Kurinchi Blogger Scribbles …


Archive for the ‘Linux Database’ Category

Sep 09
2012

SQL Injection: Whitelist validation vs. blacklist validation

Last updated: September 8th, 2012

Whitelist validation refers to data validation techniques such as checking the data type, data length, input range, nature of data by its format (for e.g. phone number will be ten digits separated by hyphens satisfying the format nnn-nnn-nnnn). Regular expressions may be used for format validation in inputs.

Blacklist validation refers to rejecting data based on a know bad list filter. This is not a powerful solution as the list of possible exclusions will be many and it is difficult to implement all possible scenarios. Blacklist validation should be used in conjunction with whitelist validation but in cases where whitelist validation cannot be applied at least blacklist validation should be implemented.

Sep 08
2012

SQL Injection: Database Code Security in Programming

Last updated: September 8th, 2012

Dynamic SQL (concatenated sql string) is a coding practice where by the queries are built in the program and sent to SQL Server for execution. This can allow the code to be injected into the dynamic queries causing a damage to the database.

A good alternative is to use parameterised queries where placeholders are set for the variables. The possibility of queries getting infected with injected code is completely removed with parameterized queries.

In addition to parameterized queries, it is alway a best practice to sanitize the input parameters before using them in queries.

Also the data input should be encoded appropriately especially in case of dynamic sql usage and to apply appropriate encoding when extracted from the database to avoid cross-site script execution.

Jul 08
2009

Mysql: Test database

Last updated: July 7th, 2009

Ever wondered why there is a “test” database in the list of tables when you install MySQL.

This is to allow users to practice MySQL commands or execute complex queries on the database.

“test” database is accessible to everyone who has access to MySQL in your localhost and hence is not advisable if you were to use it for your development. (more…)

Jan 20
2009

windows command prompt mysql start stop

Last updated: April 8th, 2009

To start MySQL service from Windows command prompt

c:\mysql\bin> net start mysql

To stop MySQL service from Windows command prompt

c:\mysql\bin> net stop mysql

Dec 31
2008

MySQL vs. PostgreSQL – Comparison

Last updated: December 31st, 2008

There had often been talks and some times flame wars when there had been comparison between MySQL and PostgreSQL. Each database has its own strength and weaknesses. As an initiative, I thought to do a little research on this topic and to list down the common points gathered in a tabular format. (more…)

Dec 29
2008

MySQL database optimisation series – Right MySQL Data type

Last updated: December 29th, 2008

Numeric Data type in MySQL

Choosing the right data type can create significant improvement in application performance.

Many programmers/developers who opt to choose MySQL as the backend for their operations often fail miserably in choosing the most efficient data types. (more…)

Dec 24
2008

phpMyAdmin – visual interface for MySQL on Windows/Linux

Last updated: April 14th, 2009

phpMyAdmin is a web based interface to MySQL which is written using PHP for Administration of databases. Visual interface provided is intuitive and it saves time for the developers. (ver 3.1.1 is the recommended version as of this writing which runs on PHP 5/MySQL 5)

Step 1: First we need to check MySQL is installed by issuing the following command
[root@user Desktop]# which mysql

If you get …
/usr/bin/mysql
then, it is an indication that MySQL is installed in your machine. (more…)


Valid HTML 4.01 Strict  Valid HTML 4.01 Strict