Ethical Hacking for Beginners (Chapter-10)
DATABASE
In computing, a database is an organized collection of data stored and accessed electronically.
A database management system (DBMS) is the software that interacts with end-users, applications, and the database itself to capture and analyze the data.
Uses of DBMS:-
Real-world entity:-A modern DBMS is more realistic, and its architecture is based on real-world elements. It also takes advantage of the properties and behavior. A school database, for example, might employ students as an entity and their age as a property.
Relation-based tables:- Tables are created in DBMS by combining entities and their relationships. By simply looking at the table names, a user can figure out how a database is structured.
Isolation of data and application:- A database system is not the same as the data it stores. A database is an active entity, whereas data, on which the database works and organizes, is said to be passive. To make its own process easier, DBMS saves metadata, which is data about data.
Less redundancy:- When any of a relation's characteristics have redundancy in values, DBMS follows the rules of normalization, which separates the relation. Normalization is a scientific and mathematically complex procedure for reducing data redundancy.
Consistency:-Every relation in a database must be consistent in order for the database to be consistent. There are approaches and strategies that can detect attempts to leave a database in a state of inconsistency. When opposed to older data storage applications such as file-processing systems, a DBMS can give more consistency.
Query Language:- A query language is included in the DBMS, making data retrieval and manipulation more efficient. To extract a set of data, a user can utilise as many and as different filtering choices as needed. It was previously impossible where a file-processing system was used.
Application of DBMS:-
ACID Properties:−DBMS follows the concepts of Atomicity, Consistency, Isolation, and Durability (normally shortened as ACID). These principles are used to manipulate data in a database through transactions. In multi-transactional situations and in the event of failure, ACID features assist the database to stay healthy.
Multiuser and Concurrent Access:− The DBMS enables a multi-user environment, allowing multiple users to access and manipulate data at the same time. Although there are limitations on transactions when many users attempt to access the same data item, the users are never aware of them.
Multiple views:− For various users, DBMS provides many perspectives. A Sales department user will see the database differently from a Production department user. Users can get a focused view of the database based on their needs with this functionality.
Security:− Multiple views, for example, provide some security by preventing users from accessing data belonging to other users or departments. When entering data into a database and retrieving it later, DBMS provides mechanisms to set limitations. Multiple users can have distinct perspectives with various functionalities thanks to DBMS's many different levels of security features. A user in the Sales department, for example, cannot see data from the Purchase department. It can also be controlled how much data from the Sales department is displayed to the user. Because DBMSs are not kept on disc-like traditional file systems, it is extremely difficult for criminals to crack the coding.
Users in DBMS:-
A typical database management system (DBMS) has users with various rights and permissions who utilize it for various purposes. Some users retrieve information, while others back it up. A DBMS's users can be roughly classified as follows:-
Administrator:- Administrators are in charge of maintaining the database management system and administering the database. They are in charge of ensuring that it is utilized properly and by whom it should be used. To preserve isolation and enforce security, they construct access profiles for users and apply constraints. Administrators are also responsible for DBMS resources like the system license, needed tools, and other software and hardware maintenance.
Designers:- Designers are the individuals that are responsible for the database's aesthetics. They maintain a tight eye on what data should be saved and how it should be stored. They are in charge of identifying and designing the entire set of entities, relations, constraints, and views.
End Users:- End users are the ones who profit from having a database management system. Simple viewers who pay attention to the logs or market rates to advanced users such as business analysts are examples of end-users.
ER Model:-
The ER model defines a database's conceptual view. It is based on real-world entities and their relationships. The ER model is a viable alternative for developing databases at the view level.
Entity:-
An entity can be an animate or inanimate real-world thing that can be easily identified. Students, professors, classes, and courses provided, for example, can all be considered entities in a school database. All of these entities have certain characteristics or traits that distinguish them.
An entity set is a group of entities that are similar in type. Entities with similar attribute values may be found in an entity set. A Student set, for example, could contain all of a school's students, while a teacher's set could contain all of a school's teachers from all faculties. Entity sets do not have to be disjoint.
Attributes:-
The properties of entities, referred to as attributes, are used to represent them. Every attribute has a value. A student object, for example, might have properties such as name, class, and age.
Attributes have a domain, or range, of values that can be applied to them. A student's name, for example, cannot be a numerical value. It has to be in alphabetical order. The age of a student cannot be negative, for example.
Entity-Set and Keys:-
A key is a single attribute or a group of properties that uniquely identifies an entity inside a set of entities.
A student's roll number, for example, makes him or her identifiable among classmates.
Super Key:- A group of properties (one or more) that collectively identifies an entity in an entity set is referred to as a super key.
Candidate Key:- A candidate key is a very simple super key. There may be more than one candidate key in an entity collection.
Primary Key:- A main key is one of the candidate keys used by the database designer to identify the entity collection uniquely.
Relationship:-
The link between two or more entities is referred to as a relationship. A student, for example, enrolls in a course, and an employee works in a department. Works at and Enrolls are two types of relationships.
Degree of Relationship:-
The degree of a relationship is determined by the number of participating entities.
Binary = degree 2
Ternary = degree 3
n-ary = degree
Cardinality:-
The number of entities in one entity set that can be linked to the number of entities in another set via a relationship set is known as cardinality.
One-to-one:- A single entity from entity set A can only be linked to one entity from entity set B, and vice versa.
One-to-many:-a one-to-many relationship An entity from entity set A can be linked to several entities from entity set B, however an entity from entity set B can only be linked to one entity.
Many-to-one:- At most one entity from entity set A can be linked to one entity from entity set B, however an entity from entity set B can be linked to several entities from entity set A.
Many-to-many:- A single entity from A can be linked to multiple entities from B, and vice versa.
Some popular DBMS Software:-
MySQL.
Microsoft Access.
Oracle.
PostgreSQL.
dBASE.
FoxPro.
SQLite.
IBM DB2.
In this chapter, we will discuss some basic and important commands of SQL.
SELECT - extracts data from a database,
Eg:- SELECT * FROM table_name;
UPDATE - updates data in a database,
Eg:-UPDATE table_name
SET column1 = value1, column2 = value2, ...
WHERE condition;
DELETE - deletes data from a database,
Eg:- DELETE FROM table_name WHERE condition;
INSERT INTO - inserts new data into a database,
Eg:- INSERT INTO table_name
VALUES (value1, value2, value3, ...);
CREATE DATABASE - creates a new database,
Eg:- CREATE DATABASE database_name;
ALTER DATABASE - modifies a database,
Eg:- ALTER DATABASE olddb_name MODIFY NAME= newdbname
CREATE TABLE - creates a new table,
Eg:- CREATE TABLE table_name (
column1 datatype,
column2 datatype,
column3 datatype,
....
);
ALTER TABLE - modifies a table,
Eg:- ALTER TABLE table_name
ADD column_name datatype;
DROP TABLE - deletes a table,
Eg:- DROP TABLE table_name;
CREATE INDEX - creates an index (search key),
Eg:- CREATE INDEX index_name
ON table_name (column1, column2, ...);
DROP INDEX - deletes an index,
Eg:-DROP INDEX index_name ON table_name;
MIN():- returns the smallest value of the selected column.
Ex:- SELECT MIN(column_name)
FROM table_name
WHERE condition;
MAX():- returns the largest value of the selected column.
Ex:- SELECT MAX(column_name)
FROM table_name
WHERE condition;
SQL Injection:- It is the most important concept in Ethical Hacking.SQL injection is a type of code injection that has the potential to completely ruin your database. One of the most frequent web hacking tactics is SQL injection. SQL injection is when malicious code is injected into SQL statements via web page input.
Eg:- 1=1 statement-
Suppose a user is inserting input as 21 OR 1=1
Because OR 1=1 is always TRUE, the SQL above will return ALL entries from the "Users" table.
Does the preceding example appear to be hazardous? What if the table "Users" has both names and passwords?
It will look something like this:-
SELECT * FROM Users WHERE UserId = 21 OR 1=1;
= is always true
uName = getRequestString("username");
uPass = getRequestString("userpassword");
sql = 'SELECT * FROM Users WHERE Name ="' + uName + '" AND Pass ="' + uPass + '"'
By typing " OR ""=" into the user name or password text box, a hacker could gain access to user names and passwords in a database:
It will look something like this if the hacker enters " or ""=" on both user id and password:-
SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""
So, this is the last blog of this series. And this series was for absolute beginners who are either not from any tech background or not so much comfortable with the Computer environment but still passionate about Ethical Hacking/Cyber Security.
So if you’re comfortable up to this and want to learn more in detail with Live Attack tutorial or with Lab then you can check out my Computer training center’s website or you can fill out this form so that I can get back to you asap or you can simply just fill out the query form in this site’s contact section below or you can DM me on my Mobile number or email id for more details.
So, stay updated and keep learning. Will see you in the next blog.