|
For an article I want to write I need a large sample database.
A bit like Northwind but with many records.
I could have based in on Northwind but I'd like to be able to use it (for comparison) on any database and not being in violation of Microsoft licenses.
I therefore wrote a script that create a few tables from scratch and a lot of data into it.
If you're mad enough to try it (you got the source below).
This is pretty much textbook to speak to database beginners but hopefully with enough relationship to make interesting queries.
It will create 5 classic tables (record count in the box):
+- Client -+ +--Order----+
| 100,000 |<---| 500,000 |
+----------+ +-----------+
| ^
| |
v |
+- Occupation-+ |
| 330 | |
+-------------+ |
|
|
|
+- Product -+ +--OrderLine--+
| 1,554 |<----------| 3,137,991 |
+-----------+ +-------------+
I hope you appeciate this fantastic Ascii-Art
I am trying to have a shortish script (a few kilobytes) that can quickly generate enough data to show the impact of indexes.
The script takes 6 minutes to run on my laptop
I worked hard on faking meaningful data.
This is one the first client looks like:
ClientId 1
FirstName: Jimmy
MiddleName: Lawrence
LastName: Mcpherson
Gender: M
DateOfBirth: 24:28.8
CreditRisk: 2
XCode: AZ3 1KN
OccupationId: 228
TelephoneNumber: (123) 822 - 3268
Street1: 468 Old Barnes Street
Street2: 2nd Floor
City: Sacramento
ZipCode: 83319
Longitude: 38.46202086
Latitude: 120.999543
Notes: In aute sunt et ea sed ex tempor. Et ex non eu anim ad. Id velit aliqua. Elit id do qui quis. Sed fugiat ex. Sunt ipsum ut eu ad sint. Enim magna animus lorem eu eu culpa. Sint nostrud irure ipsum amet amet. Sed do mollit irure nisi. Elit ut sint est ea culpa. Sit aute enim culpa deserunt ad ea. Eu velit et ex minim ad. Eu do enim non ad ad. Exclamo amet est. Nulla enim ex. Do ad ea ullamco ex. Magna excepteur ipsum ad non sunt eu non. Animus ut elit. Ut et est aute. Do cillum non ad sunt do enim. Ex non ea ea. Et id id sint duis. In in et. Id duis ipsum. Aute velit ut. Amet enim velit elit. Id occaecat ea. Sunt minim exclamo. Do ad et id id ipsum lorem. Qui qui do sunt ad. In exclamo do. Ipsum ad sed. Et ex ea. Et ullamco sunt nisi ex. Sunt eu quis lorem. Amet id sit ipsum. Non aute eu nisi. Ad et quis sed. Eu veniam nisi duis in sint non. Laboris sunt elit aute. Aliqua elit ad do. Culpa et ea. Esse in elit id. Ea ex elit. Est mollit ea nisi esse qui. Ad nisi in labore. Non ad veniam sed.
And this is the first product
ProductId: 1
Name: White fleece fabric
Price: 5.50
Active: 1
Stock: 319.740
If you got a minute or two (or 6) I am available for comments.
Would you format the database differently.
Is there enough data for proper real case scenarios?
http://pastebin.com/md3Sbr55[^]
|
|
|
|
|
Try Google for a large test database. I have seen various ones over the years but cannot remember where.
|
|
|
|
|
Hi,
How to take SQL Server backup automatically at a given schedule.
Thankyou,
YPKI
|
|
|
|
|
Have a read of this Maintenance plans[^]
Lobster Thermidor aux crevettes with a Mornay sauce, served in a Provençale manner with shallots and aubergines, garnished with truffle pate, brandy and a fried egg on top and Spam - Monty Python Spam Sketch
|
|
|
|
|
Are you using Express? If not look into SQL Server Agent Job.
|
|
|
|
|
write sql server job or sp for automatic backup and schedule it using sql server agent..
|
|
|
|
|
|
Create a SP that will Take Backup of The Required dataBase
And Run The SP through SQl JOb
|
|
|
|
|
Hi Friends,
I am recently working on a Security and penetration testing project.I am able to get the Admin Page of the application.There are a lot of ways to proceed further now,can you suggest me some of the better way than others.
Database used is ORACLE and application developed in the aspx.
modified 4-Oct-11 2:39am.
|
|
|
|
|
Do you really think that someone is going to explain how to hack into a database and bypass the authentication so you can go and indulge in criminal activities? On a public forum?
|
|
|
|
|
I am not indulging into any criminal activity,i also know the consequences and your concern is really appreciable. May be i am asking about dark area of IT.But if you can share some knowledge on it,it will be helpful.
Thanks
|
|
|
|
|
Nobody, is going to provide this sort of information on a public forum, even if they have it.
|
|
|
|
|
If we do not share the information then how we can avoid attacks.I know public forum is that kind of place to share that kind of information but we can find some other way.
|
|
|
|
|
If intentions are good to improve the security features,then we can help each other,mode of communication can be different.
|
|
|
|
|
How do we know your intentions are good?
|
|
|
|
|
This is the major drawback when we are talking to each other on a virtual environment that there is no button called "Trust Authentication".But i can only tell you that go through my profile on internet(Facebook:Search Harry kaizen Ivon) if you feel like,as i don't have any intentions check-o-meter to make someone believe that i am a good man with really good intentions to improve the holes in the systems.
Thanks for a great question.
|
|
|
|
|
The fact that you do not seem to understand the issues here speaks volumes about your suitability for the task you are asking about.
|
|
|
|
|
There is an obvious test to try - however I am not going to tell you because:
(1)Anyone with any serious experience of databases will know about this.
(2)If you are working on a security testing project and are having to ask this question then you should not be on that project.
(3)As others have said how can we trust your intentions?
[edit ] in your favour with regards to (1) I have come across a few 'experienced' DBA's who themselves have not heard about this 'feature'...
Continuous effort - not strength or intelligence - is the key to unlocking our potential.(Winston Churchill)
modified 3-Oct-11 4:31am.
|
|
|
|
|
GuyThiebaut wrote: this 'feature'...
Oh, you mean xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ?
Cheers,
Peter
Software rusts. Simon Stephenson, ca 1994.
|
|
|
|
|
I think you do not believe in
Continuous effort - not strength or intelligence - is the key to unlocking our potential.(Winston Churchill)
|
|
|
|
|
I do!
You just need to ask your question another 1,000,000,000,000,000,000 times and people will give you the answer - that's what I do and it always works
[edit] I think the reason why you have not had an answer so far is that the information you seek can be used to both protect and attack a system(that's why I won't give you the information)...
Continuous effort - not strength or intelligence - is the key to unlocking our potential.(Winston Churchill)
|
|
|
|
|
Before asking u i had already asked 2*999,999,999,999,999,999 times
Thanks for your support mate.
Some hints would certainly help.
|
|
|
|
|
HARISHCHOWDHARY wrote: Now please suggest me the ways to get into the database and to bypass the
authentication mechanisms so that i can suggest the improvements of the security
features of the application under test.
1. You can research that and buy books on the subject.
2. I would suggest that you tell your employer (presumably there is one) that you are not the best person to do this because real testing requires real and substantial knowledge. Without that such testing is unlikely to be close to sufficient.
|
|
|
|
|
Can you suggest me the name of the books as i have lot of them but in case if i missed an important one,, it will be a great help.
Thanks
|
|
|
|
|
As others have pointed out, you aren't likely to get an answer here. There are two reasons:
1. Even if we believe that your intentions are good, this is a public forum which means that the answer is available for anybody to see; and we don't know their intentions.
2. Pen testing is a huge topic, best left to professionals. You can train in this side, and this might be your best option.
|
|
|
|