1 - Introduction - JA Smith

- Most modern web apps use a db on the back-end to store and retrieve related data such as web content or user info ![[images/Pasted image 20251202190714.png]] - In order for the web app to be dynamic, the web app must interact with the db real time - Many injection vulns are possible with web apps such as HTTP injection, code injection, SQL injection - Input validation and sanitization can guard against injection vulns - SQL injection occurs when a malicious user attempts to pass input that changes the final SQL query sent by the web application to the database, enabling the user to perform other unintended SQL queries directly against the database # Intro to DBs - Database Management System (DBMS) helps create, define, host, and manage dbs - Various kinds of DBMS were designed over time such as file-based, Relational DBMS (RDBMS), NoSQL, Graph based, and Key/Value stores - Essential features of DBMS: |**Feature**|**Description**| |---|---| |`Concurrency`|A real-world application might have multiple users interacting with it simultaneously. A DBMS makes sure that these concurrent interactions succeed without corrupting or losing any data.| |`Consistency`|With so many concurrent interactions, the DBMS needs to ensure that the data remains consistent and valid throughout the database.| |`Security`|DBMS provides fine-grained security controls through user authentication and permissions. This will prevent unauthorized viewing or editing of sensitive data.| |`Reliability`|It is easy to backup databases and rolls them back to a previous state in case of data loss or a breach.| |`Structured Query Language`|SQL simplifies user interaction with the dat| - Two-tiered architecture, where data is passed through API calls or other requests![[images/Pasted image 20251202191225.png]] # Types of DBs - DBs are generally categorized into relational and non-relational ## Relational DBs - Most common type of db - Uses a schema (i.e., a template) to specify the data structure stored in the db - Tables in a relational db are associated with keys that provide a quick database summary or access to the specific row or column when specific data needs to be reviewed - These tables, also called entities, are all related to each other - A table can have more than one key, as another column can be used as a key to link with another table - Below the `id` column is used as a key to like the `posts` table to the `users` table ![[images/Pasted image 20251202193321.png]] - When processing an integrated database, a concept is required to link one table to another using its key, called a `relational database management (rdbms)` - Many types of dbs implement the rdbms concept such as Microsoft Access, MySQL, Oracle, PostgreSQL ## Non-Relational DBs - NoSQL do not use tables, rows, and columns or prime keys, relationships, or schemas - Most common is `MongoDB` - Instead, a NoSQL database stores data using various storage models, depending on the type of data stored - Four common sotrage models for NoSQL dbs: - key-value - usually stores data in JSON or XML format - document-based - wide-column - graph - Example of the key-value model ![[images/Pasted image 20251202193554.png]] - Can also be represented using JSON ```json { "100001": { "date": "01-01-2021", "content": "Welcome to this web application." }, "100002": { "date": "02-01-2021", "content": "This is the first post on this web app." }, "100003": { "date": "02-01-2021", "content": "Reminder: Tomorrow is the ..." } } ```