Thursday, April 18, 2019
Database Security for Electronics Ltd Essay Example | Topics and Well Written Essays - 2000 words
Database earnest for Electronics Ltd - Essay ExampleDatabase security is the process of protecting the files stored in the database from whatsoever malicious attempts of viewing the data or modifying the data (Ramakrishnan & Gehrke, 2003, p 157). The standard language that is utilize for making an interactive query from and, update the databases as Microsoft SQL server is known as the Structure Query Language (SQL). This paper tries to analyze the authorization issues that are arising from having a database server online. Securities in the software applications are very signifi chamberpott in altogether the organization that has databases. An SQL give upion outrage is one of the identified potential issues that might arise from having the databases online. SQL injection lash out is a type of an attack that comes from what the user has inputted, and is not well checked to find if the input is valid. SQL scene attack enables the external users to view information from the dat abase. In other systems that are well designed, it will further include the information that is available to the public. While in a system which is poorly designed, this would only support the external users in discovering other peoples password (Basta & Zgola, 2012, p 167). The objective of the SQL injection attack is to fool a database system to a running malicious code that will reveal the subtile data or information or else it may compromise the whole server. SQL injection attacks are of 2 types there are the first-order attacks, and the second-order attacks. The first-order attacks happens when the attacker attempts to receive an immediate desired result, this can be by at once rejoinder coming from the application that is being interacted to, or it may be some other response mechanisms, for example emails. While the second-order attacks takes place when the attacker attempts to inject some of the data that are going to await in the database, although the payload will n ot be activated immediately. Most websites are commonly used in mounting the attack on the database (Cherry, 2011, pg 201). For example, the below is an example for a typical SQL statement that can be used to mount an attack on the website. SELECT ProductName, Unit Price, QuantityperUnit FROM Products WHERE ProductName LIKE F% The higher up SQL statement tries to select the name of the product, the price per unit, and the unit per quantity from where the products are stored where the ProductName must start with a letter F (ProductName LIKE F%). The main aim of the attackers in database is to make sure that they inject their own SQL into a statement that the application may use when querying the database. For the above SQL statement, just in any case the query was generated from the website the user must therefore insert the letter F as the query. However, if a server side code inserts a user input directly in an SQL statement, the SQL statement may look like this, but it is only fi ne if the data that is inputted is valid. String sql = SELECT ProductName, Unitprice, QuantityPerUnit + FROM Products + WHERE ProductName LIKE + search, text + % SQL injection attack damages SQL injection attacks have been somehow limited concerning the risks that are associated with unintended revealing of the data. Today SQL injection has evolved, and it has become the preferred method and, processes that are used by the hackers in breaching well-liked websites. It has as well as inserted a malware websites. SQL injections alternatively, may
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.