Web Security and Database Connections
Explore the importance of storing persistent states in web applications and the various methods to do so efficiently. Discover the LAMP stack and the role of MySQL as the second-most used open-source relational database. Learn about Structured Query Language and its significance in interacting with databases.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Web Security Structured Query Language Connor Nelson Arizona State University
Storing State Web applications would like to store persistent state Otherwise it's hard to make a real application, as cookies can only store small amounts of information Where to store the state? Memory Filesystem Flat XML file Database Most common for modern web applications Adam Doup , Software Security
Web Applications and the Database Pros ACID compliance Concurrency Separation of concerns Can run database on another server Can have multiple web application processes connecting to the same database Cons More complicated to build and deploy Adding another language to web technology (SQL) Adam Doup , Software Security
LAMP Stack Classic web application model L Linux A Apache M MySQL P PHP Nice way to think of web applications, as each component can be mixed and swapped Underlying OS Web server Database Web application language/framework Adam Doup , Software Security
MySQL Currently second-most used open-source relational database What is the first? First release on May 23rd1995 Same day that Sun released first version of Java Sun eventually purchased MySQL (the company) for $1 billion in January 2008 Adam Doup , Software Security
Structured Query Language Special purpose language to interact with a relational database Multiple commands SELECT UPDATE INSERT Some slight differences between SQL implementations Adam Doup , Software Security
#CREATE TABLE CREATE TABLE <table> (<columns>)
#CREATE TABLE CREATE TABLE <table> (<columns>) CREATE TABLE users (username, password) users username password
#INSERT INTO INSERT INTO <table> VALUES (<values>)
#INSERT INTO INSERT INTO <table> VALUES (<values>) INSERT INTO users VALUES ("admin", "admin") users users username password username password admin admin
#INSERT INTO INSERT INTO <table> VALUES (<values>) INSERT INTO users VALUES ("connor", "password123") users users username password username password admin admin admin admin connor password123
#INSERT INTO INSERT INTO <table> VALUES (<values>) INSERT INTO users VALUES ( kanak", "hunter2") users users username password username password admin admin admin admin connor password123 connor password123 kanak hunter2
#SELECT SELECT <columns> FROM <table> WHERE <conditions>
#SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT username, password FROM users users result username password username password admin admin admin admin connor password123 connor password123 kanak hunter2 kanak hunter2
#SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT username FROM users users result username password username admin admin admin connor password123 connor kanak hunter2 kanak
#SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT * FROM users users result username password username password admin admin admin admin connor password123 connor password123 kanak hunter2 kanak hunter2
#SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT * FROM users WHERE username = "admin" users result username password username password admin admin admin admin connor password123 kanak hunter2
#SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT * FROM users WHERE username = "admin" and password = "password" users result username password username password admin admin connor password123 kanak hunter2
#SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT * FROM users WHERE username = "admin" and password = "admin" users result username password username password admin admin admin admin connor password123 kanak hunter2
#DELETE DELETE FROM <table> WHERE <conditions>
#DELETE DELETE FROM <table> WHERE <conditions> DELETE FROM users WHERE username = "kanak" users users username password username password admin admin admin admin connor password123 connor password123 kanak hunter2
#UPDATE UPDATE <table> SET <assignments> WHERE <conditions>
#UPDATE UPDATE <table> SET <assignments> WHERE <conditions> UPDATE users SET password = "password456" WHERE username = "connor" users users username password username password admin admin admin admin connor password123 connor password456
#UNION <select> UNION <select>
#UNION <select> UNION <select> SELECT username FROM users UNION SELECT password FROM users users result username password username admin admin admin connor password456 connor admin password456
#The Schema Table SELECT tbl_name FROM sqlite_master users result username password tbl_name admin admin users connor password456
#DROP TABLE DROP TABLE <table>
#DROP TABLE DROP TABLE <table> DROP TABLE users users username password admin admin connor password456