Web Security and Database Connections

Slide Note
Embed
Share

Explore the importance of storing persistent states in web applications and the various methods to do so efficiently. Discover the LAMP stack and the role of MySQL as the second-most used open-source relational database. Learn about Structured Query Language and its significance in interacting with databases.

maw_gen
maw_gen Follow

Uploaded on Sep 12, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Web Security Structured Query Language Connor Nelson Arizona State University

  2. Storing State Web applications would like to store persistent state Otherwise it's hard to make a real application, as cookies can only store small amounts of information Where to store the state? Memory Filesystem Flat XML file Database Most common for modern web applications Adam Doup , Software Security

  3. Web Applications and the Database Pros ACID compliance Concurrency Separation of concerns Can run database on another server Can have multiple web application processes connecting to the same database Cons More complicated to build and deploy Adding another language to web technology (SQL) Adam Doup , Software Security

  4. LAMP Stack Classic web application model L Linux A Apache M MySQL P PHP Nice way to think of web applications, as each component can be mixed and swapped Underlying OS Web server Database Web application language/framework Adam Doup , Software Security

  5. MySQL Currently second-most used open-source relational database What is the first? First release on May 23rd1995 Same day that Sun released first version of Java Sun eventually purchased MySQL (the company) for $1 billion in January 2008 Adam Doup , Software Security

  6. Adam Doup, Software Security

  7. Structured Query Language Special purpose language to interact with a relational database Multiple commands SELECT UPDATE INSERT Some slight differences between SQL implementations Adam Doup , Software Security

  8. #CREATE TABLE CREATE TABLE <table> (<columns>)

  9. #CREATE TABLE CREATE TABLE <table> (<columns>) CREATE TABLE users (username, password) users username password

  10. #INSERT INTO INSERT INTO <table> VALUES (<values>)

  11. #INSERT INTO INSERT INTO <table> VALUES (<values>) INSERT INTO users VALUES ("admin", "admin") users users username password username password admin admin

  12. #INSERT INTO INSERT INTO <table> VALUES (<values>) INSERT INTO users VALUES ("connor", "password123") users users username password username password admin admin admin admin connor password123

  13. #INSERT INTO INSERT INTO <table> VALUES (<values>) INSERT INTO users VALUES ( kanak", "hunter2") users users username password username password admin admin admin admin connor password123 connor password123 kanak hunter2

  14. #SELECT SELECT <columns> FROM <table> WHERE <conditions>

  15. #SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT username, password FROM users users result username password username password admin admin admin admin connor password123 connor password123 kanak hunter2 kanak hunter2

  16. #SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT username FROM users users result username password username admin admin admin connor password123 connor kanak hunter2 kanak

  17. #SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT * FROM users users result username password username password admin admin admin admin connor password123 connor password123 kanak hunter2 kanak hunter2

  18. #SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT * FROM users WHERE username = "admin" users result username password username password admin admin admin admin connor password123 kanak hunter2

  19. #SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT * FROM users WHERE username = "admin" and password = "password" users result username password username password admin admin connor password123 kanak hunter2

  20. #SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT * FROM users WHERE username = "admin" and password = "admin" users result username password username password admin admin admin admin connor password123 kanak hunter2

  21. #DELETE DELETE FROM <table> WHERE <conditions>

  22. #DELETE DELETE FROM <table> WHERE <conditions> DELETE FROM users WHERE username = "kanak" users users username password username password admin admin admin admin connor password123 connor password123 kanak hunter2

  23. #UPDATE UPDATE <table> SET <assignments> WHERE <conditions>

  24. #UPDATE UPDATE <table> SET <assignments> WHERE <conditions> UPDATE users SET password = "password456" WHERE username = "connor" users users username password username password admin admin admin admin connor password123 connor password456

  25. #UNION <select> UNION <select>

  26. #UNION <select> UNION <select> SELECT username FROM users UNION SELECT password FROM users users result username password username admin admin admin connor password456 connor admin password456

  27. #The Schema Table SELECT tbl_name FROM sqlite_master users result username password tbl_name admin admin users connor password456

  28. #DROP TABLE DROP TABLE <table>

  29. #DROP TABLE DROP TABLE <table> DROP TABLE users users username password admin admin connor password456

Related


Database Design Process and Concepts

Database Design Process and Concepts

eithan
Database Security Measures and Controls

Database Security Measures and Controls

aristotle
Performers and Programs Database Webinar - Overview and Features

Performers and Programs Database Webinar - Overview and Features

leyla
The World of Azure Database Offerings

The World of Azure Database Offerings

kbeat
Understanding Web Hosting and Server Types

Understanding Web Hosting and Server Types

trac_189
Overview of Database Systems Architecture and Languages

Overview of Database Systems Architecture and Languages

izuku
Understanding Database Management Systems and Concepts

Understanding Database Management Systems and Concepts

ranveer
Understanding Entity-Relationship Diagrams (ERD) for Database Design

Understanding Entity-Relationship Diagrams (ERD) for Database Design

corbin
Understanding Database Systems in IT

Understanding Database Systems in IT

haisley
Introduction to Database Security and Countermeasures

Introduction to Database Security and Countermeasures

ailbe
Understanding Database Management Systems (DBMS)

Understanding Database Management Systems (DBMS)

salma
Understanding SQL: Major Aspects and Functionality in Database Applications

Understanding SQL: Major Aspects and Functionality in Database Applications

nojus
OWASP Bricks - Web Application Security Learning Platform

OWASP Bricks - Web Application Security Learning Platform

aleia
Semantic Web Technologies and Knowledge Representation Overview

Semantic Web Technologies and Knowledge Representation Overview

aris_eel
Guide to Importing and Organizing Station Catalogs and Weather Data

Guide to Importing and Organizing Station Catalogs and Weather Data

keon511
Database Design Principles and Management Overview

Database Design Principles and Management Overview

esha
Introduction to Database Management System Explained

Introduction to Database Management System Explained

delia
Oracle 19c Standard Edition: RAC Migration and Database Solutions Overview

Oracle 19c Standard Edition: RAC Migration and Database Solutions Overview

rowe
Understanding Neo4j Graph Database Fundamentals

Understanding Neo4j Graph Database Fundamentals

eugenia
National Database of Cooperatives: Ministry of Cooperation Initiatives

National Database of Cooperatives: Ministry of Cooperation Initiatives

philomena
Costs and Risks of Implementing a Database Approach

Costs and Risks of Implementing a Database Approach

brecken
Database Implementation Issues in Programming Studio

Database Implementation Issues in Programming Studio

blue
Introduction to Database Systems and SQL Programming

Introduction to Database Systems and SQL Programming

eithne
Understanding SQL Server Database Recovery Models and Backup Strategies

Understanding SQL Server Database Recovery Models and Backup Strategies

fabienbe

More Related Content

Understanding Web Accessibility and Its Importance
Understanding Web Accessibility and Its Importance
Understanding Database Normalization and Functional Dependencies
Understanding Database Normalization and Functional Dependencies
Understanding Properties of Database Transactions
Understanding Properties of Database Transactions
Efficient SQL Database Maintenance for Performance
Efficient SQL Database Maintenance for Performance
Exploring Links Between Convex Geometry and Query Processing
Exploring Links Between Convex Geometry and Query Processing
Understanding Entity-Relationship Model in Database Systems
Understanding Entity-Relationship Model in Database Systems
Understanding Flask-SQLAlchemy for Efficient Database Management
Understanding Flask-SQLAlchemy for Efficient Database Management
Understanding Database Basics for ASP.NET Development
Understanding Database Basics for ASP.NET Development
Understanding Internet Basics and Web Browsers
Understanding Internet Basics and Web Browsers
Exploring the Fundamentals of Web Engineering
Exploring the Fundamentals of Web Engineering
Understanding Entity-Relationship Modeling in Database Systems
Understanding Entity-Relationship Modeling in Database Systems
Understanding the Role of Security Champions in Organizations
Understanding the Role of Security Champions in Organizations
Understanding the Roles of a Security Partner
Understanding the Roles of a Security Partner
Introduction to Entity Core Framework in C# and EF
Introduction to Entity Core Framework in C# and EF
Mastering Web Scraping with Python
Mastering Web Scraping with Python
BCA 601(N): Computer Network Security
BCA 601(N): Computer Network Security
Introduction to Database Management Systems
Introduction to Database Management Systems
Understanding Sensor-Based Mobile Web Fingerprinting and Attacks
Understanding Sensor-Based Mobile Web Fingerprinting and Attacks
Understanding Web Security Fundamentals in Networking
Understanding Web Security Fundamentals in Networking
E-Commerce Web Application Development Prototype for an Online Store
E-Commerce Web Application Development Prototype for an Online Store
Introduction to Web and HTTP Protocols in Data Communication Networks
Introduction to Web and HTTP Protocols in Data Communication Networks
Understanding the Fundamentals of Web Front-End Development
Understanding the Fundamentals of Web Front-End Development
Understanding Web Technologies and Internet Standards
Understanding Web Technologies and Internet Standards
Exploring Graph Structure in the Web: A Comprehensive Analysis
Exploring Graph Structure in the Web: A Comprehensive Analysis