Labs ICT
โญ Pro Login

Database Security

Authentication, authorization, encryption, and SQL injection prevention.

Protecting Your Data

Databases store your most valuable asset โ€” data. Security measures protect it from unauthorized access, breaches, and loss.

Authentication and Authorization


  -- Create a user
  CREATE USER 'app_user'@'localhost' IDENTIFIED BY 'password123';

  -- Grant specific privileges
  GRANT SELECT, INSERT, INSERT ON mydb.* TO 'app_user'@'localhost';

  -- Revoke privileges
  REVOKE DELETE ON mydb.* FROM 'app_user'@'localhost';

  -- Show privileges
  SHOW GRANTS FOR 'app_user'@'localhost';

  -- Drop user
  DROP USER 'app_user'@'localhost';

SQL Injection


  DANGEROUS: User input directly in query
  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
  โ”‚ "SELECT * FROM users WHERE name = '"        โ”‚
  โ”‚ + username + "' AND pass = '" + password + "'โ”‚"
  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

  If username = "'; DROP TABLE users; --"
  The query becomes:
  SELECT * FROM users WHERE name = ''; DROP TABLE users; --' AND pass = ''
  โ†’ Deletes your entire users table!

  SAFE: Use parameterized queries
  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
  โ”‚ SELECT * FROM users WHERE name = ? AND pass = ?โ”‚
  โ”‚ (values bound separately, never executed as SQL)โ”‚
  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

Always use parameterized queries or prepared statements. Never concatenate user input into SQL strings.

Encryption

  • Encryption at rest โ€” Data is encrypted on disk. Even if someone steals the hard drive, they can't read it without the key.
  • Encryption in transit โ€” Data is encrypted between client and server using TLS/SSL.
  • Column-level encryption โ€” Sensitive columns (passwords, credit cards) are encrypted individually.

๐Ÿงช Quick Quiz

What is SQL injection?