A Quick Relational Database Tour

From LMU BioDB 2017
Revision as of 04:57, 26 September 2017 by Dondi (talk | contribs) (Start writing SQL injection section.)
Jump to: navigation, search

This page gives you a tutorial-style walkthrough of a relational database, specifically PostgreSQL. The walkthrough assumes that you are at a Seaver 120 lab computer.

Running PostgreSQL on the Lab Machines

  1. Login to the computer as usual
  2. Launch pgAdmin III
  3. The pgAdmin III window starts with a hierarchical view on the left that starts with three layers:
    • Server Groups
      • Servers (1)
        • PostgreSQL 9.6 (localhost:5432)
  4. Double-click on PostgreSQL 9.6 (localhost:5432) to connect to the database server
  5. The password to start the server will be given in class

SQL Injection

First, a little leadoff cartoon: http://xkcd.com/327

SQL injection is the term for a security exploit that attempts to bypass the web front end of a database and go directly to an SQL query. The exploit works on websites that do not—as stated in the XKCD strip—“sanitize their inputs.” In other words, a site is at risk for SQL injection if its query text field does not check for characters that might “break out of” the search term and thus spill into the SQL code.

This is probably best illustrated with an example:

Retrieved from "https://xmlpipedb.lmucs.io/biodb/fall2017/index.php?title=A_Quick_Relational_Database_Tour&oldid=1882"