Defining Databases

< Day Day Up >

The types of databases that this chapter examines are all known as Relational Database Management Systems (RDBMSs). In straightforward terms, this means that the data is stored in several different tables rather than a single flat file. Each table contains a particular type of data.

These systems offer not just a data storage facility, but also tools to manage and manipulate the data stored within. These are the tools of the trade to a database administrator (DBA) or developer, but they are equally important in a hacker toolkit.

Familiarizing yourself with the bigger players in the database market is important. Having an understanding of the underlying database schema for a website or application can help to reveal its weaknesses more quickly.

Oracle

Generally referred to as an Oracle database, the Oracle RDBMS comprises a suite of database management tools that sit on top of an underlying database structure. The first Oracle database product was introduced in 1979 and is currently produced and marketed by the Oracle Corporation. Oracle is supported on several platforms, including Solaris, Linux, and Windows.

Structure

Data is stored logically in containers called tablespaces and held physically in data files. These tablespaces can in turn be divided into segments for example, data segments and index segments which enable different areas of storage to be utilized for specific purposes.

To keep track of data storage, Oracle uses a tablespace known as the system tablespace. This contains, among other things, the data dictionary, which is a collection of tables containing information about all user objects in the database. Table 8-2 lists some of the useful tables that it contains.

Table 8-2. Oracle System Tables
Name	Description
SYS.ALL_TABLES	Tables you have permissions on regardless of ownership
SYS.TAB	Views and tables you own
SYS.USER_CATALOG	Similar to SYS.TAB
SYS.USER_CONSTRAINTS	Constraints on actions that a user can apply to tables
SYS.USER_OBJECTS	All of your objects (tables, views, and so on)
SYS.USER_TAB_COLUMNS	Columns in each table
SYS.USER_TABLES	Tables you own
SYS.USER_TRIGGERS	Triggers you own. A trigger is a type of stored procedure that is executed in response to a change made to data stored in a table
SYS.USER_VIEWS	Views you own

SQL

Querying is possible using an Oracle flavor of SQL, which you can carry out using a command-line interface (CLI) or graphical user interface (GUI) variant of the Oracle SQL*Plus tool. In addition, a proprietary variant of SQL known as Procedural Language/Structured Query Language (PL/SQL) is used in application development.

MySQL

MySQL is owned and sponsored by MySQL AB and has been around for more than 10 years. It is distributed either under the GNU General Public License or under commercial license. MySQL is supported on several platforms, including Solaris, Linux, and Windows.

You can query MySQL by using a broad subset of the ANSI SQL 99 syntax either from a CLI or from the MySQL Query Browser. MySQL is popular as the database component for web applications and is often combined with Hypertext Preprocessor (PHP) to promote application development.

Earlier versions of MySQL failed to support many of the standard functions of a true RDBMS, including transaction support, although this has now been remedied. Version 5.0 supports the implementation of stored procedures and views.

Structure

The MySQL database structure, in common with other RDBMS systems, consists of logical table structures contained within tablespaces, which are stored physically as data files. Each MySQL database is mapped to a directory under the MySQL data directory, and all tables within a database are mapped to filenames in the database directory. From a security perspective, MySQL is vulnerable because it is relatively simple to read the data stored in these files. From version 5.0.2, you can retrieve metadata from MySQL by querying a series of views known as the INFORMATION_SCHEMA. These views in turn are based on the data held in the MySQL database. Table 8-3 lists some of these views as an example.

Table 8-3. INFORMATION_SCHEMA Views in MySQL
Name	Function
SCHEMATA	Provides information about the databases
USER_PRIVILEGES	Holds information about global privileges
TABLES	Holds information about the tables contained in the databases
TABLE_PRIVILEGES	Provides information about user privileges at a table level

SQL

MySQL supports a flexible standard when implementing SQL and includes a switch to select ANSI mode when starting the MySQL server. Obviously, as MySQL has evolved considerably through its versions, so too has its ANSI compliance. Features such as triggers have only basic support in version 5.0. No functionality for stored procedures existed prior to this version.

You can query MySQL in numerous ways, including these:

The mysql command-line tool
MySQL Control Center (mysqlcc), the original platform-independent GUI tool
MySQL Query Browser, which is an updated version of mysqlcc

SQL Server

SQL Server is the Microsoft RDBMS offering and has been in existence since 1989. As a Microsoft product, it is supported only on the Windows platform.

Structure

Logical data storage is represented by tables, while the data is physically held in one or more data files. SQL Server uses four system databases, which are created at each installation and are essential for the database server to function. Table 8-4 lists these databases and details of their main function.

Table 8-4. SQL Server System Databases
Name	Function
Master	Holds all system tables that contain system-level information. This includes all server logins and a record of all databases on the server.
Model	Used as a template database. Any new database created inherits the properties of the model by default.
Msdb	Holds all information for SQL Server Agent, including DTS^[*] packages, jobs, and scheduling information.
Tempdb	Holds any temporary objects created, such as temporary tables, and also provides space for other temporary storage needs.

^[*] DTS = Data Transformation Services

The master database contains several system tables of interest. (See Table 8-5). Although access to these tables is usually restricted, this is not always the case.

Table 8-5. SQL Server System Tables
Name	Description
Sysobjects	Contains a row of data for every object that exists in the database (exists in all databases)
Sysdatabases	Contains information about every database on the database server
Sysxlogins	Contains all logins configured on the server, including their server role and hashed passwords for SQL logins
Sysprocesses	Holds information about both client and system processes that are currently running
Sysfiles	Lists the physical database files (exists in all databases)
Syspermissions	Records permissions granted and denied to users (exists in all databases)
Sysusers	Users granted access at a database level (exists in all databases)
Syscomments	Contains information about each view, rule, default, trigger, constraint, and stored procedure, including some or all of the T-SQL code used to generate it (exists in all databases)

SQL

Querying is via the SQL Server SQL variant known as Transact-SQL (T-SQL), which you can run at the command line using the osql tool or via the Query Analyzer GUI that ships as part of the SQL Server package.

Database Default Accounts

Each database has one or more predefined accounts out of the box. Although some, and Oracle in particular, have numerous default accounts depending on the applications installed, Table 8-6 shows the most common occurrences.

Table 8-6. Common Default Accounts
Database	User	Password
Oracle	SYS	change_on_install
Oracle	SYSTEM	Manager
MySQL	Root	Null
Microsoft SQL Server	Sa	Null

< Day Day Up >

Oracle

Structure

Table 8-2. Oracle System Tables

SQL

MySQL

Structure

Table 8-3. INFORMATION_SCHEMA Views in MySQL

SQL

SQL Server

Structure

Table 8-4. SQL Server System Databases

Table 8-5. SQL Server System Tables

SQL

Database Default Accounts

Table 8-6. Common Default Accounts