SQL injection attacks are one of the security threats that are quite
prevalent in the cyber world these days, attacking and stealing sensitive
information from a million web sites and web applications.
SQL injection
attacks are also known for disrupting the functioning of the web sites and web
applications. There are so many types of SQL injection attacks. This article is
all about the aspects of interactive SQL injection attacks.
About Interactive SQL
- Using interactive
SQL the data base administrator or programmer can easily and quickly define,
delete, check or update the data base contents for problem analysis, data base
management and testing.
- Interactive SQL allows the programmer to insert two
rows in to a table as well as test the SQL statements before they are executed
in a software system or application.
- Not only this, the interactive SQL can be
used by data base administrator for the below mentioned purposes as well:
1. For revoking
and granting the privileges
2. Create or drop
tables, views, and schemas etc.
3. For selecting
information from the catalogue of the system tables.
- A message regarding the complete execution of the statements or error
during the execution is generated at the end of the run of the SQL statements.
- During the execution of the statements are quite long and take more time are
accompanied with some status messages regarding the completion of the
statements.
- In some cases, help messages are also generated whenever needed.
- There are some functions that are supplied by the interactive SQL:
1. The statement
entry provides the following functions:
(a) Typing in an
interactive SQL statement and executing it.
(b) Retrieving
statements
(c) Editing
statements
(d) Prompting for
SQL statements
(e) Paging through
the previous statements
(f) Paging through
the previous messages
(g) Calling
session services
(h) Starting the
list selection functions
(i) Exiting the
interactive SQL
2. The prompt
function: Using this function either a complete SQL statement or a partial
statement can
be typed in to a program. After this the syntax of the statement
can be prompted. You can also have the
menu for the SQL statements at one
command. One can select the SQL statement of his/ her choice from
the menu and
prompt the syntax for that particular statement.
3. The list selection
function: Using this function one can select from the lists of one’s authorized
schemas, relational data bases, views, tables, SQL packages, columns,
constraints and so on. These selected elements then can be later inserted in to
the SQL statement wherever the cursor is positioned.
4.The call
session services: These services account for the following functions:
(a)
Changing the
session attributes.
(b)
Printing the
current sessions.
(c)
Removal of all
the entries from a selected session.
(d)
Saving the
session in a source file
Aspects of Interactive Session
- The parameter
values that have been specified for the STRSQL command.
- The SQL
statements that were entered in the session accompanied by the corresponding
status messages following each and every SQL statement.
- Values of the
parameters that have been changed via the session services function.
- The selections
that one made from the list of the elements.
- A unique session ID consisting of the current work station ID and the
user ID is supplied by the interactive SQL.
- This session ID concept has been
developed for supporting the multiple users having the same user IDs for using
the interactive SQL from different work stations at the same time.
- Also, one can run multiple interactive SQL sessions using the same ID and that too
simultaneously.
No comments:
Post a Comment