Ch. 5 - Vocab

Question 1

attribute

Answer 1

columns of a relation

Question 2

blind SQL injection

Answer 2

allows attacker to infer data in database system based on asking the server true/false questions

Question 3

cascading authorizations

Answer 3

with the grant option, an access right can cascade through a number user; this applies to revocations as well

Question 4

compromise

Answer 4

release of secure or private/confidential information to an untrusted environment

Question 5

data center

Answer 5

houses a large number of servers, storage devices, and network switches and equipment

Question 6

data swapping

Answer 6

creating pairs of records with similar attributes and then interchanging identifying or sensitive data values among the pairs

Question 7

database

Answer 7

structured collection of data stored for use by one or more applications

Question 8

database access control

Answer 8

different rights such as create, insert, delete, update, read, and write can be applied to an entire database, to individual tables, or to selected rows or columns within a table

Question 9

database management system

Answer 9

suite of programs for constructing and maintaining the database and for offering ad hoc query facilities

Question 10

defensive coding

Answer 10

techniques include:
Manual defensive coding practices
Parameterized query insertion
SQL DOM

Question 11

detection

Answer 11

methods include:
Signature-based
Anomaly-based
Code analysis

Question 12

end-of-line comment

Answer 12

Consists of “–”, so remaining queries would not be treated as code, but comments

Question 13

foreign key

Answer 13

used to create relationships between tables, attributes of a primary key which identify another table

Question 14

inband attack

Answer 14

uses the same communication channel for injecting SQL code and retrieving results

Question 15

inference

Answer 15

deducing unauthorized information from the legitimate responses received

Question 16

inference channel

Answer 16

information transfer path by which unauthorized is obtained

Question 17

inferential attack

Answer 17

reconstruction of information based on sending requests and observing the resultant behavior

Question 18

out-of-band attack

Answer 18

data are retrieved using a different channel

Question 19

parameterized query insertion

Answer 19

to more accurately specify the structure of an SQL query and pass the value parameters to it separately

Question 20

partitioning

Answer 20

division of a logical database or its constituent elements into distinct independent parts

Question 21

piggybacked queries

Answer 21

additional queries beyond the intended query

Question 22

primary key

Answer 22

a portion of a row used to uniquely identify a row in a table

Question 23

query language

Answer 23

provides a uniform interface to the database for users and applications through a declarative language

Question 24

relation

Answer 24

basic building block of a relational database, a flat table

Question 25

relational database

Answer 25

enables the creation of multiple tables tied together by a unique identifier that is present in all tables

Question 26

relational database management system

Answer 26

It is the software that executes queries on the data, including adding, updating, and searching for values for relational databases

Question 27

run-time prevention

Answer 27

checks queries at runtime to see if it conforms to a model of expected queries

Question 28

Structured Query Language

Answer 28

standardized language that can be used to define schema, manipulate, and query data in a relational database

Question 29

SQL injection attack

Answer 29

designed to exploit the nature of Web application pages. The attacker terminates the text string and appends a new command to query or manipulate the database

Question 30

tautology

Answer 30

a statement that is always true, allows all rows in a query to be selected

Question 31

tuple

Answer 31

rows of relation

Question 32

view

Answer 32

the result of a query that returns selected rows and columns from one or more tables, providing restricted access to a database