In computing, a database is an organized collection of data stored and accessed electronically.
A database management system (DBMS) is the software that interacts with end-users, applications, and the database itself to capture and analyze the data.
Uses of DBMS:-
Real-world entity:-A modern DBMS is more realistic, and its architecture is based on real-world elements. It also takes advantage of the properties and behavior. A school database, for example, might employ students as an entity and their age as a property.
Relation-based tables:- Tables are created in DBMS by combining entities and their relationships. By simply looking at the table names, a user can figure out how a database is structured.
Isolation of data and application:- A database system is not the same as the data it stores. A database is an active entity, whereas data, on which the database works and organizes, is said to be passive. To make its own process easier, DBMS saves metadata, which is data about data.
Less redundancy:- When any of a relation's characteristics have redundancy in values, DBMS follows the rules of normalization, which separates the relation. Normalization is a scientific and mathematically complex procedure for reducing data redundancy.
Consistency:-Every relation in a database must be consistent in order for the database to be consistent. There are approaches and strategies that can detect attempts to leave a database in a state of inconsistency. When opposed to older data storage applications such as file-processing systems, a DBMS can give more consistency.
Query Language:- A query language is included in the DBMS, making data retrieval and manipulation more efficient. To extract a set of data, a user can utilise as many and as different filtering choices as needed. It was previously impossible where a file-processing system was used.
Application of DBMS:-
ACID Properties:−DBMS follows the concepts of Atomicity, Consistency, Isolation, and Durability (normally shortened as ACID). These principles are used to manipulate data in a database through transactions. In multi-transactional situations and in the event of failure, ACID features assist the database to stay healthy.
Multiuser and Concurrent Access:− The DBMS enables a multi-user environment, allowing multiple users to access and manipulate data at the same time. Although there are limitations on transactions when many users attempt to access the same data item, the users are never aware of them.
Multiple views:− For various users, DBMS provides many perspectives. A Sales department user will see the database differently from a Production department user. Users can get a focused view of the database based on their needs with this functionality.
Security:− Multiple views, for example, provide some security by preventing users from accessing data belonging to other users or departments. When entering data into a database and retrieving it later, DBMS provides mechanisms to set limitations. Multiple users can have distinct perspectives with various functionalities thanks to DBMS's many different levels of security features. A user in the Sales department, for example, cannot see data from the Purchase department. It can also be controlled how much data from the Sales department is displayed to the user. Because DBMSs are not kept on disc-like traditional file systems, it is extremely difficult for criminals to crack the coding.
Users in DBMS:-
A typical database management system (DBMS) has users with various rights and permissions who utilize it for various purposes. Some users retrieve information, while others back it up. A DBMS's users can be roughly classified as follows:-
Administrator:- Administrators are in charge of maintaining the database management system and administering the database. They are in charge of ensuring that it is utilized properly and by whom it should be used. To preserve isolation and enforce security, they construct access profiles for users and apply constraints. Administrators are also responsible for DBMS resources like the system license, needed tools, and other software and hardware maintenance.
Designers:- Designers are the individuals that are responsible for the database's aesthetics. They maintain a tight eye on what data should be saved and how it should be stored. They are in charge of identifying and designing the entire set of entities, relations, constraints, and views.
ER Model:-
The ER model defines a database's conceptual view. It is based on real-world entities and their relationships. The ER model is a viable alternative for developing databases at the view level.
Entity:-
An entity can be an animate or inanimate real-world thing that can be easily identified. Students, professors, classes, and courses provided, for example, can all be considered entities in a school database. All of these entities have certain characteristics or traits that distinguish them.
An entity set is a group of entities that are similar in type. Entities with similar attribute values may be found in an entity set. A Student set, for example, could contain all of a school's students, while a teacher's set could contain all of a school's teachers from all faculties. Entity sets do not have to be disjoint.
Attributes:-
The properties of entities, referred to as attributes, are used to represent them. Every attribute has a value. A student object, for example, might have properties such as name, class, and age.
Attributes have a domain, or range, of values that can be applied to them. A student's name, for example, cannot be a numerical value. It has to be in alphabetical order. The age of a student cannot be negative, for example.
Entity-Set and Keys:-
A key is a single attribute or a group of properties that uniquely identifies an entity inside a set of entities.
A student's roll number, for example, makes him or her identifiable among classmates.
Relationship:-
The link between two or more entities is referred to as a relationship. A student, for example, enrolls in a course, and an employee works in a department. Works at and Enrolls are two types of relationships.
Degree of Relationship:-
The degree of a relationship is determined by the number of participating entities.
Binary = degree 2
Ternary = degree 3
n-ary = degree
Cardinality:-
The number of entities in one entity set that can be linked to the number of entities in another set via a relationship set is known as cardinality.
One-to-one:- A single entity from entity set A can only be linked to one entity from entity set B, and vice versa.
One-to-many:-a one-to-many relationship An entity from entity set A can be linked to several entities from entity set B, however an entity from entity set B can only be linked to one entity.
Many-to-one:- At most one entity from entity set A can be linked to one entity from entity set B, however an entity from entity set B can be linked to several entities from entity set A.
Many-to-many:- A single entity from A can be linked to multiple entities from B, and vice versa.
Some popular DBMS Software:-
MySQL.
Microsoft Access.
Oracle.
PostgreSQL.
dBASE.
FoxPro.
SQLite.
IBM DB2.
In this chapter, we will discuss some basic and important commands of SQL.
Eg:- SELECT * FROM table_name;
Eg:-UPDATE table_name
SET column1 = value1, column2 = value2, ...
WHERE condition;
Eg:- DELETE FROM table_name WHERE condition;
Eg:- INSERT INTO table_name
VALUES (value1, value2, value3, ...);
Eg:- CREATE DATABASE database_name;
Eg:- ALTER DATABASE olddb_name MODIFY NAME= newdbname
Eg:- CREATE TABLE table_name (
column1 datatype,
column2 datatype,
column3 datatype,
....
);
Eg:- ALTER TABLE table_name
ADD column_name datatype;
Eg:- DROP TABLE table_name;
Eg:- CREATE INDEX index_name
ON table_name (column1, column2, ...);
Eg:-DROP INDEX index_name ON table_name;
Ex:- SELECT MIN(column_name)
FROM table_name
WHERE condition;
Ex:- SELECT MAX(column_name)
FROM table_name
WHERE condition;
SQL Injection:- It is the most important concept in Ethical Hacking.SQL injection is a type of code injection that has the potential to completely ruin your database. One of the most frequent web hacking tactics is SQL injection. SQL injection is when malicious code is injected into SQL statements via web page input.
Eg:- 1=1 statement-
Suppose a user is inserting input as 21 OR 1=1
Because OR 1=1 is always TRUE, the SQL above will return ALL entries from the "Users" table.
Does the preceding example appear to be hazardous? What if the table "Users" has both names and passwords?
It will look something like this:-
SELECT * FROM Users WHERE UserId = 21 OR 1=1;
= is always true
uName = getRequestString("username");
uPass = getRequestString("userpassword");
sql = 'SELECT * FROM Users WHERE Name ="' + uName + '" AND Pass ="' + uPass + '"'
By typing " OR ""=" into the user name or password text box, a hacker could gain access to user names and passwords in a database:
It will look something like this if the hacker enters " or ""=" on both user id and password:-
SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""
So, this is the last blog of this series. And this series was for absolute beginners who are either not from any tech background or not so much comfortable with the Computer environment but still passionate about Ethical Hacking/Cyber Security.
So if you’re comfortable up to this and want to learn more in detail with Live Attack tutorial or with Lab then you can check out my Computer training center’s website or you can fill out this form so that I can get back to you asap or you can simply just fill out the query form in this site’s contact section below or you can DM me on my Mobile number or email id for more details.
So, stay updated and keep learning. Will see you in the next blog.