< Day Day Up > |
Practically every successful company in existence uses a database. Having the ability to store information about your business in some kind of logical order means that answering a question like "How many laptops do we have in stock?" does not involve going out to the store room and physically counting them or rummaging through a pile of delivery notes and purchase orders to get the answer. Databases are everywhere. Every time you use a search engine, call Directory Assistance for a phone number, or buy clothes in a department store, you are indirectly accessing and perhaps updating data held in a database. A database in its simplest terms is a container to hold data. It is physically structured into one or more files, but to the user, the data is presented as tables containing rows and columns. (See Figure 8-1.) Figure 8-1. Logical View of a Database TableTo retrieve data, a user or process uses a programming language called Structured Query Language (SQL), which can address the data by its rows and columns. For example: SELECT Manufacturer, Model, Memory FROM Laptops WHERE Price < 1000 From the table in Figure 8-1, you can see that this query tries to return the data in the Manufacturer, Model, and Memory columns from the Laptops table, which has a value in the Price column of less than 1000. You might expect the results to look something like this: Manufacturer Model Memory Acer TravelMate 256 Dell Inspiron 512 Sony Vaio 512 Often, a database is not queried directly by a user typing SQL statements, but by running an application that sends SQL queries to the database in response to a user action. If you were to visit a website that sold laptops online, you might use a search facility to view details of the laptops you are interested in. In the Maximum Price field, you enter 1000 and click Go, which tells the web application to submit a SQL statement to the database. Note The current ANSI standard is SQL:2003. However, the National Institute of Standards and Technology abandoned conformance testing in 1996. Since that time, the standard has become less effective. Although variations exist in the SQL syntax that different database engines support, these variations comply loosely with an underlying standard: ANSI SQL-92. Table 8-1 lists some common and useful SQL commands.
A database is fundamentally designed to make it easy for a user to retrieve the data he needs. To be of use, a database must present some kind of "window to the world." Unfortunately, this can also leave the database exposed to a hacker with time on his hands and a little SQL knowledge. Databases are susceptible to attack for several reasons:
|
< Day Day Up > |