Shulou(Shulou.com)06/01 Report--

Download address of mysql Chinese manual: http://down.51cto.com/data/2244392

Sql is injected into various positions: http://wt7315.blog.51cto.com/10319657/1828167

Sqlmap injection artifact details: http://wt7315.blog.51cto.com/10319657/1841241

The database is divided into three basic forms: (in fact, these are all well known, just for the sake of the integrity of knowledge.)

Relational database

Hierarchical database

Reticulated database

The main products of relational database management system running on Linux system are:

Enterprise servers: Oracle, Sybase, DB2

Small and medium sized servers: MySQL, PostgreSQL

Introduction and installation of MySQL

Generally speaking, the MySQL database management system has the following main characteristics:

① can run on different platforms and supports multi-user, multi-thread and multi-CPU. There is no memory overflow vulnerability.

② provides a variety of data types, supports ODBC, SSL, and supports multiple languages for development using MySQL's API

③ is the fastest database system available on the market.

There is no limit to the number of ④ users accessing the database at the same time.

⑤ can save more than 50000000 records

⑥ user rights setting is simple and effective.

Check to see if the mysql software is installed on the system, if nothing shows that it is not installed.

Rpm-qa * mysql*

Place the DVD installation CD in the CD drive and mount the CD drive to the / mnt directory.

Mount / dev/cdrom / mnt

Since this host acts as both a server and a client, the client installation package for MySQL is installed here, and the dependent package is perl-DBI. The server installation package of MySQL also depends on the perl-DBD-MySQL package.

Start, stop, restart and query startup status of MySQL service service mysqld start | stop | restart | status2. Set the automatic startup function chkconfig-- level 35 mysqld on3. Set the password of the MySQL database root account mysqladmin-u username [- h server hostname or IP address] [- p] password 'new password' the default empty password of the root user, first set the password of the root user to 123, and then change the password of the user root to 456.

Log in and log out of the MySQL environment mysql-h hostname or IP address-u user name-p user password

Then there is the knowledge of the database.

II. Database management

MySQL command

Function

Show databases

Check what databases are currently in the server

Use database name

Select the database to use

Create database database name

Create a database

Drop database database name

Delete the specified database

After mysql is installed, three databases, information_schema, mysql and test, will be created by default. The database named "mysql" is very important, in which the system information of MYSQL is stored. Users change passwords and add users, which is actually aimed at the relevant data tables in the database.

Isn't it very kind to see information_schema and play with mysql's hand-injected children's shoes?

III. Data table structure management

MySQL command

Function

Create table table name (list of field settings)

Create a data table in the current database

Show tables

Displays which data tables are in the current database

Describe [database name.] Table name

Displays the structure (field) information of the specified data table in the current or specified database

Drop table [database name.] Table name

Drop table [database name.] Table name

There must be at least one column when creating a table

IV. Viewing, insertion, modification and deletion of records

MySQL command

Function

Insert into table name (field 1, field 2, …) Values (the value of field 1, the value of field 2,...)

Insert a new record into the data table

Update table name set field name 1 = field value 1 [, field name 2 = field value 2] where conditional expression

Modify and update records in the data table

Select field name 1, field name 2... From table name where conditional expression

Find qualified records from the data table

Select * from table name

Displays records in tables in the current database

Delete from table name where conditional expression

Deletes the specified record in the data table

Delete from table name

Empty the records in the current database table

Insert an id column with a field of 17 into the wt table of the wt library.

Update the field of the id column in the wt table of the wt library to 117. 0.

V. user and rights management

Create on database name with authorized user grant permission list. Table name to username @ source address [identified by 'password']

Primary user permissions

Select

Read the data of the table

Insert

Insert data into the table

Update

Update the data in the table

Delete

Delete data from a table

Index

Create or delete the index of a table

Create

Create new databases and tables

Alter

Modify the structure of the table

Grant

Grant some of the permissions you have to other users

Drop

Delete existing databases and tables

File

Read and write files on the database server

Reload

Reload the authorization table

Process

View the currently executed query

Shutdown

Stop or shut down the mysql service

All

Have full permissions

1. Add a MySQL user named test, which allows them to log in from the local host (that is, the host where the MySQL database is located) and can only query the database student with a user password set to 123456.

Verify that the user can log in, query, and cannot do other operations, as expected.

2. View the permissions of the user

Show grants for user name @ domain name or IP address

3. Revoke the permissions of the user

Revoke permission list on database name. Table name from user name @ domain name or IP address

VI. Backup and recovery of database

(1). Directly back up the directory where the database is located

Use cp, tar and other commands to directly back up the directory where the database is stored

2. Use the mysqldump command to backup and restore

Mysqldump-u username-p [password] [option] [database name] [table name] > / backup path / backup file name

Attached: several common methods of mysqldump:

(1) Export the entire database (including the data in the database)

Mysqldump-u username-p dbname > dbname.sql

(2) Export database structure (without data)

Mysqldump-u username-p-d dbname > dbname.sql

(3) Export a data table (including data) in the database

Mysqldump-u username-p dbname tablename > tablename.sql

(4) derive the table structure of a data table in the database (excluding data)

Mysqldump-u username-p-d dbname tablename > tablename.sql

Description of common parameters:

-- all database contents in the all-databases-- backup server

-- opt-- optimizes the backup process, which is the default option

(2.) recover (import) data

Mysql-u root-p [database name] < / backup path / backup file name

7. Sql injection

The cause of SQL injection, like stack overflow, XSS and many other methods, is that unchecked or insufficiently checked user input data accidentally turns into code execution. For SQL injection, the data submitted by the user is compiled by the database system, resulting in unexpected actions of the developer. That is, SQL injection is the data input by the user. In the process of splicing SQL statements, it transcends the data itself and becomes a part of the query logic of SQL statements. Then the spliced SQL statements are executed by the database, resulting in unexpected actions of the developer.

Therefore, the fundamental means to prevent the above types of * *, or to prevent data from becoming code to be executed, to distinguish between code and data at all times. As far as SQL injection is concerned, the malicious code executed is compiled by the SQL interpretation engine of the database, so as long as the data entered by the user is not compiled by the database system.

Today's database systems all provide precompilation (prepare) of SQL statements and query parameter binding functions, place placeholders'?'in SQL statements, and then pass the placeholder SQL statements to the database for compilation, and then transmit the data entered by the user to the user as the execution parameters. This operation not only makes the SQL statements no longer need to be spliced when writing, but also looks more direct, and the data entered by the user has no chance to be sent to the database's SQL interpreter to be compiled and executed, and will not be turned into code without authorization.

How to determine SQL injection vulnerabilities

Through the above examples, we still have questions: * does not know the logic of our program code and how to write SQL statements, how does he determine whether a website has SQL injection vulnerabilities? Generally speaking, there are two ways:

1. Error prompt

If the error display is enabled on the target Web website, the user can guess the important information such as the database and development language used by the Web website by repeatedly adjusting the sent parameters and viewing the error message printed on the page.

2. Blind injection

Unless the operation and maintenance staff are negligent, most Web operation websites should shut down the error message. At this time, people will generally use the blind technique to make repeated attempts.

Sql manual injection and sql injection artifact sqlmap have been introduced in detail before. Here we supplement the theory of sql injection. See the previous article for more details on the sql injection posture.

Defense against SQL injection

For the prevention of server configuration, you should ensure that the Webserver of the production environment is off error messages. For example, the display_errors of PHP in the configuration file php.ini of the production environment should be set to Off, so the error message is turned off. Let's take a more look at how to prevent SQL injection from the coding point of view.

All programs with SQL injection vulnerabilities are because the program accepts variables input from client users or parameters passed by URL, and this variable or parameter is part of the SQL statement. We should always be vigilant about the contents entered by users or parameters passed. This is the principle of "external data can not be trusted" in the security field. Throughout the various ways in the field of Web security. Most of them are caused by developers violating this principle, so what you can naturally think of is to start with the detection, filtering and verification of variables to ensure that variables are what developers expect.

1. Check the variable data type and format

If your SQL statement is similar to where id= {$id}, and all the id in the database are numbers, then you should check to make sure that the variable id is the int type before the SQL is executed; if you accept a mailbox, you should check and strictly ensure that the variable must be in the mailbox format, and other types such as date, time and so on are the same. To sum up: as long as it is a variable with a fixed format, it should be checked strictly according to the fixed format before the execution of the SQL statement to make sure that the variable is in the expected format, which largely avoids SQL injection.

2. Filter special symbols

For variables that cannot be determined in a fixed format, special symbol filtering or escape processing must be performed. PHP, for example, usually uses the addslashes function, which adds a backslash escape before the specified predefined characters: single quotation mark (') double quote (") backslash (\) NULL.

3. Bind variables and use precompiled statements

The mysqli driver of MySQL provides support for precompiled sentences. Different programming languages have their own methods of using precompiled sentences.

4. Database information encryption security

In Web development, traditional encryption and decryption can be roughly divided into three categories:

1. Symmetric encryption: that is, both the encryption side and the secret side use the same encryption algorithm and key. The preservation of the key in this scheme is very critical, because the algorithm is public and the key is confidential. Once the key is disclosed, * can still be easily decrypted. Common symmetric encryption algorithms are: AES, DES and so on.

2. Asymmetric encryption: even if different keys are used for encryption and decryption, the key is divided into public key and private key, the data encrypted with private key must be decrypted with public key, and the data encrypted with public key must be decrypted with corresponding private key. Common asymmetric encryption algorithms are: RSA and so on.

3, irreversible encryption: the use of hash algorithm to make the data encrypted can not be decrypted back to the original data, such hash algorithms commonly used are: md5, SHA-1 and so on.

Summary of sql Defense

1. Do not turn on the error display of Webserver in production environment at will.

2. Never trust the input of variables from the client. Variables with fixed format must strictly check the corresponding format, and variables without fixed format need to filter and escape special characters such as quotation marks.

3. Use precompiled SQL statements that bind variables.

4. Do a good job of database account authority management.

5. Strictly encrypt and deal with users' confidential information.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.