SQL injections are ineffective with perfect secrecy because perfect secrecy, also known as information-theoretic security, implies that the ciphertext provides no information about the plaintext. This means that even if an attacker can inject SQL commands, they would not be able to infer any meaningful information from the results because the results are perfectly encrypted.
SQL injections work by manipulating SQL queries to gain unauthorized access to data. An attacker uses input fields to insert (or “inject”) malicious SQL code. This code can trick the database into executing unintended commands, such as revealing, modifying, or deleting data.
However, with perfect secrecy, the data that an attacker could potentially access through SQL injection is encrypted in such a way that every possible plaintext is equally likely given the ciphertext. This means that the attacker gains no information about the actual data, even if they can manipulate the SQL queries.
In other words, even if an attacker successfully performs an SQL injection attack, the data they retrieve will be useless to them because it’s perfectly encrypted.