Web Security and Database Connections

Explore the importance of storing persistent states in web applications and the various methods to do so efficiently. Discover the LAMP stack and the role of MySQL as the second-most used open-source relational database. Learn about Structured Query Language and its significance in interacting with databases.

• Web Security
• Database
• LAMP Stack
• MySQL
• Structured Query Language

maw_gen Follow

Uploaded on Sep 12, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Web Security Structured Query Language Connor Nelson Arizona State University

2. Storing State Web applications would like to store persistent state Otherwise it's hard to make a real application, as cookies can only store small amounts of information Where to store the state? Memory Filesystem Flat XML file Database Most common for modern web applications Adam Doup , Software Security

3. Web Applications and the Database Pros ACID compliance Concurrency Separation of concerns Can run database on another server Can have multiple web application processes connecting to the same database Cons More complicated to build and deploy Adding another language to web technology (SQL) Adam Doup , Software Security

4. LAMP Stack Classic web application model L Linux A Apache M MySQL P PHP Nice way to think of web applications, as each component can be mixed and swapped Underlying OS Web server Database Web application language/framework Adam Doup , Software Security

5. MySQL Currently second-most used open-source relational database What is the first? First release on May 23rd1995 Same day that Sun released first version of Java Sun eventually purchased MySQL (the company) for $1 billion in January 2008 Adam Doup , Software Security

6. Adam Doup, Software Security

7. Structured Query Language Special purpose language to interact with a relational database Multiple commands SELECT UPDATE INSERT Some slight differences between SQL implementations Adam Doup , Software Security

8. #CREATE TABLE CREATE TABLE <table> (<columns>)

9. #CREATE TABLE CREATE TABLE <table> (<columns>) CREATE TABLE users (username, password) users username password

10. #INSERT INTO INSERT INTO <table> VALUES (<values>)

11. #INSERT INTO INSERT INTO <table> VALUES (<values>) INSERT INTO users VALUES ("admin", "admin") users users username password username password admin admin

12. #INSERT INTO INSERT INTO <table> VALUES (<values>) INSERT INTO users VALUES ("connor", "password123") users users username password username password admin admin admin admin connor password123

13. #INSERT INTO INSERT INTO <table> VALUES (<values>) INSERT INTO users VALUES ( kanak", "hunter2") users users username password username password admin admin admin admin connor password123 connor password123 kanak hunter2

14. #SELECT SELECT <columns> FROM <table> WHERE <conditions>

15. #SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT username, password FROM users users result username password username password admin admin admin admin connor password123 connor password123 kanak hunter2 kanak hunter2

16. #SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT username FROM users users result username password username admin admin admin connor password123 connor kanak hunter2 kanak

17. #SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT * FROM users users result username password username password admin admin admin admin connor password123 connor password123 kanak hunter2 kanak hunter2

18. #SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT * FROM users WHERE username = "admin" users result username password username password admin admin admin admin connor password123 kanak hunter2

19. #SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT * FROM users WHERE username = "admin" and password = "password" users result username password username password admin admin connor password123 kanak hunter2

20. #SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT * FROM users WHERE username = "admin" and password = "admin" users result username password username password admin admin admin admin connor password123 kanak hunter2

21. #DELETE DELETE FROM <table> WHERE <conditions>

22. #DELETE DELETE FROM <table> WHERE <conditions> DELETE FROM users WHERE username = "kanak" users users username password username password admin admin admin admin connor password123 connor password123 kanak hunter2

23. #UPDATE UPDATE <table> SET <assignments> WHERE <conditions>

24. #UPDATE UPDATE <table> SET <assignments> WHERE <conditions> UPDATE users SET password = "password456" WHERE username = "connor" users users username password username password admin admin admin admin connor password123 connor password456

25. #UNION <select> UNION <select>

26. #UNION <select> UNION <select> SELECT username FROM users UNION SELECT password FROM users users result username password username admin admin admin connor password456 connor admin password456

27. #The Schema Table SELECT tbl_name FROM sqlite_master users result username password tbl_name admin admin users connor password456

28. #DROP TABLE DROP TABLE <table>

29. #DROP TABLE DROP TABLE <table> DROP TABLE users users username password admin admin connor password456