1.Describe way(s) to tune the SQL table in order to
optimize performance.
2. Explain SQL Injection and how can you prevent them?
Answer / jerry joseph
1. identify and create optimal indexes for your tables
every table should have at least a clustered index
Indexes should be considered on all columns that are
frequently accessed by the WHERE, ORDER BY, GROUP BY, TOP,
and DISTINCT clauses
Static tables can be more heavily indexed that dynamic tables
2. An SQL Injection attack is a form of attack that comes
from user input that has not been checked to see that it is
valid. The objective is to fool the database system into
running malicious code that will reveal sensitive
information or otherwise compromise the server.
Example:
StrSQL = "SELECT * from Users WHERE username = '" +
txtUserName.Text + "' AND password = '" + txtPassword.Text +
"'";
if txtUserName is entered as "admin' OR 1 = 1;--" the query
becomes
"SELECT * from Users WHERE username = 'admin' OR 1 = 1;--'
AND password = '" + txtPassword.Text + "'"
user logs in as admin
Prevention :
Use Parameterized Queries or Stored Procedures to prevent
SQL Injection.
Is This Answer Correct ? | 0 Yes | 0 No |
What is sql injection? How to protect against sql injection attack?
How do I debug a stored procedure in sql server?
How can sql injection be stopped? : sql server security
i use few third party softwares. they r all having their own databases . but the data is repeated in all these databases - say a person is in all the three databases, but his name is stoared in diff format in all databases i want to create a centralised database ,and i dont want to re-enter the records . using the exisating records how can i build a centralised database?
How do we upgrade from SQL Server 6.5 to 7.0 and 7.0 to 2000?
What is a cube? : sql server analysis services, ssas
How to declare a cursor with "declare ... Cursor" in ms sql server?
how do u find least salary in a table
explain the storage models of olap? : Sql server database administration
What is cursors?
Can I delete event logs?
How to make a remote connection in a database?