Assignment #4 – Understanding SQL Injections and other Database Topics
Answer the following questions and explain with as much detail as necessary each of the concepts, or
what the SQL injections will potentially do.
What will we do?
1. Assignment #4 – Understanding SQL Injections and other Database Topics
Answer the following questions and explain with as much detail as necessary each of the concepts, or
what the SQL injections will potentially do.
What will we do?
1. Explain the concept of Cascading authorizations in your own words.
2. What are the disadvantages of Database Encryption? When would you choose to encrypt a
database?
3. Consider an SQL statement:
SELECT id, forename, surname FROM authors WHERE forename ‘john’ AND surname ‘smith’
A. What is this statement intended to do?
B. Assume the forename and surname fields are being gathered from user-supplied input, and
suppose the user responds with:
I. Forename: jo’hn
II. Surname: smith
III. What will be the effect?
C. Now suppose the user responds with:
I. Forename: jo’; drop table authors–
II. Surname: smith
III. What will be the effect?
4. The below shows a fragment of code that implements the login functionality for a database
application. The code dynamically builds an SQL query and submits it to a database.
5. The SQL command word UNION is used to combine the result sets of 2 or more SQL SELECT
statements. For the login code in Question #4, suppose a user enters the following into the login
field:
’ UNION SELECT cardNo FROM CreditCards WHERE acctNo 10032 – –
What is the effect?
Why are we doing this?
Understanding the issue of SQL Injections can help inform the way you write code or manage people
who write code that could cause a serious breach of personal user data – including sensitive financial
data. Health data, etc. If you ever get tasked with managing Databases, you should understand the risks
so that you can take steps to mitigate such risks moving forward.
Learning Objectives
This assignment makes use of multiple course objectives
• Describe and explain information security threats, vulnerabilities, and attack types.
• Identify information security requirements for organizations and systems.
• Explain Integral parts of best practices in information security
2. What are the disadvantages of Database Encryption? When would you choose to encrypt a
database?
3. Consider an SQL statement:
SELECT id, forename, surname FROM authors WHERE forename ‘john’ AND surname ‘smith’
A. What is this statement intended to do?
B. Assume the forename and surname fields are being gathered from user-supplied input, and
suppose the user responds with:
I. Forename: jo’hn
II. Surname: smith
III. What will be the effect?
C. Now suppose the user responds with:
I. Forename: jo’; drop table authors–
II. Surname: smith
III. What will be the effect?
4. The below shows a fragment of code that implements the login functionality for a database
application. The code dynamically builds an SQL query and submits it to a database.
5. The SQL command word UNION is used to combine the result sets of 2 or more SQL SELECT
statements. For the login code in Question #4, suppose a user enters the following into the login
field:
’ UNION SELECT cardNo FROM CreditCards WHERE acctNo 10032 – –
What is the effect?
Why are we doing this?
Understanding the issue of SQL Injections can help inform the way you write code or manage people
who write code that could cause a serious breach of personal user data – including sensitive financial
data. Health data, etc. If you ever get tasked with managing Databases, you should understand the risks
so that you can take steps to mitigate such risks moving forward.
Learning Objectives
This assignment makes use of multiple course objectives
• Describe and explain information security threats, vulnerabilities, and attack types.
• Identify information security requirements for organizations and systems.
• Explain Integral parts of best practices in information security