why background tasks matter - Quiz 15hard DRF Advanced Features - Why advanced DRF features matter - Quiz 15hard DRF Advanced Features - Serializer validation - Quiz 5medium Deployment and Production - Nginx as reverse proxy - Quiz 1easy Django REST Framework Basics - Generic views in DRF - Quiz 2easy Signals - Receiver decorator - Quiz 11easy Signals - pre_save and post_save signals - Quiz 2easy Testing Django Applications - Testing views with Client - Quiz 6medium Testing Django Applications - Testing API endpoints - Quiz 9hard