+44 203 318 3300 +61 2 7908 3995 help@nativeassignmenthelp.co.uk

Pages: 11

Words: 2845

Data And Knowledge Management

Introduction-Data And Knowledge Management

Get free samples written by our Top-Notch subject experts for taking assignment help services.

Task 1

a) Sql Attack Discussion with problems

SQL attack is a technique through which SQL input can be injected into a webpage. It can be used to express user data by using web page inputs. SQL commands are used for the injection and cause vulnerabilities to the security of web pages. It is a form of a cyber attack through those malpractitioners usages SQL codes for manipulating database and getting access to valuable information in users system. SQL injection is one of the most prevalent and threatening features that can be implemented to attack potential data in users' databases. Through this attack, hackers are able to steal potential data and credentials of users including personal information such as bank details, credit card details, login details, social accounts and much other information. Using this information, hackers can do tremendous harm to the users whose data has been stolen.

Problems with SQL Attacks primarily begin with data-stealing. SQL injection is also known as SQLI. It is a very common attack that deals with backend database manipulation. This SQL attack includes attacks in the supply chain that harm the companies. Problems of SQL injection include the improvement of existing security systems in the database (Yunus et al., 2018). Hence the problems due to SQL injection that can be faced are:

  • Attackers are able to download unauthorized data such as personal data of individuals as well as commercial data of industries.
  • Attackers get the authority to delete or modify data
  • Hackers are able to destroy backups or previously saved data
  • Attackers are able to infect the system with viruses and malware
  • Attackers are able to monitor target systems without hampering or doing any activities. Hence, these types of attacks become very sensitive as the attackers are silently focusing on just following users.
  • Hackers are able to get the authority to allow or disallow access of requests to the user's system. Hence, in a way, hackers become the admin of the system.
  • Attackers are able to follow ransom practices while encrypting or stealing or altering data that are very sensitive.
  • Hackers get the authority to affect their personal life while performing vulnerable actions in social life.
  • They can use data to infiltrate organizations (Sqlshack, 2019).

These are the issues that are faced due to SQL injection attacks. Hence, being a very crucial cyber-attack form, SQL attacks helps the malpractitioner to deep dive into crucial information and highly secured information too.

The issue faced by the organizations regarding hacking can be solved if there are policies that are implemented that ensure their work procedures are kept hidden. This is accomplished in a manner that ensures that only the members of the organisation who are working with the internal data can access this information. In case all the members of the organisation are allowed access to this information, people will be able to easily access this information and possibly send the data out to the people willing to pay a price for these data.

b) Schema description

The schema is used to collect various database objectives which will help in triggering, storing and creating tables into the database. All the processes are being implemented by using an SQL schema where the deliverables of the software part are being met. This will help in maintaining the injection part of the SQL. in a database, there is more than one schema that can be found. Such schemas are dbo, guest, sys and INFORMATION_SCHEMA. Taking all these schemas into consideration, it can be said that the duo is a default one which will help in creating a new database. The database creation command "CREATE USER" is the default one that will generate this part of the software (geeksforgeeks.org, 2021). In addition schema for examination, proposal details, report details, and project examiners are implemented in the project. These schemas are vulnerable to SQL attacks. SQL attacks can be done by injecting SQL commands into the database. In the examiner table, there is no password or id. In fact, in any table, there is no column for user id or password. Hence, these relations are highly vulnerable to SQL injection attacks. Hence, in these areas of not maintaining the proper design of the relation, the project is highly vulnerable to the SQL injection attack or any injection attack through cyber vulnerabilities. In addition, being less secure, the database is highly prone to cyber attacks. Database attacks will be very easy for hackers. Hence, these specific schemas are very prone to SQL injection attacks.

c) SQL injection attack

In case if the username and password are also stored into the database using query string build to test for both where clause the SQL injection attacks will not be prevented. In this way, the database will be more secure but will not be able to prevent these SQL attacks. Prevention of SQL injection requires the incorporation of a web application firewall. These firewalls are able to find various Kaspersky security solutions. This is one way to prevent SQL injection into the database. Another very effective way to prevent the attack is to create multiple databases and accounts for users. Hence, this will allow only trusted individuals to access the database. In addition, in the system, if the username and password are updated, the attackers will be able to update and get both the information. The information schema and user schema will be attacked by the attackers. These changes and updation of the schema will not be able to prevent SQL injection issues.

Query string comes under dynamic SQL. This query allows users to create queries that are based on user inputs. Hence, in the area of taking marks details from the user, this query will be used. Also in the case of implementing user id and password, the query will be helpful for implementation. Hence, this becomes more accessible to the attackers for injecting SQL queries through this query code. Hence, this makes the schemas more prone to the attacks. Following these aspects, SQL injection attacks can be prevented.

The prevention of SQL injection attacks is necessary to ensure that the organisations are able to develop themselves in a manner that keeps them protected from the outside influences of hackers. The organisations always have to look for systems that ensure their internal working systems are able to be kept hidden from outside influences. The members of the organisation always look to keep their internal workings hidden from the outside world. Thus, there rises the issue of implementing systems that keep the work of the organisations valid over a long period of time. This process of keeping the accessibility of the outside world to a minimum ensures that the organisational data is kept secure.

The organisations are always looking to develop their procedures to enhance security in the organisation. Following this process, the commands or queries that are sent by the organisation need to be validated beforehand. Only if this procedure is followed by the organisations, will they be able to maintain their security. Another process that can be followed to prevent SQL injection attacks, is by the implementation of parameterised queries (Cheatsheetseries.owasp.org, 2021). The development of the organisations depends upon the maintenance of the security of the program. Since the development of the organisation requires the maintenance of obscurity of the internal workings of an organisation. In case the internal workings are unavailable for people of the outside world to notice, the organisations are able to keep themselves safe from hackers.

d) SQL Statement

SQL statements are resilient for sq injection. This is because the SQL commands include parameter values that are able to be transmitted through the use of different protocols. It does not require to be correctly escaped. In case of differences in the original statement template that is not divided from inputs from external entities, injection attacks can be prevented. Hence, using prepared statements is safe from SQL injection. Using these aspects the database compiles, parses, and performs the optimized query. Hence, this will be helpful for implementing SQL templates. In addition, the SQL injections can be prevented by making changes in SQL injection queries or in prepared statements. The codes of applications will never be used directly. Hence, making changes to the input queries, including the web inputs and login form. Removing potential malicious codes will include deleting single quotes. In addition, the visibility of the database will be turned off at least at the site of publishing the final project. In case of issues in open source vulnerability, the codes will be available to the attackers. Hence, the use of firewalls in sites will be helpful for the implementation and prevention of SQL injection. 

The development of the SQL statements has to be made in a procedure that ensures the members of the organisations are the only ones who can get access to the working process of their systems. In case the organisations are unable to develop their systems and keep them only to their internal members, they are bound to fail. Since the internal workings of the organisation can easily be leaked into the outside world, the members of the organisation need to make sure that they are taking all possible precautions to keep the data safe. Another aspect that can be made sure by the organisation regarding their work procedure is, only giving access to the members of the organisation who are working with the internal data.

There are several cases where the working members of the organisation have leaked valuable organisational information to the outside world. This process needs to be completely shunned. The simplest process of removing this issue is by the implementation of a policy that enables the members of an organisation to access internal data only if they are working on this data or developing internal administrative aspects. Hence the development of the organisation depends upon the creation of these policies and ensuring that they are implemented properly. In case the organisation is unable to implement the policies properly, the systems are open to being hacked into. Hence the organisations are always looking to develop their organisations in a manner that ensures their systems are developed in the organisation include the involvement of policies that enhance their work.

Task 2

Figure: Table Examiners

Figure: Table PROJ_DETAILS

Figure: Table PROJ_PROPOSAl_EXAMINAR_MARKS

Figure: Table PROJ_REPORT_EXAMINAR_MARKS

Figure: Table View STUDENT_MARY05_1

Reference 

Geeksforgeeks. 2021. Create Schema in sql server. https://www.geeksforgeeks.org/create-schema-in-sql-server/

Yunus, M.A.M., Brohan, M.Z., Nawi, N.M., Surin, E.S.M., Najib, N.A.M. and Liang, C.W., 2018. Review of SQL Injection: Problems and Prevention. JOIV: International Journal on Informatics Visualization, 2(3-2), pp.215-219.

Sqlshack. 2019. Sql Injection.https://www.sqlshack.com/sql-injection-what-is-it-causes-and-exploits/

Cheatsheetseries.owasp.org, 2021. SQL Injection Prevention Cheat Sheet.

 https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html

APPENDIX

create table PROJ_EXAMINERS1 (EXAMINER VARCHAR(50) PRIMARY KEY NOT NULL);

create table PROJ_DETAILS (STUDENT VARCHAR (50) NOT NULL, TITLE VARCHAR(50), EXAMINER VARCHAR(50) );

create table PROJ_PROPOSAl_EXAMINAR_MARKS (STUDENT VARCHAR (50) NOT NULL, EXAMINER VARCHAR(50), MARKS VARCHAR(10), YEAR VARCHAR(50));

create table PROJ_REPORT_EXAMINAR_MARKS (STUDENT VARCHAR (50) NOT NULL, EXAMINER VARCHAR(50), MARKS VARCHAR(10), YEAR VARCHAR(50));

DROP TABLE PROJ_PROPOSAl_EXAMINAR_MARKS;

DROP TABLE PROJ_REPORT_EXAMINAR_MARKS;

DROP TABLE PROJ_EXAMINERS ;

INSERT INTO PROJ_EXAMINERS1 (EXAMINER) VALUES('ABC');

INSERT INTO PROJ_EXAMINERS1 (EXAMINER) VALUES('BDE');

INSERT INTO PROJ_EXAMINERS1 (EXAMINER) VALUES('ERT');

INSERT INTO PROJ_EXAMINERS1 (EXAMINER) VALUES('YHU');

INSERT INTO PROJ_EXAMINERS1 (EXAMINER) VALUES('XCF');

INSERT INTO PROJ_EXAMINERS1 (EXAMINER) VALUES('WER');

SELECT * FROM PROJ_EXAMINERS1 ;

INSERT INTO PROJ_DETAILS (STUDENT , TITLE, EXAMINER) VALUES('MARY01', 'concurrency visualisation tool1', 'ABC');

INSERT INTO PROJ_DETAILS (STUDENT , TITLE, EXAMINER ) VALUES('MARY02', 'concurrency visualisation tool2', 'BDE');

INSERT INTO PROJ_DETAILS (STUDENT , TITLE, EXAMINER) VALUES('MARY03', 'concurrency visualisation tool3', 'ERT');

INSERT INTO PROJ_DETAILS (STUDENT , TITLE, EXAMINER ) VALUES('MARY04', 'concurrency visualisation tool4', 'YHU');

INSERT INTO PROJ_DETAILS (STUDENT , TITLE, EXAMINER) VALUES('MARY05', 'concurrency visualisation tool5', 'XCF');

INSERT INTO PROJ_DETAILS (STUDENT , TITLE, EXAMINER) VALUES('MARY06', 'concurrency visualisation tool6', 'WER');

SELECT * FROM PROJ_DETAILS;

create table PROJ_PROPOSAl_EXAMINAR_MARKS (STUDENT VARCHAR (50) NOT NULL, EXAMINER VARCHAR(50), MARKS VARCHAR(10), YEAR VARCHAR(50));

INSERT INTO PROJ_PROPOSAl_EXAMINAR_MARKS (STUDENT,EXAMINER , MARKS, YEAR) VALUES('MARY01', 'ABC', 'NULL', '2020');

INSERT INTO PROJ_PROPOSAl_EXAMINAR_MARKS (STUDENT,EXAMINER , MARKS, YEAR) VALUES('MARY02', 'BDE', 'NULL', '2021');

INSERT INTO PROJ_PROPOSAl_EXAMINAR_MARKS (STUDENT,EXAMINER , MARKS, YEAR) VALUES('MARY03', 'ERT', 'NULL', '2019');

INSERT INTO PROJ_PROPOSAl_EXAMINAR_MARKS (STUDENT,EXAMINER , MARKS, YEAR) VALUES('MARY04', 'YHU', 'NULL', '2018');

INSERT INTO PROJ_PROPOSAl_EXAMINAR_MARKS (STUDENT,EXAMINER , MARKS, YEAR) VALUES('MARY05', 'XCF', 'NULL', '2018');

INSERT INTO PROJ_PROPOSAl_EXAMINAR_MARKS (STUDENT,EXAMINER , MARKS, YEAR) VALUES('MARY06', 'WER', 'NULL', '2019');

SELECT * FROM PROJ_PROPOSAl_EXAMINAR_MARKS ;

create table PROJ_REPORT_EXAMINAR_MARKS (STUDENT VARCHAR (50) NOT NULL, EXAMINER VARCHAR(50), MARKS VARCHAR(10), YEAR VARCHAR(50));

INSERT INTO PROJ_REPORT_EXAMINAR_MARKS (STUDENT,EXAMINER , MARKS, YEAR) VALUES('MARY01', 'ABC', 'NULL', '2020');

INSERT INTO PROJ_REPORT_EXAMINAR_MARKS (STUDENT,EXAMINER , MARKS, YEAR) VALUES('MARY02', 'BDE', 'NULL', '2021');

INSERT INTO PROJ_REPORT_EXAMINAR_MARKS (STUDENT,EXAMINER , MARKS, YEAR) VALUES('MARY03', 'ERT', 'NULL', '2019');

INSERT INTO PROJ_REPORT_EXAMINAR_MARKS (STUDENT,EXAMINER , MARKS, YEAR) VALUES('MARY04', 'YHU', 'NULL', '2018');

INSERT INTO PROJ_REPORT_EXAMINAR_MARKS (STUDENT,EXAMINER , MARKS, YEAR) VALUES('MARY05', 'XCF', 'NULL', '2018');

INSERT INTO PROJ_REPORT_EXAMINAR_MARKS (STUDENT,EXAMINER , MARKS, YEAR) VALUES('MARY06', 'WER', 'NULL', '2019');

SELECT * FROM PROJ_REPORT_EXAMINAR_MARKS ;

select * from PROJ_EXAMINERS1;

select * from PROJ_DETAILS;

select * from PROJ_PROPOSAl_EXAMINAR_MARKS;

select * from PROJ_REPORT_EXAMINAR_MARKS;

SELECT * FROM PROJ_PROPOSAl_EXAMINAR_MARKS WHERE (SELECT * FROM PROJ_REPORT_EXAMINAR_MARKS);

INSERT INTO PROJ_REPORT_EXAMINAR_MARKS (STUDENT,EXAMINER , MARKS, YEAR) VALUES('MARY05', 'XCF', '92', '2018');

INSERT INTO PROJ_REPORT_EXAMINAR_MARKS (STUDENT,EXAMINER , MARKS, YEAR) VALUES('MARY06', 'WER', '90', '2019');

select * from PROJ_REPORT_EXAMINAR_MARKS;

INSERT INTO PROJ_PROPOSAl_EXAMINAR_MARKS(STUDENT,EXAMINER , MARKS, YEAR) VALUES('MARY05', 'XCF', '95', '2018');

INSERT INTO PROJ_PROPOSAl_EXAMINAR_MARKS(STUDENT,EXAMINER , MARKS, YEAR) VALUES('MARY06', 'WER', '90', '2019');

select * from PROJ_PROPOSAl_EXAMINAR_MARKS;

CREATE VIEW PROJ_DETAILS_VIEW AS SELECT * FROM PROJ_DETAILS;

CREATE VIEW STUDENT_MARY05_1 AS SELECT * FROM PROJ_PROPOSAl_EXAMINAR_MARKS WHERE STUDENT IN (SELECT STUDENT FROM PROJ_REPORT_EXAMINAR_MARKS WHERE );

SELECT * FROM STUDENT_MARY05_1;

CREATE VIEW PROJ_PROPOSAL_MARKS AS SELECT * FROM PROJ_PROPOSAl_EXAMINAR_MARKS WHERE STUDENT IN (SELECT STUDENT FROM PROJ_REPORT_EXAMINAR_MARKS WHERE );

SELECT * FROM PROJ_PROPOSAL_MARKS;

CREATE VIEW PROJ_REPORT_MARKS AS SELECT * FROM PROJ_REPORT_EXAMINAR_MARKS WHERE STUDENT IN (SELECT STUDENT FROM PROJ_REPORT_EXAMINAR_MARKS WHERE );

SELECT * FROM PROJ_REPORT_MARKS;

CREATE VIEW STUDENT_MARY01 AS SELECT * FROM PROJ_DETAILS WHERE STUDENT FROM PROJ_REPORT_EXAMINAR_MARKS WHERE );

SELECT * FROM STUDENT_MARY01;

SELECT PROJ_PROPOSAl_EXAMINAR_MARKS.STUDENT, PROJ_PROPOSAl_EXAMINAR_MARKS.MARKS, PROJ_PROPOSAl_EXAMINAR_MARKS.YEAR, PROJ_REPORT_EXAMINAR_MARKS.MARKS

FROM PROJ_PROPOSAl_EXAMINAR_MARKS

INNER JOIN PROJ_REPORT_EXAMINAR_MARKS ON WHERE AND;

Recently Download Samples by Customers
Our Exceptional Advantages
Complete your order here
54000+ Project Delivered
Get best price for your work

Ph.D. Writers For Best Assistance

Plagiarism Free

No AI Generated Content

offer valid for limited time only*