|
Hi there,
Please am currently having serious issue since my site database is at risk.
Someone somehow or one way get access to my database and I don't know how he/she managed to do it.
Of recent I discovered various comments on post and the clients now reported to me.
When I really checked, I see that is true. The hacker have access to all registered users password and username.
So what can I do please to avoid this?
modified 14-Aug-20 3:57am.
|
|
|
|
|
Change the administrator password immediately. Then make sure all other passwords are changed as soon as possible.
|
|
|
|
|
Thanks Sir! You have always been helpful.
I have already changed the database password
|
|
|
|
|
|
Wow, thanks! I know I can count on you guys from codeproject.
I will take action right away
|
|
|
|
|
Thanks for your help so far and sorry for disturbing you.
Will it be possible for attacker to select all table names from my database without having idea of the database name or anything related using the browser address bar or any input field of my site? If yes, how can I prevent this?
And, since some of the attacks might be triggered from the broswer address bar by manipulating my site url.
My question is, can a routed url i.e www.mysite.com/user/0683 be manipulated?
If yes, how do I prevent this?
|
|
|
|
|
Otekpo Emmanuel wrote: Will it be possible for attacker to select all table names from my database without having idea of the database name or anything related using the browser address bar or any input field of my site? If yes, how can I prevent this?
Yes, if your code is vulnerable to SQL Injection[^], an attacker can still dump your entire database.
Blind SQL Injection | OWASP[^]
Hacking is child's play - SQL injection with Havij by 3 year old[^]
The fix is to always use properly parameterized queries, and never concatenate values into the query itself - especially if those values could potentially be controlled or manipulated by the user.
Otekpo Emmanuel wrote: My question is, can a routed url i.e www.mysite.com/user/0683 be manipulated?
Assuming the number is a sequential ID for your users, an attacker could try changing it to see if that can access information for other users. This is known as an Insecure Direct Object Reference (IDOR). If your code doesn't validate the user's permissions, this can lead to a security vulnerability.
Insecure Direct Object Reference Prevention - OWASP Cheat Sheet Series[^]
The fix is to always validate that the currently authenticated user has permission to access the data they are requesting.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
|
How do you call REST API inside AWS lambda function using python?
|
|
|
|
|
|
|
Hi, I have 3 different types of values that can come, like for example, I00259, T00123, C00456 etc like that, I want to check an if Else statement in my stored procedure that,
1. If a value has 6 characters in length, and starts with I and ends with a number
2. If a value has 6 characters in length, and starts with T and ends with a number and
3. If a value has 6 characters in length, and starts with C and ends with a number
I have to write different sections if the conditions satisfy, any help in SQL Server please.
|
|
|
|
|
|
|
I am not an SQL expert, but I do know how to use Google. it is a skill you need to develop.
|
|
|
|
|
Try panicking.
1, 2, and 3 are the same assignment. And, you will fail.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Someone's trying to teach you how to organize things.
Here's a way to consider what they want to teach you:
Is the first test you make the first character or the length of the string? As proposed in your (homework) question, one is a more efficient option than the other.
Another thing your being taught is "how to look up something you've never done before".
You need to make sure you can handle the latter, in particular, if you ever really want to learn how to code.
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
It would probably be easiest to test this using LIKE :
LIKE (Transact-SQL) - SQL Server | Microsoft Docs[^]
Eg: "I" followed by five numbers would be:
value LIKE 'I[0-9][0-9][0-9][0-9][0-9]'
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
How to optimize Hash Match aggregation in SQL Server execution plan for the below
SELECT ServicePointID, MAX(SP1.StartDayID) as StartDayID
FROM SP sp1
JOIN Transfr tr1 ON sp1.TransformerID = tr1.TransformerID --Hash Match
JOIN SP_Met spm1 ON spm1.ServicePointKey = sp1.ServicePointKey
JOIN Met dm1 ON dm1.MeterKey = spm1.MeterKey
WHERE sp1.StartDayID <= 20200715 AND sp1.EndDayID >= 20200616 AND sp1.CommodityType ='Electric'AND (tr1.Division = null OR NULL is null )
AND (tr1.Region = null OR NULL is null )AND MeterID IS NOT NULL
GROUP BY ServicePointID
Hash Match Aggregation 34%
|
|
|
|
|
Execution plan is depending on multiple factors.
How to optimize?
Get rid of excess colunms, get red of the date-constriction, get rid of region. Best idea; find a damn programmer.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
I am getting dead lock issue due to below transaction. Please could you help on this.
------------------------------------------------------Transaction 1------------------------------------------------------
Transactionname="DELETE"
waitresource="KEY: 6:72057594046054400 (6a6c767d8e74)"
lasttranstarted="2020-07-11T05:48:38.007"
lockMode="U"
isolationlevel="read committed (2)"
status="suspended"
DELETE FROM [Channel] WHERE FileInventoryKey IN (SELECT FileInventoryKey FROM #FileInventoryKeys)
--------------------------------------------------------Transaction 2------------------------------------------------------
Transactionname="UPDATE"
waitresource="KEY: 6:72057594046054400 (93201dea6b78)"
lasttranstarted="2020-07-11T05:48:38.007"
lockMode="U"
isolationlevel="read committed (2)"
status="suspended"
update ch set ChannelKey = c.ChannelKey
from Channel ch
join ChannelVersion c on c.ChannelID = ch.ChannelID
join Channel cc on cc.ChannelKey = c.ChannelKey and (cc.HasIntervalData = 0 and ch.IsRegister = 'true') --register channels where c.ChannelVersionKey in (select ChannelVersionKey from [#UpdatedChannels]
I have two options
1). UPD lock on the update statement
2). SET TRANSACTION ISOLATION LEVEL Snapshot
|
|
|
|
|
If you are using SQL server and the DELETE operation can be delayed or postponed try this approach …
Use an application lock to synchronize two different processes that data is being manipulated and try again later ...
Microsoft has sp_getapplock
Maybe it would work for you.
|
|
|
|
|
These are three solutions which one will be the best one and let me know if i need to change anything in the solution.
First solution :
EXEC @returnCode = Sp_getapplock
@Resource = 'Resource_stg_SqlQueueManager',
@LockMode = 'Exclusive',
@LockOwner = 'Transaction ',
@LockTimeout = 500000
Second solution
SET TRANSACTION ISOLATION LEVEL SNAPSHOT
Third solution
Update with nolock
Example :
update ch set ChannelKey = c.ChannelKey
from CRF_Channel ch with (nolock)
join ChannelVersion c on c.ChannelID = ch.ChannelID
join Channel cc on cc.ChannelKey = c.ChannelKey
and (cc.HasIntervalData = 0 and ch.IsRegister = 'true')
|
|
|
|
|
Hi, I have two columns in a table, one is Auto Identity set, and other one should be created as a string value with Id as Pad right, I have created a trigger but my lead is saying Triggers impact the performance, and to not create, is there any alternate for Triggers that would not effect Database performance at the same time do what I am expecting it to be done.
My trigger is as follows:
CREATE TRIGGER AfterInsert
ON InspectionItems
AFTER INSERT
AS
BEGIN
declare @InspectionItemNumber nvarchar(20), @InspectionItemId int
select @InspectionItemId = ins.InspectionItemId FROM INSERTED ins;
update InspectionItems set InspectionItemNumber = 'T' + RIGHT('00000'+CAST(InspectionItemId AS VARCHAR(5)),6)
where InspectionItemId = @InspectionItemId
END
GO
Is there any alternate for trigger and doing the same and preserve the performance - thanks in advance.
|
|
|
|
|
Use a computed column:
Specify Computed Columns in a Table - SQL Server | Microsoft Docs[^]
If you want to continue using a trigger, you'll need to update it to account for the fact that a trigger can be fired for multiple rows at the same time:
CREATE TRIGGER AfterInsert
ON InspectionItems
AFTER INSERT
AS
BEGIN
SET NOCOUNT ON;
UPDATE
T
SET
InspectionItemNumber = 'T' + RIGHT('00000' + CAST(InspectionItemId AS VARCHAR(5)), 6)
FROM
InspectionItems As T
INNER JOIN inserted As I
ON I.InspectionItemId = T.InspectionItemId
;
END
GO
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|