information

Dozens of College Servers Breached by SQL Injection {2}

by Eric C
Not only is the design and performance of databases an important aspect in the way databases work, but also the security of a database. There are many types of attacks that can be done to a database and the most common is a SQL injection. In a news article from CNET, hackers were able to collect thousands of personal data of students from college databases worldwide through the use of SQL injections. More than fifty universities were affected, and some of the top name colleges include Harvard, Princeton, and Stanford. To make matters worse, some 140,000 records were posted online for all to download. The information includes usernames and passwords, addresses, phone numbers, and some payroll information regarding both students and faculty. The mastermind behind this data dump is apparently by a group called GhostShell, whose intent was not to reveal personal data, but was to “focus on higher education.” However, the group not only found personal data, but also discovered that malware were already injected in the first place, showing the security risks many of these database servers have. read more...

Auditing SQL {3}

by Rudy P
This week I will be blogging about the journal entry “Auditing a Batch of SQL Queries” by Rajeev Motwani, Shubha U. Nabar, and Dilys Thomas of Stanford University. This Journal entry talked about ways SQL Queries are audited and how to determine suspicious SQL queries. The Journal makes mention of a command AUDIT, which I had never seen before. They use it an example: read more...

Our Information’s Importance to Corporations {Comments Off on Our Information’s Importance to Corporations}

by Tyler K
 

In the Guardian article chosen, the author describes how Wal-Mart has recently purchased Facebook’s popular “Social Calendar” application, and the implications of the purchase – the corporation now has access to the millions of users, and all of the friends of the users that they may refer to using the application. The author goes on to describe the future role of information, and how information on people, as consumers and for other roles, is quickly becoming a massive component of the modern world. The article details how important information really is, “Facebook’s projected $100bn value is based on the data it offers people who want to exploit its social graph,” (Krotoski, 2012) – essentially, the success of the social media site relies heavily upon offering all of the information the user believes is just to be shared with friends. This leads to a discussion on the future of individual privacy and what having information online might lead to – it even refers to my previous blog about Target analysts discovering a woman is pregnant before even her father can! The author chooses the phrase “aggregated data,” or “Big Data” to describe what is happening to all of the information on us online; powerful organizations are collecting various facets of data about individuals, whether it be to market to them better, determine whether to hire individuals (several recent cases involve companies asking for Facebook passwords, or simply collecting the information on their own), and one example even details using social media to gather information on a man that attempted murder! read more...

Using XQuery to Retrieve Data {3}

by Penny P
XML is widely used in the web because it could be used to store all types of data. XQuery has become a language used to perform XML queries as it has the ability process XML data. Before the queries can happen, an XQuery Implementation needs to be applied. The XQuery Implementation must meet the following requirements: 1) be based on the XQuery standard, 2) be capable of access web requests, and 3) be able to write XML documents as webpages. The result of XQuery Implementation creates XHTML documents. Before it could be used to perform web searches, two more steps are needed: 1) build an application environment in a web server so it could execute the XQuery scripts and 2) process and answer the requests that are being made. read more...

Database in Healthcare {3}

by Han C
This article talks about how database systems can be used in the healthcare industry. It describes the uses of database along with the use of smart cards to manage and share information pertaining to patients, doctors, hospitals, and laboratory tests. The article makes topological suggestions on how hospitals can have a shared database even while still protecting clients and users. Hereby, allowing patient information to be accessible regardless of what healthcare provider a patient wishes to see. The first step is for hospital servers to be properly configured for allowing patients and staff access. Each hospital server will then connect to one centralized server by internet. This is where the suggested database system will permit information to be shared with other healthcare institutions. read more...