Web Security and Database Connections

Slide Note
Embed
Share

Explore the importance of storing persistent states in web applications and the various methods to do so efficiently. Discover the LAMP stack and the role of MySQL as the second-most used open-source relational database. Learn about Structured Query Language and its significance in interacting with databases.


Uploaded on Sep 12, 2024 | 0 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Web Security Structured Query Language Connor Nelson Arizona State University

  2. Storing State Web applications would like to store persistent state Otherwise it's hard to make a real application, as cookies can only store small amounts of information Where to store the state? Memory Filesystem Flat XML file Database Most common for modern web applications Adam Doup , Software Security

  3. Web Applications and the Database Pros ACID compliance Concurrency Separation of concerns Can run database on another server Can have multiple web application processes connecting to the same database Cons More complicated to build and deploy Adding another language to web technology (SQL) Adam Doup , Software Security

  4. LAMP Stack Classic web application model L Linux A Apache M MySQL P PHP Nice way to think of web applications, as each component can be mixed and swapped Underlying OS Web server Database Web application language/framework Adam Doup , Software Security

  5. MySQL Currently second-most used open-source relational database What is the first? First release on May 23rd1995 Same day that Sun released first version of Java Sun eventually purchased MySQL (the company) for $1 billion in January 2008 Adam Doup , Software Security

  6. Adam Doup, Software Security

  7. Structured Query Language Special purpose language to interact with a relational database Multiple commands SELECT UPDATE INSERT Some slight differences between SQL implementations Adam Doup , Software Security

  8. #CREATE TABLE CREATE TABLE <table> (<columns>)

  9. #CREATE TABLE CREATE TABLE <table> (<columns>) CREATE TABLE users (username, password) users username password

  10. #INSERT INTO INSERT INTO <table> VALUES (<values>)

  11. #INSERT INTO INSERT INTO <table> VALUES (<values>) INSERT INTO users VALUES ("admin", "admin") users users username password username password admin admin

  12. #INSERT INTO INSERT INTO <table> VALUES (<values>) INSERT INTO users VALUES ("connor", "password123") users users username password username password admin admin admin admin connor password123

  13. #INSERT INTO INSERT INTO <table> VALUES (<values>) INSERT INTO users VALUES ( kanak", "hunter2") users users username password username password admin admin admin admin connor password123 connor password123 kanak hunter2

  14. #SELECT SELECT <columns> FROM <table> WHERE <conditions>

  15. #SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT username, password FROM users users result username password username password admin admin admin admin connor password123 connor password123 kanak hunter2 kanak hunter2

  16. #SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT username FROM users users result username password username admin admin admin connor password123 connor kanak hunter2 kanak

  17. #SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT * FROM users users result username password username password admin admin admin admin connor password123 connor password123 kanak hunter2 kanak hunter2

  18. #SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT * FROM users WHERE username = "admin" users result username password username password admin admin admin admin connor password123 kanak hunter2

  19. #SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT * FROM users WHERE username = "admin" and password = "password" users result username password username password admin admin connor password123 kanak hunter2

  20. #SELECT SELECT <columns> FROM <table> WHERE <conditions> SELECT * FROM users WHERE username = "admin" and password = "admin" users result username password username password admin admin admin admin connor password123 kanak hunter2

  21. #DELETE DELETE FROM <table> WHERE <conditions>

  22. #DELETE DELETE FROM <table> WHERE <conditions> DELETE FROM users WHERE username = "kanak" users users username password username password admin admin admin admin connor password123 connor password123 kanak hunter2

  23. #UPDATE UPDATE <table> SET <assignments> WHERE <conditions>

  24. #UPDATE UPDATE <table> SET <assignments> WHERE <conditions> UPDATE users SET password = "password456" WHERE username = "connor" users users username password username password admin admin admin admin connor password123 connor password456

  25. #UNION <select> UNION <select>

  26. #UNION <select> UNION <select> SELECT username FROM users UNION SELECT password FROM users users result username password username admin admin admin connor password456 connor admin password456

  27. #The Schema Table SELECT tbl_name FROM sqlite_master users result username password tbl_name admin admin users connor password456

  28. #DROP TABLE DROP TABLE <table>

  29. #DROP TABLE DROP TABLE <table> DROP TABLE users users username password admin admin connor password456

More Related Content