What's a database? - Security threats
Databases are organized collections of data, which supports electronic storage and manipulation of that data. It simplifies the data management. For example, social media platforms have a large amount of circulating data, so they need to store, present and manipulate data for users, friends, activities, ads etc. Thus, a lot of database usages can be count.
 |
| Database schema of university library |
Database management system (DBMS) extracts the information from the database responding to queries. QUERIES are the main way to retrieve the information that is in the database. You are able to insert, search, update and delete database records.
For example, using the library database schema, if we want to display all publishers, the query will be a simple select from, as shown below:
Now this was a very simple query which will display all the publishers in the database. If you want to show the data of publisher name and book name, since publisher_name is in PUBLISHER table and book_title is in BOOKS table, we need to join them, in order to receive the output. We do so by b.publisher_id=p.publisher_id.
If you want to display section and number of books for each section, the query will be as below:
We need to join two tables, BOOKS_SECTION and SECTION, by s.section_id=bs.section_id. This way we will get the section name and ID for each section belonging to the table. The count(*) makes possible the counting of the books in each of the sections.
If you want to display categories that have more than 100 books borrowed in 2019, the query will be as shown:
Firstly, we have to join table CATEGORY with BOOKS, by the category_code. Then, we join BORROWED_BOOKS table on b.isbn=bb.isbn. Since we need all the books borrowed on BORROWED_BOOKS table all year 2019, using where we specify the time we need to count. So, it is from 01 January 2019 to 31 January 2019. After that, the having count (distinct bb.isbn) does the counting of the borrowed books during this period of time. The condition >100 is putted to show the categories which have more than 100 books borrowed in 2019.
MYSQL
MySQL is a popular DMBS that can power projects of any size. Its ability to handle huge volumes of data is one of the biggest advantages and selling points it has. Connecting our projects with databases is easy. Firstly, you need to create a database. I recommend using XAMPP as it is free, easy to use & provides several ways to manage configuration changes. It has the suitable environment for testing MySQL, PHP, Apache and Perl projects.
After having the database ready, we need to load the driver implementation in order to continue with JDBC requests.Then, we create the connection object. The DriverManager class performs as an interface between user and drivers. getConnection is its static method.
 |
| database connection (3) |
 |
| database connection (2) |
Connection with PHP is the same:
database connection (3)
SECURITY THREATS
As showed, databases do make a huge release on information management, but as effective as it is, it can also be easily attacked if not the right security measures are taken. Data is the valuable GOLD these days, and it is important to protect it.
In the case of a small project, like the university library, it would've been a problem is someone knew the password of the database. If that would be the case, then he/she would have access to the data you have stored there, thus validating it. If a small change is made there, then your project may fail. Now imagine what will happen if an attacked would have access on some database of a company, which for sure has more sensitive information than a university project (identities, credentials, bank information etc.). In this case, the responsibility is at higher level.
Easier to fix are the privileges, which still can be very harmful for the data of a company. It may happen that human privileges remain unchanged even when the employer leaves the company. This will lead to exposure of the company and thus directing to a possible attack. That is why companies should stay updated and communicate changes to the staff.
Malware is also enemy of data. Cyber criminals will try to use tactics like phishing and malware to attack your database. Without even noticing that the device is infected, the data will be vulnerable. Phishing is spreading more each day. ProofPoint's State of Phish 2020 reported that around 90% organizations faced spear phishing attacks in 2019. The same survey also indicated that 86% of respondents reported dealing with business email compromise attacks. Another alarming fact is that hackers create over 300,000 new malware daily and on average 30,000 new websites are hacked everyday (these are usually small businesses).
The oldest and most dangerous vulnerability is input injection (SQL injection). This attack enables the hacker to inject code into program/query or inject some malware into a computer, so that he/she can execute commands. they can read or modify the database and even change the data on website. SQL injection executes malicious SQL statements that will control the targeted web application's database server. With that being said, they can attack any website/ web app that uses an SQL-based database.
Companies, developers or website owners should be aware of the dangerous state of hackers these days. Almost every software can be attacked and hacked in some way; that's why cybersecurity is transformed into an everyday issue and MUST for companies. Your business can get attacked and stopped from working one day and this will lead to fatal business consequences. 68% of business leaders claim cybersecurity risks are increasing each day.
73% of black hat hackers have said that traditional firewalls or antivirus security are irrelevant and old protection that can't stop hackers from getting what they want. This is true for targeted attacks, which are implemented by using bots; usually an automated tool has been released to search for specific vulnerability/ software that has a vulnerability. WordPress has this problem often as hackers try to exploit vulnerabilities in popular plugins.