From 95d4f3101ad8c0636616fa821956c8d8213bd26a Mon Sep 17 00:00:00 2001
From: Thomas Vanbesien <tvanbesi@proton.me>
Date: Mon, 30 Mar 2026 15:43:25 +0200
Subject: Edit notes.md

---
 SQL injection 1/Resources/notes.md | 1 +
 SQL injection 2/Resources/notes.md | 1 +
 2 files changed, 2 insertions(+)

diff --git a/SQL injection 1/Resources/notes.md b/SQL injection 1/Resources/notes.md
index 3292f86..7151223 100644
--- a/SQL injection 1/Resources/notes.md	
+++ b/SQL injection 1/Resources/notes.md	
@@ -31,3 +31,4 @@
 
 - Don't show SQL errors on the front-end because it gives attackers clues about the database and the queries that can be used to exploit them
 - Don't include untrusted, unfiltered and/or unsanitized input into a SQL query
+- Give the least amount of privileges to database users (for example, they should not be able to read meta information tables like `information_schema` etc)
diff --git a/SQL injection 2/Resources/notes.md b/SQL injection 2/Resources/notes.md
index 282802f..fb7c96e 100644
--- a/SQL injection 2/Resources/notes.md	
+++ b/SQL injection 2/Resources/notes.md	
@@ -26,3 +26,4 @@
 
 - Don't show SQL errors on the front-end because it gives attackers clues about the database and the queries that can be used to exploit them
 - Don't include untrusted, unfiltered and/or unsanitized input into a SQL query
+- Give the least amount of privileges to database users (for example, they should not be able to read meta information tables like `information_schema` etc)
-- 
cgit v1.2.3