1.Describe way(s) to tune the SQL table in order to
optimize performance.
2. Explain SQL Injection and how can you prevent them?
Answer Posted / jerry joseph
1. identify and create optimal indexes for your tables
every table should have at least a clustered index
Indexes should be considered on all columns that are
frequently accessed by the WHERE, ORDER BY, GROUP BY, TOP,
and DISTINCT clauses
Static tables can be more heavily indexed that dynamic tables
2. An SQL Injection attack is a form of attack that comes
from user input that has not been checked to see that it is
valid. The objective is to fool the database system into
running malicious code that will reveal sensitive
information or otherwise compromise the server.
Example:
StrSQL = "SELECT * from Users WHERE username = '" +
txtUserName.Text + "' AND password = '" + txtPassword.Text +
"'";
if txtUserName is entered as "admin' OR 1 = 1;--" the query
becomes
"SELECT * from Users WHERE username = 'admin' OR 1 = 1;--'
AND password = '" + txtPassword.Text + "'"
user logs in as admin
Prevention :
Use Parameterized Queries or Stored Procedures to prevent
SQL Injection.
Is This Answer Correct ? | 0 Yes | 0 No |
Post New Answer View All Answers
What is the template in sql?
Explain sql delete command?
what type of index will get created after executing the above statement? : Sql server database administration
Explain the different index configurations a table can have?
Working with TLogs
How to run sql server 2005 books online on your local system?
How do you check sql server is up and running?
How sql server enhances scalability of the database system?
What are orphan records?
How does the report manager work in SSRS?
How to bind a view to the schema of the underlying tables?
What is a unique index?
What are the restraints imposed on the table design by a merge replication?
Explain transaction server implicit?
If you want to send some data from access database to sql server database. What are different component of ssis will you use?