SQL Injection in detail

What is SQL Injection

SQL Injection is the collection of malicious SQL statements that attacks on the security of web applications and software. Attackers access the database and get entire content of database by spoofing the authorization and authentication of web page or web application. They can add, delete and modify the records to database which may cause failure of application or denial of service attack.

How SQL Injection Attack Performed?

To perform SQL Injection attack, attackers need to first find the user inputs into the web application. After finding the inputs, attacker can create input content and send this content to perform the malicious SQL commands on the database. Mostly Relational Database Management System use SQL as query language to perform all database operations so after successful attack on the database, web applications stuck into serious consequences.

Type of SQL Injection Attacks

There are wide variety of SQL vulnerability, techniques and attacks that attacks perform in different situations. Some of most common SQL injection attacks are as follows:

• Hidden Data Attack: In this type of attack, attacker modify the SQL statements to get the additional database from database.
• Application Logic Attack: Attacker modify the logic of SQL command to interfere in the application’s logic.
• Examining Database Attack: In this attack, attacker can get the information about the version and structure of database.
• UNION Attack: After performing this attack, attacker can get the information from different tables of the database.
• Blind SQL Injection Attack: As its name defined, Impact of this type of attack is not displayed in the response of the application.

Impact of SQL Injection Attack

       Attacker can implement the SQL Injection attack to get the credentials of administrator as well as other users of the database. So attackers can act as the impersonated database users with all privileges and can perform any operation on database.

• SQL vulnerability allows the attacker to get the complete access of the Database server and perform the SQL statements to select and output the database data.
• SQL ALTER command is used to alter the information in database. With SQL alter command vulnerability, attacker can get the account number and password of financial institutions users and perform blank transactions, money transfer from one account to other account and void transactions as well.
• In SQL Injection attack, attackers can delete the tables of the database by modifying the SQL Drop command. Deletion of database or tables can create serious problems for the running applications even if database administrator is taking regular backups of the database, as it will take time to restore the backup.
• Attackers can access the operating system of Database servers and then access the internal network of the organisations.  

What is MongoDB? and Why use MongoDB?

What is MongoDB?

MongoDB - one of the NOSQL database is document oriented database used to contain complex and high volume data in efficient manner. This database provides the scalability and flexibility that helps in querying and indexing the data from the documents of the database. Developers can easily learn and use the capabilities to meet the complex requirements at any scale. Being a NOSQL tool, data in database is not stored as usual rows and columns rather than data is stored in the form of key-value pairs. Schema of the database can be designed on the fly and modified without having any downtime.

Why use MongoDB?

1. MongoDB is one of the most commonly used database in this cloud computing scenario. Drivers for the 10 languages are available to embed the MongoDB with your project assignments. Much more features of MongoDB are available here that make it more compatible for the developers:
2. As MongoDB is object oriented database, so data is stored in flexible and JSON like documents. This allows the fields of the documents and data structure vary over time and makes it more usable for industries to store large amount of data.
3. MongoDB provides the user friendly document model, which maps the objects in the application code which makes the code much easier for the developers to create and maintain as well.
4. Ad-hoc Queries, range queries, regular expressions, indexing and real time aggressions provide the powerful ways to access the complete document as well as specific fields within the documents.
5. Replication feature of the MongoDB provides higher availability of the instance of the database. Each replica consists of one or more instance of the database.
6. Being a distributed database, MongoDB provides more accessibility, availability, horizontal scaling and geographic distribution of the database which makes it more easy to work with.
7. Load Balance is one of the most important feature of MongoDB, with the help of horizontal scaling, data is split into multiple instances of database which can be run on multiple servers.
8. MongoDB is free to use and free to extend as it is open source available for developers.  

What is SQL and Advantage of SQL

What is SQL?

SQL commonly listened as the most popular language for accessing the data from the Database Management System. SQL stands for Structured Query Language is the collection of commands that helps the users to store and retrieve the information from database. According to the ANSI – American National Standards Institution, SQL is the standard language for the Relational Database Management System. This language is collection of commands i.e. insert, update, delete, select and drop that includes database creation, deletion, fetching and modifying rows etc. SQL is used by mostly all of the relational database management systems i.e. Oracle, Sybase, Microsoft SQL Server, Access, Ingres and Informix etc.

Advantages of SQL

SQL is most commonly used query language because of its properties and user-friendly query structures. Some of the advantages of the SQL are:

1.  SQL allows the users to access the data from relational database management system.

2.  SQL allows the users to create, update, delete and modify the database and its tables.

3.  Users can define the structure of data with the help of structured query language.

4.  SQL provides the ability to embed within other language using the SQL modules, libraries and pre-compilers.

5. SQL allows the users to set the permission on tables, procedures and views as well as define the roles of different users.

6. Users can create the views, stored procedures and functions with the help of structured query language commands.

7.  The commands in SQL is classified into three categories i.e. Data Manipulation Language(DML), Data Definition Language(DDL) and Data Control Language(DCL).

What is DHTML??

What is DHTML??

DTML stands for Dynamic HTML is the combination of different technologies i.e. HTML, CSS, JavaScript and DOM. DHTML uses the properties of HTML, CSS, JavaScript and Document Object Model (DOM) to create the dynamic webpages. Dynamic HTML is basically used for creating dynamic and animated web pages that are generated in real-time. DHTML implements the Server-side scripting in which the code within the webpage is analysed on the web server and response in the form of HTML is sent to the client browser. It allows different scripting languages to change the look, style as well the content of the webpage when the page is full loaded on the browser on in between the loading process.

Difference between HTML and DHTML??

Before understanding the difference between the HTML and DHTML, we must understand that HTML is just a scripting language and DHTML is the combination of different technologies. Let’s discuss about the basic differences in both of languages:

1.  HTML is client side scripting language whereas DHTML is the server side scripting language.
2.  Animation, games and dynamic content holding webpages can only be created in the Dynamic HTML whereas HTML only creates the Static webpages.
3.  HTML webpages are stored with the extension .html or .htm and DHTML webpages are stored with. dhtm extension.
4.  HTML Tags and extensions are supported on all web browsers whereas some of NETSCAPE NAVIGATOR and INTERNET EXPOLORER of version 4.0 and above supports the DHTML and its extensions.
5. Database connectivity is required for implementing the Dynamic HTML but HTML do not require any database connectivity.
6.  No processing from the web browser is required for loading the HTML pages but DHTML pages requires web browser processing to load the dynamic content.
7.  As the HTML is client side scripting so it is slower process than server side scripting that makes the DHTML much faster than HTML.
8. Tags and their properties can be changed in the Dynamic HTML rather than the HTML which have predefined tags and their properties.
9. Dynamic fonts can be generated in DHTML but not in HTML.