Ch. 5 - Vocab Flashcards
attribute
columns of a relation
blind SQL injection
allows attacker to infer data in database system based on asking the server true/false questions
cascading authorizations
with the grant option, an access right can cascade through a number user; this applies to revocations as well
compromise
release of secure or private/confidential information to an untrusted environment
data center
houses a large number of servers, storage devices, and network switches and equipment
data swapping
creating pairs of records with similar attributes and then interchanging identifying or sensitive data values among the pairs
database
structured collection of data stored for use by one or more applications
database access control
different rights such as create, insert, delete, update, read, and write can be applied to an entire database, to individual tables, or to selected rows or columns within a table
database management system
suite of programs for constructing and maintaining the database and for offering ad hoc query facilities
defensive coding
techniques include:
Manual defensive coding practices
Parameterized query insertion
SQL DOM
detection
methods include:
Signature-based
Anomaly-based
Code analysis
end-of-line comment
Consists of “–”, so remaining queries would not be treated as code, but comments
foreign key
used to create relationships between tables, attributes of a primary key which identify another table
inband attack
uses the same communication channel for injecting SQL code and retrieving results
inference
deducing unauthorized information from the legitimate responses received
inference channel
information transfer path by which unauthorized is obtained
inferential attack
reconstruction of information based on sending requests and observing the resultant behavior
out-of-band attack
data are retrieved using a different channel
parameterized query insertion
to more accurately specify the structure of an SQL query and pass the value parameters to it separately
partitioning
division of a logical database or its constituent elements into distinct independent parts
piggybacked queries
additional queries beyond the intended query
primary key
a portion of a row used to uniquely identify a row in a table
query language
provides a uniform interface to the database for users and applications through a declarative language
relation
basic building block of a relational database, a flat table
