sql

A last ditch effort to stop the injection is to escape all
the user Supplied inputs as it is not a guarantee if the injection will all be
stopped depending on the situation

Another method of preventing a SQL injection is with
prepared Statements. These are used by the developer to specify what is SQL
code. This allows the database to distinguish
between code and data (Wichers, Manico, Seil, & Mishra, 2017). this is great as
it stops the altering of queries even if the attacker adds the code.

Now ways that can be used to block/ stop an SQL injection
are very simple such as limiting the amount of numbers and characters accepted
into a input box so that the attacker may not be able to complete their SQL
query/ code in the input box given via a varchar limiter to 18 characters like
most login sites

So, a SQL injection is a type of attack in which the attacker adds SQL code to a web input box to
gain access to resources or make changes to data (Rouse,
n.d.)this
basically works on a login page and the user puts in a password and username
that belongs to them but most of these don’t have a security thing to stop
other SQL queries so basically, they can be used to alter databases. This could
be bad for our scenario as the attacker could alter the prices for all the
customers to have to pay so they would have to pay exceptionally more causing
them not to want to use you.

 

Using your own
relational database solution as context, describe what an SQL Injection Attack
is, and what steps you can take to protect your database solution from such an
attack?

 

another benefit would have been you can add your own
validation rules to the database so you can ‘Enforce governance across data’ (mongoDB,
NoSQL Database Explained, n.d.) so you can still use
this schema and not be limited to anything in that way. This further cement why
NoSQL would have been better as you have less limitations so when people used
your database they would be able to identify the error they had made so when
they entered new stock records they were able to know what was done wrong and
fix it so they wouldn’t have a limit in the sense of errors.

Another benefit to have used NoSQL would have been that you wouldn’t
have been slowed down when trying to insert data in real-time which is great as
you won’t have to worry about service interruptions which would have made the
assignment easier as we wouldn’t have had to worry about if the database would
have ran when setting it up more over the risk of crashing would have been
lower when completing the left side search as the data would have been readily
available and ready for use compared to a fixed Schema.

Now this would be a benefit if we had used it in our
assignments as it would have allowed us to make changes to the database without
any interruptions as the schema has no set schema as so any altercations aren’t
limited to what the schema can allow you to do as if you wanted to add another
column for customer last name so that it is spit up into 2 columns in the
customer order table you would have to add
the new column then migrate the entire database to the new schema which takes
time (mongoDB, NoSQL Database Explained, n.d.)e and effort into
doing as you have that limitation in place.

First, let’s discuss what Dynamic Schema now this determines the way an application handles its
data (mongoDB, n.d.). now compared to
a normal relational database in which you must define the schema you are using
before you can implement any of your data types. This as such limits you as companies
tend to grow and newer technology is made and you would want to be at the top
of the business world as a NoSQL database allows you to avoid this limitation as you can enter data types
without a predefined schema (mongoDB, n.d.)

“Describe what is
meant by the NoSQL term ‘Dynamic Schema’, and what benefits could the use of a
Dynamic Schema have over relational database Fixed Schemas, such as that
currently used in your SQL database solution?”