.

Friday, 23 August 2019

Database Security for Electronics Ltd Essay Example | Topics and Well Written Essays - 2000 words

Database Security for Electronics Ltd - Essay Example Database security is the process of protecting the files stored in the database from any malicious attempts of viewing the data or modifying the data (Ramakrishnan & Gehrke, 2003, p 157). The standard language that is used for making an interactive query from and, updating the databases as Microsoft SQL server is known as the Structure Query Language (SQL). This paper tries to analyze the potential issues that are arising from having a database server online. Securities in the software applications are very significant in all the organization that has databases. An SQL injection attack is one of the identified potential issues that might arise from having the databases online. SQL injection attack is a type of an attack that comes from what the user has inputted, and is not well checked to find if the input is valid. SQL Injection attack enables the external users to view information from the database. In other systems that are well designed, it will only include the information that is available to the public. While in a system which is poorly designed, this would only allow the external users in discovering other people’s password (Basta & Zgola, 2012, p 167). The objective of the SQL injection attack is to fool a database system to a running malicious code that will reveal the sensitive data or information or else it may compromise the whole server. SQL injection attacks are of two types; there are the first-order attacks, and the second-order attacks. The first-order attacks happens when the attacker attempts to receive an immediate desired result, this can be by direct response coming from the application that is being interacted to, or it may be some other response mechanisms, for example emails. While the second-order attacks takes place when the attacker attempts to inject some of the data that are going to reside in the database, although the payload will not be activated immediately. Most websites are commonly used in mounting the attack on the database (Cherry, 2011, pg 201). For example, the below is an example for a typical SQL statement that can be used to mount an attack on the website. SELECT ProductName, Unit Price, QuantityperUnit FROM Products WHERE ProductName LIKE ‘F%’ The above SQL statement tries to select the name of the product, the price per unit, and the unit per quantity from where the products are stored where the ProductName must start with a letter F (ProductName LIKE ‘F%’). The main aim of the attackers in database is to make sure that they inject their own SQL into a statement that the application may use when querying the database. For the above SQL statement, just in any case the query was generated from the website; the user must therefore insert the letter ‘F’ as the query. However, if a server side code inserts a user input directly in an SQL statement, the SQL statement may look like this, but it is only fine if the data that is inputted is valid. String sql = â€Å"SELECT ProductName, Unitprice, QuantityPerUnit â€Å"+ â€Å"FROM Products† + WHERE ProductName LIKE ‘†+ search, Text + â€Å"%’; SQL injection attack damages SQL injection attacks have been somehow limited concerning the risks that are associated with unintended disclosure of the data. Today SQL injection has evolved, and it has become the preferred method and, processes that are used by the hackers in breaching well-liked websites. It has also inserted a malware websites. SQL injections alternatively, may

No comments:

Post a Comment