Shortest SQL Injection Attack syntax

Overview
=======
In many cases, the user’s input is limited to a specific length.
Although the user’s input length is limited, many times the server is vulnerable to SQL Injection attack’s.
In this post, we’ll discuss two scenarios and how SQL injections attacks are being exploited using shortest SQL injection attack syntax.

Get Database Name through 2-fields attack
==============================
In this scenario, the attacker attacks a web application which receives First-Name and Last-Name, and outputs its matched e-mail address. (see appendix A)

The original SQL query sent to the database is:

select EmailAddress from Person.Contact where FirstName = ‘@fn’ and LastName = ‘@ln’; –where @fn and @ln are the user’s input.

In order to get the database name, the attacker can …

After a short sprint for PHP 5.4 beta, which is on its way with mysqlnd as a configuration default for all three PHP MySQL extensions, we continued working on the mysqlnd replication plugin (PECL/mysqlnd_ms). Please, find a high level overview presentation further below in this blog post. Because replication support is added at the mysqlnd library level, it is almost transparent from an applications point of view. If you are new to mysqlnd plugins, think of it as a proxy. A proxy that you can drop-in to any existing PHP MySQL application.

Significant progress has been made since the initial alpha release: new powerful configuration syntax, many limitations on lazy connections lifted, countless issues identified and fixed through …

After a short sprint for PHP 5.4 beta, which is on its way with mysqlnd as a configuration default for all three PHP MySQL extensions, we continued working on the mysqlnd replication plugin (PECL/mysqlnd_ms). Please, find a high level overview presentation further below in this blog post. Because replication support is added at the mysqlnd library level, it is almost transparent from an applications point of view. If you are new to mysqlnd plugins, think of it as a proxy. A proxy that you can drop-in to any existing PHP MySQL application.

Significant progress has been made since the initial alpha release: new powerful configuration syntax, many limitations on lazy connections lifted, countless issues identified and fixed through …

I was trolling the MySQL forums web site and noticed a post regarding someone who was trying to load a 50-gigabyte MySQL dump file. The author of the post had stated that the loading of the file had been running for days, and was wondering if there was a better way to import the file. They did not have access to anything else (i.e. – original database) but this file.

I have had to restore several databases in the past from a single large MySQL dump file – which led me to start backing up each database individually. These databases are for my own personal use and are not updated that often, so I don’t need to have point-in-time recovery – and so a MySQL dump works just fine. If I had a production system, I would invest in the MySQL Enterprise Backup and the MySQL Enterprise Monitor …

I have just signed the contract for High Performance MySQL, Third Edition. The third edition will include major updates and new content in these areas:

• Recent performance and reliability advances, particularly in MySQL 5.5 and the InnoDB storage engine.
• A new chapter on using MySQL in cloud computing environments.
• Updates on modern hardware, including many CPUs, large memory, and solid-state storage.
• Improvements in clustering and high availability, including middleware and third-party solutions.
• Improvements in replication.
• New material on profiling MySQL, benchmarking, and tools and techniques to help you measure, monitor, and manage your MySQL installations.

The book will be available for purchase early next year. It’s been a great three years since the second edition was published, and …

The binary version for MySQL Cluster 7.1.15a has now been made available at http://www.mysql.com/downloads/cluster/ (GPL version) or https://edelivery.oracle.com/ (commercial version)

A description of all of the changes (fixes) that have gone into MySQL Cluster 7.1.15a (compared to 7.1.15) can be found in the official MySQL Cluster documentation for Cluster 7.1.15a Change log.

Some time ago I was already writing about the power included with mysqlnd plugins and how they can they can be used transparently to help you with your requirements without changing your code. But well, as mysqlnd plugins in fact are regular PHP extensions they can export functions to the PHP userland and providing complete new functionality.

In my spare time I'm currently writing a shiny Web 2.0 application where I'm heavily using AJAX-like things, so what I do quite often in this application is, basically this: Check some pre-conditions (permissions etc.) then select some data from the database, do a fetch_all to get the complete result set as an array and run it through json_encode; or to have it in code:

<?php
$m = new MySQLi(/*...*/);
check_whether_the_user_is_checked_in_and_allowed_to_see_this();
$result = …

Among all of them, MySQL database maintenance and repair is the most responsible activity of a database administrator.

MySQL Cluster Manager 1.1.2 is now available to download and try from Oracle E-Delivery (select “MySQL Database” as the product pack). Something that’s new and really cool in the new version is that you can download a version of MCM that actually includes the MySQL Cluster software itself and then you can have MCM automatically define, create and start a single-host cluster deployment for you with just the command “mcmd –bootstrap”. This post aims to show that it’s really as simple as that!

I’ve been playing with Windows recently and so I’ll use that for this example but things would be very similar on other platforms.

Step 1 Download from E-Delivery and extract the zip file

Step2 Start your first cluster! …

I have just signed the contract for High Performance MySQL, Third Edition. The third edition will include major updates and new content in these areas: Recent performance and reliability advances, particularly in MySQL 5.5 and the InnoDB storage engine. A new chapter on using MySQL in cloud computing environments. Updates on modern hardware, including many CPUs, large memory, and solid-state storage. Improvements in clustering and high availability, including middleware and third-party solutions.