< Day Day Up > |
The types of databases that this chapter examines are all known as Relational Database Management Systems (RDBMSs). In straightforward terms, this means that the data is stored in several different tables rather than a single flat file. Each table contains a particular type of data. These systems offer not just a data storage facility, but also tools to manage and manipulate the data stored within. These are the tools of the trade to a database administrator (DBA) or developer, but they are equally important in a hacker toolkit. Familiarizing yourself with the bigger players in the database market is important. Having an understanding of the underlying database schema for a website or application can help to reveal its weaknesses more quickly. OracleGenerally referred to as an Oracle database, the Oracle RDBMS comprises a suite of database management tools that sit on top of an underlying database structure. The first Oracle database product was introduced in 1979 and is currently produced and marketed by the Oracle Corporation. Oracle is supported on several platforms, including Solaris, Linux, and Windows. StructureData is stored logically in containers called tablespaces and held physically in data files. These tablespaces can in turn be divided into segments for example, data segments and index segments which enable different areas of storage to be utilized for specific purposes. To keep track of data storage, Oracle uses a tablespace known as the system tablespace. This contains, among other things, the data dictionary, which is a collection of tables containing information about all user objects in the database. Table 8-2 lists some of the useful tables that it contains.
SQLQuerying is possible using an Oracle flavor of SQL, which you can carry out using a command-line interface (CLI) or graphical user interface (GUI) variant of the Oracle SQL*Plus tool. In addition, a proprietary variant of SQL known as Procedural Language/Structured Query Language (PL/SQL) is used in application development. MySQLMySQL is owned and sponsored by MySQL AB and has been around for more than 10 years. It is distributed either under the GNU General Public License or under commercial license. MySQL is supported on several platforms, including Solaris, Linux, and Windows. You can query MySQL by using a broad subset of the ANSI SQL 99 syntax either from a CLI or from the MySQL Query Browser. MySQL is popular as the database component for web applications and is often combined with Hypertext Preprocessor (PHP) to promote application development. Earlier versions of MySQL failed to support many of the standard functions of a true RDBMS, including transaction support, although this has now been remedied. Version 5.0 supports the implementation of stored procedures and views. StructureThe MySQL database structure, in common with other RDBMS systems, consists of logical table structures contained within tablespaces, which are stored physically as data files. Each MySQL database is mapped to a directory under the MySQL data directory, and all tables within a database are mapped to filenames in the database directory. From a security perspective, MySQL is vulnerable because it is relatively simple to read the data stored in these files. From version 5.0.2, you can retrieve metadata from MySQL by querying a series of views known as the INFORMATION_SCHEMA. These views in turn are based on the data held in the MySQL database. Table 8-3 lists some of these views as an example.
SQLMySQL supports a flexible standard when implementing SQL and includes a switch to select ANSI mode when starting the MySQL server. Obviously, as MySQL has evolved considerably through its versions, so too has its ANSI compliance. Features such as triggers have only basic support in version 5.0. No functionality for stored procedures existed prior to this version. You can query MySQL in numerous ways, including these:
SQL ServerSQL Server is the Microsoft RDBMS offering and has been in existence since 1989. As a Microsoft product, it is supported only on the Windows platform. StructureLogical data storage is represented by tables, while the data is physically held in one or more data files. SQL Server uses four system databases, which are created at each installation and are essential for the database server to function. Table 8-4 lists these databases and details of their main function.
The master database contains several system tables of interest. (See Table 8-5). Although access to these tables is usually restricted, this is not always the case.
SQLQuerying is via the SQL Server SQL variant known as Transact-SQL (T-SQL), which you can run at the command line using the osql tool or via the Query Analyzer GUI that ships as part of the SQL Server package. Database Default AccountsEach database has one or more predefined accounts out of the box. Although some, and Oracle in particular, have numerous default accounts depending on the applications installed, Table 8-6 shows the most common occurrences.
|
< Day Day Up > |