Profiling Database Application to Detect SQL Injection Attacks.

Question: Describe about the Profiling Database Application to Detect SQL Injection Attacks? Answer: Solution Bus Booking System The Online Bus Ticket Reservation System is a application which is web-based permits guests to check obtainability of bus tickets, purchase bus ticket and wage the online. The scheme is exact in implementation and project. The scheme needs exact little scheme resources and the scheme will effort in nearly altogether configurations. It has acquired subsequent topographies: It will safeguard statistics correctness. Accounts will be professionally preserved by DBMS. Obtainability of seats could be queried effortlessly. Travelers can also withdraw their tickets effortlessly. Least time desirable for the numerous handling. It will deliver improved facility. User Activities The greatest actions approved out by employer are exemplified bellow The user can create account The user can edit account The user can reset password The passengers can be edited The ticket booking Deletion of account Database Creating 3 tables: Bus User Account For each table we will have following things: Bus: Arrival Destination Departure destination Arrival time Departure time FareUser: User User name User id Password Address Account: passenger details last ticket booked Sql query: For bus: create table BUS ( arrivalDest varchar2(20) , departureDest varchar2(20) , arrival_time date , dep_time date , fare decimal(5,2) , Total_seats number (2) ); For user: create table user_bus { u_Name varchar2(20), u_ID varchar2(10), password varchar2(20), address varchar2(50) ); For account: create table Account ( u_ID varchar2(10), pass_details varchar2(30), contactNo number(10), last_ticket varchar2(30) ); Registration before use sql query: Insert into table user_bus values ( ronit roy , r007 , hash007 , 110 / 07 baker street , London, U.K. ) ; Adding Passenger information : Insert into table account values ( Steve Jobs , 1234567890 ) ; Adding itinerary: Insert into table BUS values ( London , Scotland , '12-jul-15 02.10.10 PM ' , '12-jul-15 02.10.10 PM ' , 100.20 , 15 ) ; Edit passenger information : Update account set pass_details = Amanda Rose where contactNo = 1234567890 ; Delete passenger information : Delete from account where contactNo = 1234567890 ; Edit account information : Update account set contactNo = 1234567890 where pass_details = Amanda Rose ; Fuctions : Create user : Insert into table user_bus values ( Roney cole , RC101 , pass123 , 1 12 park avenue , los angeles ); Edit user information : Update user_bus set u_name = Amanda Rose where u_ID = RR101 ; Reset password : Update user_bus set password = RoseMaryMarlow9 where u_ID = RR101 ; Add another passenger : Insert into table account values ( Steffi johns , 1234567891 ) ; Edit passenger : Update account set pass_details = Amanda Rose where contactNo = 1234567890 ; Delete passenger : Delete from account where contactNo = 1234567890 ; Book ticket : Insert into table BUS values ( London , Scotland , '12-jul-15 02.10.10 PM ' , '12-jul-15 02.10.10 PM ' , 100.20 , 15 ) ; Change ticket : Update bus set arrivalDest = paris , departureDest = zurich where seat 0 ; Cancel ticket : Update bus set arrivalDest = paris , departureDest = zurich where seat = seat +1 ; Program (Java) Java code is given and attached in the file project.java. References: Bertino, E., Kamra, A. and Early, J. (2007). Profiling Database Application to Detect SQL Injection Attacks.2007 IEEE International Performance, Computing, and Communications Conference. Li, Y. and Manoharan, S. (2013). A performance comparison of SQL and NoSQL databases.2013 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (PACRIM). 3. Ilpubs.stanford.edu, (2015).Lore: A Database Management System for Semistructured Data - Stanford InfoLab Publication Server. [online] Available at: https://ilpubs.stanford.edu:8090/261/ [Accessed 2 Sep. 2015]. 4. Selinger, P., Astrahan, M., Chamberlin, D., Lorie, R. and Price, T. (1979). Access path selection in a relational database management system.Proceedings of the 1979 ACM SIGMOD international conference on Management of data - SIGMOD '79. 5. Astrahan, M., Mehl, J., Putzolu, G., Traiger, I., Wade, B., Watson, V., Blasgen, M., Chamberlin, D., Eswaran, K., Gray, J., Griffiths, P., King, W., Lorie, R. and McJones, P. (1976). System R: relational approach to database management.ACM Transactions on Database Systems, 1(2), pp.97-137. 6. Zhang, C., Naughton, J., DeWitt, D., Luo, Q. and Lohman, G. (2001). On supporting containment queries in relational database management systems.Proceedings of the 2001 ACM SIGMOD international conference on Management of data - SIGMOD '01. 7. Stonebraker, M. (1981). Operating system support for database management.Communications of the ACM, 24(7), pp.412-418. 8. McFadden, F., Prescott, M. and Hoffer, J. (1998). Modern Database Management.Addison-Wesley Longman Publishing Co., Inc., [online] p. Available at: https://dl.acm.org/citation.cfm?id=551959 [Accessed 2 Sep. 2015]. 9. Harmsen, D., Claus, H., Witte, W., Rothganger, J., Claus, H., Turnwald, D. and Vogel, U. (2003). Typing of Methicillin-Resistant Staphylococcus aureus in a University Hospital Setting by Using Novel Software for spa Repeat Determination and Database Management.Journal of Clinical Microbiology, 41(12), pp.5442-5448. 10. Dspace.utamu.ac.ug, (2015). [online] Available at: https://dspace.utamu.ac.ug:8080/xmlui/bitstream/handle/123456789/85/%5BRamakrishnan_R.,_Gehrke_J.%5D_Database_Management_S(BookFi.org).pdf?sequence=1isAllowed=y [Accessed 2 Sep. 2015]. 11. Li, Y. and Manoharan, S. (2013). A performance comparison of SQL and NoSQL databases.2013 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (PACRIM). 12. Mohan, C., Lindsay, B. and Obermarck, R. (1986). Transaction management in the R* distributed database management system.ACM Transactions on Database Systems, 11(4), pp.378-396. 13. Tsichritzis, D. and Klug, A. (1978). The ANSI/X3/SPARC DBMS framework report of the study group on database management systems.Information Systems, 3(3), pp.173-191. 14. Govindaraju, N., Gray, J., Kumar, R. and Manocha, D. (2006). GPUTeraSort.Proceedings of the 2006 ACM SIGMOD international conference on Management of data - SIGMOD '06. 15. Vldb.org, (2015). [online] Available at: https://www.vldb.org/conf/1986/P294.PDF [Accessed 2 Sep. 2015]. 16. Butterworth, P., Otis, A. and Stein, J. (1991). The GemStone object database management system.Communications of the ACM, 34(10), pp.64-77. 17. Kemper, A. and Moerkotte, G. (1994). Object-oriented database management: applications in engineering and computer science.Prentice-Hall, Inc., [online] p. Available at: https://dl.acm.org/citation.cfm?id=174450 [Accessed 2 Sep. 2015]. 18. Menasc, D. and Nakanishi, T. (1982). Optimistic versus pessimistic concurrency control mechanisms in database management systems.Information Systems, 7(1), pp.13-27.