Subscribe by Email

Sunday, May 13, 2012

What are different aspects of Interactive SQL injection attack?

SQL injection attacks are one of the security threats that are quite prevalent in the cyber world these days, attacking and stealing sensitive information from a million web sites and web applications.
SQL injection attacks are also known for disrupting the functioning of the web sites and web applications. There are so many types of SQL injection attacks. This article is all about the aspects of interactive SQL injection attacks. 

About Interactive SQL

- Using interactive SQL the data base administrator or programmer can easily and quickly define, delete, check or update the data base contents for problem analysis, data base management and testing. 
- Interactive SQL allows the programmer to insert two rows in to a table as well as test the SQL statements before they are executed in a software system or application. 
- Not only this, the interactive SQL can be used by data base administrator for the below mentioned purposes as well:
1. For revoking and granting the privileges
2. Create or drop tables, views, and schemas etc.
3. For selecting information from the catalogue of the system tables.
- A message regarding the complete execution of the statements or error during the execution is generated at the end of the run of the SQL statements. 
- During the execution of the statements are quite long and take more time are accompanied with some status messages regarding the completion of the statements. 
- In some cases, help messages are also generated whenever needed. 
- There are some functions that are supplied by the interactive SQL:

             1. The statement entry provides the following functions:
(a) Typing in an interactive SQL statement and executing it.
(b)  Retrieving statements
(c)  Editing statements
(d)  Prompting for SQL statements
(e)  Paging through the previous statements
(f)   Paging through the previous messages
(g)  Calling session services
(h)  Starting the list selection functions
(i)    Exiting the interactive SQL

2. The prompt function: Using this function either a complete SQL statement or a partial statement can 
be typed in to a program. After this the syntax of the statement can be prompted. You can also have the
menu for the SQL statements at one command. One can select the SQL statement of his/ her choice from 
the menu and prompt the syntax for that particular statement.

    3. The list selection function: Using this function one can select from the lists of one’s authorized schemas, relational data bases, views, tables, SQL packages, columns, constraints and so on. These selected elements then can be later inserted in to the SQL statement wherever the cursor is positioned.

      4.The call session services: These services account for the following functions:
(a)   Changing the session attributes.
(b)   Printing the current sessions.
(c)    Removal of all the entries from a selected session.
(d)   Saving the session in a source file

Aspects of Interactive Session

The parameter values that have been specified for the STRSQL command.
- The SQL statements that were entered in the session accompanied by the corresponding status messages       following each and every SQL statement.
- Values of the parameters that have been changed via the session services function.
- The selections that one made from the list of the elements.
A unique session ID consisting of the current work station ID and the user ID is supplied by the interactive SQL. 
This session ID concept has been developed for supporting the multiple users having the same user IDs for using the interactive SQL from different work stations at the same time. 
- Also, one can run multiple interactive SQL sessions using the same ID and that too simultaneously. 

No comments:

Facebook activity