Professional Documents
Culture Documents
1
Privileges Examples Removing Privileges
GRANT ALL ON GRANT SELECT, • If you want to remove a • For example:
Employee UPDATE(Salary) privilege you have
TO Manager ON Employee granted you use REVOKE
WITH GRANT OPTION; TO Finance; UPDATE(Salary)
ON Employee
REVOKE FROM Finance
• The user ‘Manager’ can • The user ‘Finance’ can
do anything to the view the entire Employee <privileges>
Employee table, and can table, and can change REVOKE ALL
ON <object>
allow other users to do Salary values, but cannot PRIVILEGES, GRANT
the same (by using change other values or FROM <users>; OPTION FROM
GRANT statements) pass on their privilege Manager
to Personnel
Personnel Personnel
2
Creating Views View Example
CREATE VIEW <name> • Example Student
AS • We want each university
<select statement>; tutor to be able to see
sID sFirst sLast sYear
marks of only those
students they actually Enrolment
• <name> is the name of teach sID mCode eMark eYearTaken
the new view • We will assume our
• <select statement> is a database is structured
Module
query that returns the with Student, Enrolment,
Tutors and Module mCode mTitle mCredits
rows and columns of tables similar to those
the view seen in previous lectures
Tutors Lecturers
lID sID lID lName lDept
Note: You should grant for all Tutors in MySQL, in Oracle you can
grant to PUBLIC. In Oracle CURRENT_USER is called USER
3
SQL Injection Attacks SQL Injection Attacks
• It is common for user input to be read, and form
part of an SQL query. For example, in PHP:
4
SQL Injection Attacks SQL Injection Attacks
• The website programmer intended to execute • With the malicious code inserted, the
a single SQL query: meaning of the SQL changes into two queries
and a comment:
SELECT uPass FROM Users WHERE uID = ' Name ' SELECT uPass FROM Users WHERE uID = ' ';DROP TABLE Users;-- '
SELECT uPass FROM Users WHERE uID = 'Name' SELECT uPass FROM Users WHERE uID = ''; DROP TABLE Users; -- '
SELECT No, SortCode FROM Accounts WHERE No = ' 11244102 ' SELECT No, SortCode FROM Accounts WHERE No = ' 1' OR 'a' = 'a '
SELECT No, SortCode FROM Accounts WHERE No = '11244102' SELECT No, SortCode FROM Accounts WHERE No = '1' OR 'a' = 'a'
5
1. Restrict DBMS Access Privileges 2. Encrypt Sensitive Data
• Assuming an SQL injection attack is successful, • Storing sensitive data inside your database
a user will have access to tables based on the can always lead to problems with security
privileges of the account that the application • If in doubt, encrypt sensitive information so
used to connect to the DBMS that if any breaches occur, damage is minimal
• GRANT an application or website the • Another reason to encrypt data is the
minimum possible access to the database majority of commercial security breaches are
• Do not allow DROP, DELETE etc unless inside jobs by trusted employees
absolutely necessary • Never store unencrypted passwords. Many
• Use Views to hide as much as possible shops still do this
6
6. Generic Error Messages 7. Parameterised Input
• While it might seem helpful to output • Parameterised input essentially means that
informative error messages, this actually user input is passed to the database as
supplies users with far too much information parameters, not as part of the SQL string
• For example, if your SQL query fails, do not • This makes injection attacks extremely difficult
show the user mysql_error(), instead output: • Not all DBMSs / Languages support this
A system error has occured. We apologise for • In PHP, you need to use PHP Data Objects
the inconvenience. (PDO)
• You can log the error privately for • Reference:
administrative purposes http://php.net/manual/en/book.pdo.php
PDO
• Rather than building up a string for your SQL and
executing it, given a PDO mysql connection
$conn:
$stmt = $conn->prepare('SELECT * FROM Users
WHERE uName = :name');
$stmt->bindValue(':name', $_POST['username']);
$stmt->execute();