A crucial database, ‘db_prod’, just disappeared from your production MySQL instance. In reviewing the available MySQL logs (General, Audit, or Slow) and your own application level logs, you identified this command from a customer facing application: SELECT id FROM users WHERE login=’payback!’;DROP DATABASE db_prod;’ Which three methods could have been used to prevent this SQL injection attack from happening? (单选题)
A.writing your client code to properly escape all user input
B.giving limited privileges to accounts used by application servers to interact with their backing databases
C.using SSL/TLS on your outward facing web servers (https://) to encrypt all user sessions
D.using a hashing or encryption method to secure all user passwords in your MySQL tables
E.removing any remaining anonymous accounts from your MySQL instance
F.validating all user input before sending it to the database server
G.changing all passwords for the MySQL account ‘root’@’%’ immediately after losing an
employee who knew the current password
