Hadoop and Bigtable
Posted by Ravi Khanal on Nov 25, 2008
Are Apache Hadoop and Google’s Bigtable becoming the major threat for the relational database?
The relational database is the dominent database till now. When Object Oriented Database came into market. Everybody at that time expected that Object Oriented Database was the evolutionary step in the database and it would replace all the relational databases. But it never happened. The main thing we should note is that although Object Oriented Programming language is so popular, the Object Oriented Database failed. If we look closely for the failure of OODBMS’s against traditional RDBMS then its due to the lack of interoperability with a great number of features and tools that we use with SQL like reporting tools, OLAP tools, backups and recovery standards. Moreover OODBMS had weakness on query support due to the lacking of formal mathematical foundation.
Read the rest of this entry »
SQL Injection Attack
Posted by Ravi Khanal on Nov 10, 2008
SQL Injection is an attack technique used to exploit web sites by altering backend SQL Statements through manipulating application input. It is a technique that takes advantage of non-validated user input data to inject SQL Statements dynamically into the existing ones for execution, and hence, poses a severe security threat to the supposedly secure systems. If attacker can get through some of the system stored procedures and some database server functions, then not only they can steal data from the databases, but also modify and delete it.
Some Examples of SQL Injection attack:
Example 1:
If there is a form which gets value from a Form.
If the form looks like:
Enter Product ID: 124 OR 2=2
Then the corresponding SQL Statement for that will be
select * from products where ProductId = 124 OR 2=2
This statement will always return a Value since 2=2 is always true.
Example 2:
If there is a login validation form and a user inputs like this then,
Login: ‘OR”=’
Password: ‘OR”=’
then the corresponding SQL statement will be
Select IsAuthorized FROM Users where Login = ' ' OR"=" AND Password = ' ' OR"="
Read the rest of this entry »
