SQL

How Does SQL Work? {2}

by Hongde H
The article is choose to read this week is ” How Does SQL Work?” by Josienita Borlongan. The article is very straight forward and the author started the article right away by explaining it into four parts such as definition, uses, Features and components and scalability.

According to author, The Structured Query Language (SQL) is the language of databases, a computer language that one can use to interact with a relational database. It is a comprehensive language for controlling and interacting with database management systems. By learning SQL, we will be able to use SQL to search existing  database, modify databases and create new databases and database elements. read more...

Optimizing SQL Server Performance {1}

by Kathy S
In this journal article the authors state that many times efficiency and performance are the last criteria considered when designing and developing new applications using a database. Sometimes the application does not display the information requested to the database in a reasonable time or completely fails to display it. The reasons may be related to the application design, but in many cases the DBMS does not return the data quickly enough, due to the non-use of indexes, deficient design of the queries and/or database schema, excessive fragmentation, use of inaccurate statistics, failure to reuse the execution plans or improper use of cursors. The authors then review the objectives that should be considered in order to improve performance of SQL server instances. The most important objectives are: 1) Designing an efficient data schema, 2) Optimizing indexes, stored procedures and transactions, 3) Analyzing execution plans and avoiding recompiling them, 4) Monitoring access to data, 5) Optimizing queries. The authors conclude that optimization is an iterative process and includes identifying bottlenecks, solving them, measuring the impact of changes and reassessing the system from the first step as to determine if satisfactory performance is achieved. They also highlight the fact that a superior performance can be obtained by writing an efficient code at the application level and properly using the design and database development techniques. read more...

DDoS and SQL Injections {3}

by Leonardo S
The article I chose for this week is titled “Hackers Trade Tips On DDoS, SQL Injection” by Mathew J. Schwartz. The main focus of the article is on the activity of certain underground hacker forums. The data security firm Imperva monitored 18 forums and released a report saying that the two hottest topics were DDoS attacks and SQL injection attacks. A distributed denial of service attack involves flooding a network with fake packets in order to make it inaccessible. The other attack, an SQL injection, involves a hacker sending their own commands into a database. If it doesn’t have the right security, the hacker can easily use commands to access the information stored in the database. Imperva also announced that SQL injection attacks are the most used type of attack against website. This announcement was backed by the fact that many security experts believe that SQL injection attacks are what caused the breach in South Carolina state databases in which thousands of credit card and social security numbers were taken. read more...

Optimizing SQL {2}

by Brian B
The article I picked this week is titled “Improving SQL Server Performance” by Victor Vladucu and Nicolae Mercioiu. The article starts off by saying that in some cases efficiency and performance are neglected until the end of the development process. They only become important once the system starts being used in the real world. The article says that this could be caused by anything from the design of the database to bad management of the system. The author says that when trying to optimize performance you should aim for “good enough” instead of trying to aim for the theoretical maximum. In the second part of the article they talks about the importance of using indexed locations to speed up queries along with a few other measures to keep performance at its peak. The third part of the article talks about query optimization.  It gives some examples of how to structure queries and what to avoid.  The article offers a couple of different ways to change your queries to optimize them, but they removed the actual queries from the article. The fourth part of the article deals with what it calls “new optimizing options” for SQL server 2008. The article ends by rounding out the optimization process and that it is iterative in nature. read more...

Old Fashion SQL {4}

by Rudy P
The article I chose to blog about this week was “Google App Engine Goes Old School With SQL Database” written by Caleb Garling of Wired.com. This article speaks about the addition of a SQL database to their Google App Engine. The Google App Engine is a means for Google customers to build and host applications on top of Google’s online infrastructure. Prior to this, Google was in the forefront of the NoSQL movement, but with this announcement, it shows that good old fashion SQL is alive and well. Google provides this SQL database so people can power their App Engine applications with a relational database, which will be more familiar to the masses, in a “fully managed cloud environment”(Garling, 2011).  Google is totally headed in the opposite direction of competitor Oracle which announced their Big Data Appliance (NoSQL database). read more...

SQL and Basic Statement {5}

by Phuong H
In the article “Introduction to SQL” by authors Thomas A. McGlynn and Maria Nieto-Santisteban, the authors explain what is SQL and a few example how to use SQL. SQL is a Structured Query Language, “a language in which describes how to create, update and query relational database.” SQL also is useful to get information out of the database. There are different DBMS and within these DBMS they have their own command but standard SQL command like: “Select”, “Insert”, “Update”, “Delete”, “Create”, and “Drop” are the same through out all the DBMS so learning SQL is a big advantage for database user. read more...

Making SQL Queries Better {1}

by Andrew M
The article I read this week was entitled “Generating Test Data for Killing SQL Mutants: A Constraint-based Approach” by Shetal Shah, S. Sudarshan, Suhas Kajbaje, Sandeep Patidar, Bhanu Pratap Gupta and Devang Vira. This article talks about how extremely advanced and complicated SQL queries are being created all the time and how difficult it is to test these queries. While SQL queries are always tested before being used sometimes it is very hard to test these queries enough to make sure they will always give the desired results. The authors propose that a method called Mutant Testing be used. In effect, by applying Mutant Testing to test SQL queries testers will be able to show if the query will give the desired results. In Mutant Testing the algorithm of a specific query is changed slightly and the query is ran to test if the results come back the same. If the results are different, as they should be, then this in affect proves that the query is written correctly. While testing every possible mutation of a single query would be extremely time consuming. The authors propose making mutations that would test common programming errors. This would test more efficiently and would not just be testing every possible circumstance. read more...

Online SQL Vulnerabilities {Comments Off on Online SQL Vulnerabilities}

by Andrew M
The article I am writing about tonight is entitled “A Survey on Web Application Vulnerabilities(SQLIA,XSS)Exploitation and Security Engine for SQL Injection” by Rashul Johari and Pankaj Sharma. This article talks about how hackers are finding vulnerabilities in online website which allow users to run SQL queries. In essence these hackers are running queries that the database is not prepared for. When this query returns results it gives back information that the hackers can use to exploit the company. The author describes three different attacks that hackers can use. There are stored/persistent attacks, reflected/non-persistent attacks and finally cross-scripting attacks. Stored attacks lure users to clicking on infected links of a website. This attack allows hackers to gain access to valuable information from the SQL server they are attacking. Cross-site attacks also deals with the redirection of web links and directs users to infected sites. read more...

Defending Against SQL Hackers {1}

by Andrew S
The article talked about preventing SQL injection attacks.  Basically, an SQL injection attack targets interactive web applications that deal with database services.  As a result, an attacker may provide malicious or inaccurate information in place of what the user inputs.  Thus, an attacker could obtain and modify sensitive information.  The solution that the author comes up with is to use runtime validation in a procedure to call and check the SQL statements that the user inputs.  There is an algorithm that the author uses that verifies that the user inputs are consistent and that there are no discrepancies in their inputs.  In order to reduce the runtime analysis of the program, the program only scans portions of the queries instead of the entire query to improve efficiency and reduce execution time.  SQL injection is a common technique employed by hackers for attacking databases and the author makes solid points on how to prevent these attacks. read more...

Placing Money On Big Data {3}

by Rudy P
The article I chose to blog about this week is titled “Why VCs Will Continue to Invest In Big Data Startups For Many Years To Come” by Alex Williams. Mr. Williams first off mentions the great amount of money raised by Splice Machine, MongoHQ, and Bloomreach. All three companies have raised over $4million recently, which Bloomreach leading the way by raising “$25 million in funds for its big data applications” (Williams, 2012). These companies show investors are very interested and believe in the future of big data and the evolution of data infrastructures.  Big data has made so much noise in recent times that Gartner Researched recently published an article stating big data will bring about $232 Billion of spending in IT through 2016. These leaders of big data have much to do with it, due to their easily scalable database design based on NoSQL. The industry as a whole is seeing a shift as the author states, “business intelligence applications, for instance, have started to transition from an OLAP data source in a relational database to a new type of service that connects different data sources from social networks, third-party apps and other sources” (Williams, 2012). read more...