Global ETD Search

221	Säkerheten i webbapplikationer mot SQL- injektionsattacker : En studie av tekniker, säkerhetspåverkan och förekommande skyddslösningar Hanna Malko, Ranim January 2023 (has links) Web applications constitute an essential part of our daily lives, providing us access to significant online services and information. Despite their advantages, they are also vulnerable to security threats, particularly SQL injection attacks. SQL injection is a vulnerability that arises when an attacker inserts malicious SQL queries through user input parameters in a web application. This attack can have severe consequences, such as exposing sensitive information. The purpose of this study is to investigate and analyze the security of web applications against SQL injection attacks. This is achieved by examining SQL injection techniques, their impact on security and integrity, as well as the most common protective solutions. The goal of the study is to enhance and improve the security of applications and protect users from potential security risks. To achieve this, a combination of literature study and practical investigations is conducted. A literature review is performed to identify SQL injection techniques, security risks, and the most prevalent protective solutions. Subsequently, these factors are evaluated and analyzed to determine the effectiveness of the techniques using the penetration testing tool SQLmap. The results of the study indicate that the most common and effective attack techniques are Inband SQL injection and Inferential SQL injection. These techniques can have severe implications for users, businesses, and society at large, such as unauthorized access to protected data, data manipulation in databases, and the compromise of confidentiality and data integrity. To safeguard against such attacks, it is crucial to employ defensive coding practices, including the use of prepared statements with parameterized queries and input validation. However, manual implementation remains challenging. A combination of automated prevention techniques and best coding practices should be employed to ensure a reliable database protected against SQL injections, even concerning stored procedures that are difficult to prevent with existing automated prevention techniques. / Webbapplikationer utgör en viktig del av vårt dagliga liv och ger oss tillgång till betydelsefulla onlinetjänster och information. Trots deras fördelar är de också sårbara för säkerhetshot, särskilt SQL-injektionsattacker. SQL-injektion är en sårbarhet som uppstår när en angripare infogar skadliga SQL-frågor genom användarens inmatningsparametrar i en webbapplikation. Attacken medför allvarliga konsekvenser, såsom exponering av känslig information. Syftet med denna studie är att undersöka och analysera säkerheten i webbapplikationer mot SQL-injektionsattacker. Detta genomförs genom att undersöka SQL-injektionstekniker, deras påverkan på säkerhet och integritet, samt de vanligaste skyddslösningarna. Målet med studien är att öka och förbättra säkerheten hos applikationer samt skydda användarna från potentiella säkerhetsrisker. För att åstadkomma detta genomförs en kombination av litteraturstudier och praktiska undersökningar. En litteraturstudie genomförs för att identifiera SQL-injektionstekniker, säkerhetsrisker och de vanligast förekommande skyddslösningarna. Därefter utvärderas och analyseras dessa faktorer för att kunna fastställa effektiviteten hos teknikerna genom användning av penetrationstestningsverktyget SQLmap. Resultaten av studien visar att de vanligaste och mest effektiva attackteknikerna är Inband SQL-injektion och Inferential SQL-injektion. Dessa tekniker kan få allvarliga konsekvenser för användare, företag och samhället i stort, såsom åtkomst till skyddade data, manipulering av data i databasen och förlust av sekretess och dataintegritet. För att skydda mot sådana attacker är det avgörande att använda defensiva kodningsmetoder, inklusive användning av förberedda satser med parametriserade frågor och indatavalidering. Trots detta utgör manuell implementering en utmaning. En kombination av automatiserade förebyggande tekniker och bästa kod-praxis bör användas för att säkerställa en pålitlig databas som är skyddade mot SQL-injektioner, även när det gäller lagrade procedurer som är svåra att förhindra med befintliga automatiserade förebyggande tekniker. SQL injection attack security vulnerabilities data integrity web applications prevention techniques SQL-injektionsattack säkerhetssårbarheter dataintegritet webbapplikationer förebyggande tekniker Software Engineering Programvaruteknik
222	Investigating and Implementing a DNS Administration System Brännström, Anders, Nilsson, Rickard January 2007 (has links) <p>NinetechGruppen AB is an IT service providing company with about 30 employees, primarily based in Karlstad, Sweden. The company began to have problems with their DNS administration because the number of administrated domains had grown too large. A single employee was responsible for all the administration, and text editors were used for modifying the DNS configuration files directly on the name servers. This was an error prone process which also easily led to inconsistencies between the documentation and the real world.</p><p>NinetechGruppen AB decided to solve the administrative problems by incorporating a DNS administration system, either by using an existing product or by developing a new sys-tem internally. This thesis describes the process of simplifying the DNS administration procedures of NinetechGruppen AB.</p><p>Initially, an investigation was conducted where existing DNS administration tools were sought for, and evaluated against the requirements the company had on the new system.</p><p>The system was going to have a web administration interface, which was to be developed in ASP.NET 2.0 with C# as programming language. The administration interface had to run on Windows, use SQL Server 2005 as backend database server, and base access control on Active Directory. Further, the system had to be able of integrating customer handling with the domain administration, and any changes to the system information had to follow the Informa-tion Technology Infrastructure Library change management process.</p><p>The name servers were running the popular name server software BIND and ran on two different Linux distributions – Red Hat Linux 9 and SUSE Linux 10.0.</p><p>The investigation concluded that no existing system satisfied the requirements; hence a new system was to be developed, streamlined for the use at NinetechGruppen AB. A requirement specification and a functional description was created and used as the basis for the development. The finalized system satisfies all necessary requirements to some extent, and most of them are fully satisfied.</p> DNS adminstration system ITIL Active Directory SQL Server ASP.NET 2.0 C# Web architecture Computer science Datavetenskap
223	'n Ondersoek na en bydraes tot navraaghantering en -optimering deur databasisbestuurstelsels / L. Muller Muller, Leslie January 2006 (has links) The problems associated with the effective design and uses of databases are increasing. The information contained in a database is becoming more complex and the size of the data is causing space problems. Technology must continually develop to accommodate this growing need. An inquiry was conducted in order to find effective guidelines that could support queries in general in terms of performance and productivity. Two database management systems were researched to compare die theoretical aspects with the techniques implemented in practice. Microsoft SQL Sewer and MySQL were chosen as the candidates and both were put under close scrutiny. The systems were researched to uncover the methods employed by each to manage queries. The query optimizer forms the basis for each of these systems and manages the parsing and execution of any query. The methods employed by each system for storing data were researched. The way that each system manages table joins, uses indices and chooses optimal execution plans were researched. Adjusted algorithms were introduced for various index processes like B+ trees and hash indexes. Guidelines were compiled that are independent of the database management systems and help to optimize relational databases. Practical implementations of queries were used to acquire and analyse the execution plan for both MySQL and SQL Sewer. This plan along with a few other variables such as execution time is discussed for each system. A model is used for both database management systems in this experiment. / Thesis (M.Sc. (Computer Science))--North-West University, Potchefstroom Campus, 2007. MySQL Microsoft SQL Serve Optimization Queries Index Relational database Query optimizer Execution plan
224	Visualizing Aquatic Species Movement with Spatiotemporal Data from Acoustic and Satellite Transmitters Bajwa, Perabjoth Singh 01 May 2016 (has links) Tracking an individual specimen can be a difficult task especially when one also has to keep track of the environmental factors that affect the tracked specimen’s behavior. The task of tracking these animals becomes impossible when they become submerged in water and their number increases to more than just one. The aquatic species that are being tracked by this project in Lake Pontchartrain and the Gulf of Mexico are: tarpon, scalloped hammerhead, whale shark, tiger shark, yellowfin tuna, spotted seatrout, redfish, and bull shark. We are tracking these fish using acoustic and satellite transmitters. The insertion of transmitters in the fish was handled by the Louisiana Department of Wildlife and Fisheries biologists. The acoustic transmitters were implanted on smaller fish that only swam in Lake Pontchartrain. Due to this, receivers were only implanted at locations across the lake on various types of attachments such as buoys, PVC pipes, and pilings. These receivers were positioned at more than ninety locations in order to maximize the acquisition of detections. These species were tracked in Lake Pontchartrain and the Gulf of Mexico. After this preliminary setup, a constant batch of data was generated on a regular basis and this data was process by the application developed in this project. A Ruby on Rails application was then setup in order to store this data and manipulate it to display an animated track. The application utilizes: Ruby, Rails, HTML, CSS, SQL, JavaScript and multiple third part libraries. Many optimizations were performed in order to ensure reliability and performance when loading a high volume of fish or if a high volume of users were to use the application.
225	Business Intelligence v MS Dynamics AX 2009 / Business Intelligence in MS Dynamics AX 2009 Hubáček, Filip January 2010 (has links) The subject of the diploma thesis entitled "Business Intelligence in Microsoft Dynamics AX" is to analyze the functionality of the ERP system Microsoft Dynamics AX 2009 in the area of Business Intelligence and Reporting with the reflection of the current market position of the company. The goal is to set the basic definition of the relationship between ERP and Business Intelligence systems, further defining the possibilities of MS Dynamics AX in BI in the terms of their practical use and also to describe the fundamental technological aspects. The aim of the work is evaluation and definition particular steps during implementation based on methodology MS Sure Step 2010 together with description of deployment process. As a reflection of insufficient coverage of some of the areas is mentioned solution of the company Circon Circle Consulting. Also is realized proposal for BI for AX cost accounting module, including designing data mart, ETL and report with respect to specifics, such as the parent-child hierarchies and many-to-many relationship between fact tables and dimensions. The contribution of this work is mainly evident for the consultants of the system, to who is provided insight into the important and for users attractive functionality and also is offered possible implementation process. Technically oriented readers may appreciate the solutions for Cost Accounting and potential approaches to the concept of data mart or other areas where they meet the above-mentioned aspects.
226	Reducing impedance mismatch in SQL embeddings for object-oriented programming languages Unknown Date (has links) We survey and compare the different major mechanisms for embedding the relational database language SQL in object-oriented programming languages such as Java and C#, with regard to how much impedance mismatch these embeddings suffer. Here impedance mismatch refers to clarity and performance difficulties that arise because of the nature of the embedding. Because of the central position in the information technology industry of object-oriented programs that access SQL-based relational database systems, reducing impedance mismatch is generally recognized in that industry as an important practical problem. We argue for the suitability of SQL as a database language, and hence for the desirability of keeping SQL as the view provided by a SQL embedding. We make the case that SQLJ, a SQL embedding for Java in which it appears that Java directly supports SQL commands, is the kind of SQL embedding that suffers the least impedance mismatch, when compared with call-level interfaces and object-relational mappings. We propose extensions to SQLJ that would reduce its impedance mismatch even further. / by Jose Luis Hurtado. / Thesis (M.S.C.S.)--Florida Atlantic University, 2012. / Includes bibliography. / Mode of access: World Wide Web. / System requirements: Adobe Reader. SQL (Computer program language) Java (Computer program language) Relational databases
227	A DBMS query language in natural Chinese language form. January 1995 (has links) by Lam Chin-keung. / Thesis (M.Phil.)--Chinese University of Hong Kong, 1995. / Includes bibliographical references (leaves 129-135 (2nd gp.)). / ACKNOWLEDGMENTS --- p.I / ABSTRACT --- p.II / TABLE OF CONTENTS --- p.III / LIST OF FIGURES --- p.VI / LIST OF TABLES --- p.VIII / Chapter CHAPTER 1 --- INTRODUCTION --- p.1 / Chapter 1.1 --- Motivations --- p.1 / Chapter 1.2 --- Objectives --- p.3 / Chapter 1.3 --- More to go --- p.3 / Chapter 1.4 --- Chapter Summary --- p.4 / Chapter CHAPTER 2 --- RELATED WORK --- p.6 / Chapter 2.1 --- Chinese Related Work --- p.6 / Chapter 2.1.1 --- Chinese Natural Language --- p.6 / Chapter 2.1.2 --- Chinesized Query Language From English --- p.7 / Chapter 2.2 --- High Level Database Query Language --- p.8 / Chapter 2.2.1 --- Relational Algebra vs Relational Calculus --- p.9 / Chapter 2.2.2 --- Procedural vs Declarative --- p.10 / Chapter 2.2.3 --- Natural Language (NL) vs Restricted Natural Language (RNL) --- p.11 / Chapter 2.3 --- Database Query Interface --- p.13 / Chapter 2.3.1 --- Linear Textual Interface --- p.13 / Chapter 2.3.2 --- Form-based Interface --- p.14 / Chapter 2.3.3 --- Graphical Interface --- p.14 / Chapter 2.4 --- Remarks --- p.14 / Chapter CHAPTER 3 --- DESIGN PRINCIPLES --- p.16 / Chapter 3.1 --- Underlying Data Model of the new language --- p.16 / Chapter 3.2 --- Problems Under Attack --- p.17 / Chapter 3.2.1 --- Naturalness --- p.17 / Chapter 3.2.2 --- Procedural vs Declarative --- p.19 / Chapter 3.2.3 --- Supports of Chinese Characters --- p.21 / Chapter 3.3 --- Design Principles --- p.22 / Chapter 3.4 --- Chapter Summary --- p.26 / Chapter CHAPTER 4 --- LANGUAGE DEFINITION --- p.28 / Chapter 4.1 --- Language Overvew --- p.28 / Chapter 4.2 --- The Data Manipulation Language --- p.29 / Chapter 4.2.1 --- Relational Operators --- p.30 / Chapter 4.2.2 --- Rail-Track Diagram of Chiql --- p.32 / Chapter 4.2.3 --- The 11-template --- p.33 / Chapter 4.2.4 --- Chiql Examples --- p.37 / Chapter 4.2.5 --- Common Language Constructs --- p.39 / Chapter 4.2.6 --- ONE issue about GROUP BY and RESTRICTION --- p.41 / Chapter 4.3 --- Other Language Features --- p.42 / Chapter 4.3.1 --- Aggregate Functions --- p.43 / Chapter 4.3.2 --- Attribute Alias --- p.44 / Chapter 4.3.3 --- Conditions in Chinese --- p.45 / Chapter 4.3.4 --- Unquantifed Predicates --- p.45 / Chapter 4.3.5 --- sorting --- p.47 / Chapter 4.4 --- Treatment of Quantified Predicates --- p.48 / Chapter 4.5 --- The Data Definition Language --- p.52 / Chapter 4.5.1 --- Create Table --- p.52 / Chapter 4.5.2 --- Drop Table --- p.54 / Chapter 4.5.3 --- Alter Table --- p.54 / Chapter 4.5.4 --- Insert Row --- p.56 / Chapter 4.5.5 --- Delete Row --- p.56 / Chapter 4.5.6 --- Update Row --- p.57 / Chapter 4.5.7 --- Remarks on DDL --- p.58 / Chapter 4.6 --- Chapter Summary --- p.59 / Chapter CHAPTER 5 --- END-USER INTERFACE --- p.61 / Chapter 5.1 --- EUI Overview --- p.61 / Chapter 5.2 --- Design Principles --- p.62 / Chapter 5.2.1 --- Language Independent Aspects --- p.62 / Chapter 5.2.2 --- Language Dependent Aspects --- p.64 / Chapter 5.3 --- Complex Condition Handling --- p.68 / Chapter 5.4 --- Input Sequences of the EUI --- p.71 / Chapter 5.5 --- Query Formulation： An Example --- p.73 / Chapter 5.6 --- Chapter Summary --- p.85 / Chapter CHAPTER 6 --- CHIQL TO SQL TRANSLATIONS --- p.86 / Chapter 6.1 --- Related Work --- p.87 / Chapter 6.2 --- Translation Overview --- p.87 / Chapter 6.2.1 --- "Pass One:Mapping( Input = Chiql, Output = multi-statement SQL)" --- p.89 / Chapter 6.2.2 --- "Pass Two:Nesting(Input = multi-statement SQL, Output = single statement SQL)" --- p.92 / Chapter 6.2.3 --- Technical Difficulties in Chiql/SQL Translation --- p.99 / Chapter 6.3 --- Chapter Summary --- p.106 / Chapter CHAPTER 7 --- EVALUATION --- p.108 / Chapter 7.1 --- Expressiveness Test --- p.108 / Chapter 7.1.1 --- Results --- p.109 / Chapter 7.1.2 --- Implications --- p.111 / Chapter 7.2 --- Usability Evaluation --- p.111 / Chapter 7.2.1 --- Evaluation Methodology --- p.112 / Chapter 7.2.2 --- Result:Completion Time --- p.113 / Chapter 7.2.3 --- Result: Additional Help --- p.116 / Chapter 7.2.4 --- Result： Query Error --- p.116 / Chapter 7.2.5 --- Result： Overall Score --- p.118 / Chapter 7.2.6 --- User Comments --- p.120 / Chapter 7.3 --- Chapter Summary --- p.120 / Chapter CHAPTER 8 --- CONCLUSIONS --- p.122 / Chapter 8.1 --- Thesis Conclusions --- p.122 / Chapter 8.2 --- Future Work --- p.124 / REFERENCES / APPENDIX Database management SQL (Computer program language) Chinese language--Data processing Input design, Computer
228	Análisis, diseño e implementación de un comparador y sincronizador de bases de datos relacionales de distintos manejadores Calderón Garay, Giancarlo Roberto 09 May 2011 (has links) El presente proyecto consiste en el análisis, diseño e implementación de un sincronizador de bases de datos relacionales de distintos manejadores, cuya finalidad es realizar la comparación de objetos entre dos bases de datos y sincronizar dichos objetos de acuerdo a las diferencias encontradas. / Tesis Bases de datos--Administración Bases de datos relacionales
229	Comparing database management systems with SQLAlchemy : A quantitative study on database management systems Fredstam, Marcus, Johansson, Gabriel January 2019 (has links) Knowing which database management system to use for a project is difficult to know in advance. Luckily, there are tools that can help the developer apply the same database design on multiple different database management systems without having to change the code. In this thesis, we investigate the strengths of SQLAlchemy, which is an SQL toolkit for Python. We compared SQLite, PostgreSQL and MySQL using SQLAlchemy as well as compared a pure MySQL implementation against the results from SQLAlchemy. We conclude that, for our database design, PostgreSQL was the best database management system and that for the average SQL-user, SQLAlchemy is an excellent substitution to writing regular SQL. database database management system dbms sqlalchemy sql python database tool Computer and Information Sciences Data- och informationsvetenskap
230	A research in SQL injection. January 2005 (has links) Leung Siu Kuen. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2005. / Includes bibliographical references (leaves 67-68). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgement --- p.iii / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Motivation --- p.1 / Chapter 1.1.1 --- A Story --- p.1 / Chapter 1.2 --- Overview --- p.2 / Chapter 1.2.1 --- Introduction of SQL Injection --- p.4 / Chapter 1.3 --- The importance of SQL Injection --- p.6 / Chapter 1.4 --- Thesis organization --- p.8 / Chapter 2 --- Background --- p.10 / Chapter 2.1 --- Flow of web applications using DBMS --- p.10 / Chapter 2.2 --- Structure of DBMS --- p.12 / Chapter 2.2.1 --- Tables --- p.12 / Chapter 2.2.2 --- Columns --- p.12 / Chapter 2.2.3 --- Rows --- p.12 / Chapter 2.3 --- SQL Syntax --- p.13 / Chapter 2.3.1 --- SELECT --- p.13 / Chapter 2.3.2 --- AND/OR --- p.14 / Chapter 2.3.3 --- INSERT --- p.15 / Chapter 2.3.4 --- UPDATE --- p.16 / Chapter 2.3.5 --- DELETE --- p.17 / Chapter 2.3.6 --- UNION --- p.18 / Chapter 3 --- Details of SQL Injection --- p.20 / Chapter 3.1 --- Basic SELECT Injection --- p.20 / Chapter 3.2 --- Advanced SELECT Injection --- p.23 / Chapter 3.2.1 --- Single Line Comment (--) --- p.23 / Chapter 3.2.2 --- Guessing the number of columns in a table --- p.23 / Chapter 3.2.3 --- Guessing the column name of a table (Easy one) --- p.26 / Chapter 3.2.4 --- Guessing the column name of a table (Difficult one) . --- p.27 / Chapter 3.3 --- UPDATE Injection --- p.29 / Chapter 3.4 --- Other Attacks --- p.30 / Chapter 4 --- Current Defenses --- p.32 / Chapter 4.1 --- Causes of SQL Injection attacks --- p.32 / Chapter 4.2 --- Defense Methods --- p.33 / Chapter 4.2.1 --- Defensive Programming --- p.34 / Chapter 4.2.2 --- hiding the error messages --- p.35 / Chapter 4.2.3 --- Filtering out the dangerous characters --- p.35 / Chapter 4.2.4 --- Using pre-complied SQL statements --- p.36 / Chapter 4.2.5 --- Checking for tautologies in SQL statements --- p.37 / Chapter 4.2.6 --- Instruction set randomization --- p.38 / Chapter 4.2.7 --- Building the query model --- p.40 / Chapter 5 --- Proposed Solution --- p.43 / Chapter 5.1 --- Introduction --- p.43 / Chapter 5.2 --- Natures of SQL Injection --- p.43 / Chapter 5.3 --- Our proposed system --- p.44 / Chapter 5.3.1 --- Features of the system --- p.44 / Chapter 5.3.2 --- Stage 1 - Checking with current signatures --- p.45 / Chapter 5.3.3 --- Stage 2 - SQL Server Query --- p.45 / Chapter 5.3.4 --- Stage 3 - Error Triggering --- p.46 / Chapter 5.3.5 --- Stage 4 - Alarm --- p.50 / Chapter 5.3.6 --- Stage 5 - Learning --- p.50 / Chapter 5.4 --- Examples --- p.51 / Chapter 5.4.1 --- Defensing BASIC SELECT Injection --- p.52 / Chapter 5.4.2 --- Defensing Advanced SELECT Injection --- p.52 / Chapter 5.4.3 --- Defensing UPDATE Injection --- p.57 / Chapter 5.5 --- Comparison --- p.59 / Chapter 6 --- Conclusion --- p.62 / Chapter A --- Commonly used table and column names --- p.64 / Chapter A.1 --- Commonly used table names for system management --- p.64 / Chapter A.2 --- Commonly used column names for password storage --- p.65 / Chapter A.3 --- Commonly used column names for username storage --- p.66 / Bibliography --- p.67 Computer security SQL (Computer program language) Application software--Security measures

Search results