How does Azure protect me from SQLi and malicious insiders?
Im writing a thesis on cloud security and I was wondering if someone with knowledge could tell me how Azure protects my application from SQLi. And also how they reduce the risk of Malicious insiders, not only by policy but also by technical implementations.
As I understand it, Azure doesn't provide any additional protections against things like SQL Injection than you'd have if you hosted the SQL server yourself.
SQL Injection relates more to the code being run in conjunction with the database, either through the code you write in your stored procedures, or the code written in your application which then calls SQL for it's data. Protecting against SQL Injection is
done at this level, not at the base SQL level, so Azure doesn't make a difference.
Things like not sanitising the information inputted to your application puts you at risk, eg ensuring that when someone enters their name on a website form that it really is just a name (so no special characters, no single quotes etc) before passing that
information to SQL.
In terms of malicious insiders, well Azure does provide protection in terms of firewall restrictions etc, but that's realistically no different to if you had your own SQL server sitting in front of a firewall. In the same way as you would with your own dedicated
SQL server, if you grant users permission to access the database then there's no way to prevent them from doing what they want.
Similar Messages
-
How does one protect information from "bot net" hacking?
How does one protect information from "bot net" hacking?
[[How to fix preferences that won't save]] may help
-
What does it mean by Stream and how does it is different from Class?
What does it mean by Stream and how does it is different from Class?
www.dictionary.com does
Stream: An abstraction referring to any flow of data from a source (or sender, producer) to a single sink (or
receiver, consumer).
Class:
The prototype for an object in an
object-oriented language; analogous to a derived type in a
procedural language. A class may also be considered to be a
set of objects which share a common structure and behaviour.
The structure of a class is determined by the class
variables which represent the state of an object of that
class and the behaviour is given by a set of methods
associated with the class. -
I have changed my Apple ID from an old email to a new one. But It keeps coming up with my old email and asking for my old password. How do i stop this from happening and get it onto my new one? Its on my Ipad and iphone 5, please help as its doing my head it
How do you update it? Basically what has happened my password was disabled for "security reasons" on sunday (21/10/12), so i tried to reset it, but for some reason i couldnt get into my old email (probably because i havent used it for 2 years), so i read on here i could swap it to a new email that i currently use (which is what i have done) ive swapped everythin over to it (facetime, iCloud etc) but keeps coming up with old email and asking for password
-
How does one import photographs from Picasa to Photoshop?
How does one import photographs from Picasa to Photoshop?
Another ooption is to use a neat little gadget called an i-Flashdrive.
It can be used to transfer pictures between IOS devices. I recently got one from Amazon and it allows me to quickly and conveniently transfer pictures between my partner's and my iPhones and iPads. -
How i can protect my mac os and applications?
Hello,
Please answer me.
How i can protect my mac os and applications from "migraton assistant" copy?
Thanks a lotAlthough I have never used Migration Assistant I think it only works by Logging into the other computer, whether Mac or PC, with some type of code or knowing a valid username and the password for that username.
In that case Password Protect all your user accounts on all computers and when walking away from a computer set it into sleep mode with the option to require a password when waking.
If you are working in an environment where thieves thrive then always lock your system with a Password. -
When setting up sync how does sync manage information from two computers? Does it merge the information?
Hi!
Yes, the way Sync works is that it puts all the Bookmarks together and pushes them to all your devices. Same with History.
You will not loose any information in any of your computers. -
How do I delete items from Exchange and resynch to fix a bug in Apple Mail?
How do I delete items from Exchange and resynch to fix a bug in Apple Mail? Mail does not synch with iCal. Many more Mail problems that may need this fix.
Is This you want...?
The best solution is the one you find it by yourself
Attachments:
BD_Image.JPG 9 KB -
How does one uninstall software from macbook pro?
How does one uninstall software from macbook pro?
I realized there was a super-easy solution to find the uninstall function to uninstall ProTools. i simply typed in uninstall protools in the internal search field (the one in the top right corner). Viola, there was the uninstall window and click, the software was gone. super easy!
-
How does one copy songs from an iPod nano to a new computer?
How does one copy songs from an iPod nano to a new computer?
You can't add any iOS to a Nano since it doesn't run iOS.
For iTunes purchased music connect to your computer and in iTunes go to File > Transfer purchases.
For non-iTunes music you will need 3rd party software. Assuming you have a Windows computer try Yamipod. -
Got a new ipod nano 7. Have music on both Windows 7 laptop and mac. How do i pull music from both and put them on my ipod. Thanks
Yes.
tomfromlong beech wrote:
"Remember one one level of subfolders is allowed." Does this mean that you can have as many subfolders as you want, but they can only be one level deep under the main folder? -
How does a BPEL different from ESB?
How does a BPEL different from ESB?
BPEL and ESB are similar on higher level,
they can both be used to integrate system/process and make data flow between them.
BPEL is for designing process
1.) Where human task is involved
2.) Lot of complex looping is there
ESB
1.) Its designed for integrating different system/process and make data flow between them,
2.) Its designed to do this very purpose, so fast in comparison to BPEL to do this
Yatan -
How does switching capacity of Nexus 7710 and Nexus 7718 calculate?
Hi everybody.
I found the nexus 7700 Fabric datasheet there was 220G per slot.
For example, the nexus 7710.
There was 220G per slot per fabric module and result is 6*220G*8=10560G, duplex is 21120G=21T.
How does the 42T came from?Hi,
The 42 Tbps number Cisco are quoting is for the Nexus 7718 platform. If you look at the Cisco Nexus 7700 Switches Data Sheet you'll see it quotes:
The Cisco Nexus 7710 has six fabric module slots to provide simultaneously active fabric channels to each of the I/O and supervisor modules. Through the parallel forwarding fabric architecture, the Cisco Nexus 7710 can achieve 21 Tbps of forwarding capacity or more.
And for the Nexus 7718:
The Cisco Nexus 7700 18-Slot Switch has six fabric module slots to provide simultaneously active fabric channels to each of the I/O and supervisor modules. Through the parallel forwarding fabric architecture, the Cisco Nexus 7700 18-Slot Switch can achieve 42 Tbps of forwarding capacity or more.
So for the Nexus 7718 platform we have 220 Gbps * 6 Fabric Modules * 16 I/O slots totaling 21,120 Gbps. If we double that for full duplex we'll have 42,240 Gbps or 42 Tbps.
Regards -
How to retrieve multiple data from table and represent it in jsp page
Hi
The below JavaScript code is used to add row in the table when I want to add multiple row data into table for single entry no field.
<html> function addRow()
i++;
var newRow = document.all("tblGrid").insertRow();
var oCell = newRow.insertCell();
oCell.innerHTML = "<input name='srno"+i+"' type='text' id='srno"+i+"' size=10>";
oCell = newRow.insertCell();
oCell.innerHTML = "<input name='itmcd"+i+"' type='text' id='itmcd"+i+"' size='10'>";
oCell = newRow.insertCell();
oCell.innerHTML = "<input name='itmnm"+i+"' type='text' id='itmnm"+i+"' size='15'>";
oCell = newRow.insertCell();
oCell.innerHTML = "<input name='indentqty"+i+"' type='text' id='indentqty"+i+"' size='10'>";
oCell = newRow.insertCell();
oCell.innerHTML = "<input name='uom"+i+"' type='text' id='uom"+i+"' size='10'><input type='hidden' name='mcode"+i+"'id='mcode"+i+"'>";
oCell = newRow.insertCell();
oCell.innerHTML = "<input name='packqty"+i+"' type='text' id='packqty"+i+"' size='10'>";
oCell = newRow.insertCell();
oCell.innerHTML = "<input name='packuom"+i+"' type='text' id='packuom"+i+"' size='10'><input type='hidden' name='pack"+i+"' id='pack"+i+"'>";
oCell = newRow.insertCell();
oCell.innerHTML = "<input name='rate"+i+"' type='text' id='rate"+i+"' size='10'>";
oCell = newRow.insertCell();
oCell.innerHTML = "<input name='dor"+i+"' type='text' id='dor"+i+"' size='0' onClick='"+putdate(this.name)+"'>";
oCell = newRow.insertCell();
oCell.innerHTML = "<input name='bccode"+i+"' type='text' id='bccode"+i+"' size='10'></td><input type='hidden' name='bcc"+i+"' id='bcc"+i+"'>";
oCell = newRow.insertCell();
oCell.innerHTML = "<input name='cccode"+i+"' type='text' id='cccode"+i+"' size='10'></td><input type='hidden' name='ccc"+i+"' id='ccc"+i+"'>";
oCell = newRow.insertCell();
oCell.innerHTML = "<input name='remark2"+i+"' type='text' id='remark2"+i+"' size='20'>";
oCell = newRow.insertCell();
oCell.innerHTML = "<input type='button' value='Delete' onclick='removeRow(this);' />";
// oCell = newRow.insertCell();
// oCell.innerHTML = "<input type='button' value='Clear' onclick='clearRow(this);' />";
}<html> Then this data are send to the next Servlet for adding into two table.
My header portion data are added into one table which added only one row in table. while footer section data are added into the no of rows in another table dependent on No. of
Rows added into jsp page.
Here is an code for that logic.
<html>
ArrayList<String> mucode = new ArrayList<String>();
ArrayList<Integer> serials = new ArrayList<Integer>();
ArrayList<Integer> apxrate = new ArrayList<Integer>();
ArrayList<Integer> srname = new ArrayList<Integer>();
ArrayList<String> itcode = new ArrayList<String>();
ArrayList<String> itname = new ArrayList<String>();
ArrayList<Integer> iqnty = new ArrayList<Integer>();
ArrayList<String> iuom = new ArrayList<String>();
ArrayList<Integer> pqnty = new ArrayList<Integer>();
ArrayList<String> puom1 = new ArrayList<String>();
ArrayList<Integer> arate = new ArrayList<Integer>();
ArrayList<String> rdate = new ArrayList<String>();
ArrayList<String> bcs = new ArrayList<String>();
ArrayList<String> ccs = new ArrayList<String>();
ArrayList<String> remarkss = new ArrayList<String>();
//ArrayList<Integer> qtyrecs = new ArrayList<Integer>();
//ArrayList<String> dors = new ArrayList<String>();
//ArrayList<String> remarks = new ArrayList<String>();
String entryn = request.getParameter("entryno");
String rows = request.getParameter("rows");
out.println(rows);
//String Entryno = request.getParameter("entryno");
// out.println(Entryno);
int entryno = 0,reqqty = 0,srno = 0,deprequest = 0,rowcount = 0;
if(!Entryno.equals("")){
entryno = Integer.valueOf(Entryno);
if(!rows.equals("")){
rowcount = Integer.valueOf(rows);
for(int i=1;i<=rowcount;i++){
if(request.getParameter("srno"+i)!=null){
serials.add(Integer.valueOf(request.getParameter("srno"+i).trim()));
out.println(serials.size());
for(int i=1;i<=rowcount;i++){
if(request.getParameter("srno"+i)!=null){
srname.add(Integer.valueOf(request.getParameter("srno"+i).trim()));
out.println(srname.get(0));
for(int i=1;i<=rowcount;i++){
if(request.getParameter("itmcd"+i)!=null){
itcode.add(request.getParameter("itmcd"+i).trim());
} //out.println(itcode.get(i));
for(int i=1;i<=rowcount;i++){
if(request.getParameter("itmnm"+i)!=null){
itname.add(request.getParameter("itmnm"+i).trim());
}//out.println(itname.get(i));
for(int i=1;i<=rowcount;i++){
if(request.getParameter("indentqty"+i)!=null){
iqnty.add(Integer.valueOf(request.getParameter("indentqty"+i).trim()));
for(int i=1;i<=rowcount;i++){
if(request.getParameter("uom"+i)!=null){
iuom.add(request.getParameter("uom"+i).trim());
}//out.println(iuom.get(i));
for(int i=1;i<=rowcount;i++){
if(request.getParameter("mcode"+i)!=null){
mucode.add(request.getParameter("mcode"+i).trim());
for(int i=1;i<=rowcount;i++){
if(request.getParameter("packqty"+i).equals("")){
pqnty.add(0);
}else
pqnty.add(Integer.valueOf(request.getParameter("packqty"+i).trim()));
for(int i=1;i<=rowcount;i++){
if(request.getParameter("pack"+i)!=null){
puom1.add(request.getParameter("pack"+i).trim());
}else
puom1.add("");
for(int i=1;i<=rowcount;i++){
if(request.getParameter("rate"+i).equals("")){
arate.add(0);
}else
arate.add(Integer.valueOf(request.getParameter("rate"+i).trim()));
/* for(int i=1;i<=rowcount;i++){
if(request.getParameter("rate"+i)!=null){
arate.add(Integer.valueOf(request.getParameter("rate"+i).trim()));
for(int i=1;i<=rowcount;i++){
if(request.getParameter("dor"+i)!=null){
try{
rdate.add(dashdate.format(slashdate.parse(request.getParameter("dor"+i).trim())));
}catch(ParseException p){p.printStackTrace();}
}else
{ rdate.add("");}
for(int i=1;i<=rowcount;i++){
if(request.getParameter("bcc"+i)!=null){
bcs.add(request.getParameter("bcc"+i).trim());
}out.println(bcs.get(0));
for(int i=1;i<=rowcount;i++){
if(request.getParameter("ccc"+i)!=null){
ccs.add(request.getParameter("ccc"+i).trim());
}out.println(ccs.get(0));
for(int i=1;i<=rowcount;i++){
out.println("remark2");
if(request.getParameter("remark2"+i)!=null){
remarkss.add(request.getParameter("remark2"+i).trim());
}out.println(remarkss.get(0));
ArrayList<String> Idate = new ArrayList<String>();
for(int i=1;i<=rowcount;i++){
if(request.getParameter("dateindent"+i)!=null){
try{
Idate.add(dashdate.format(dashdate.parse(request.getParameter("dateindent"+i).trim())));
}catch(ParseException p){p.printStackTrace();}
String Rdate = dashdate.format(new java.util.Date());
String tdate = dashdate.format(new java.util.Date());
// String Indentdate = dashdate.format(new java.util.Date());
// String ApprovedT1 = dashdate.format(new java.util.Date());
// String ApprovedT2 = dashdate.format(new java.util.Date());
// String ApprovedT1=" ";
//String ApprovedT2="";*/
String ApprovedT1= dashdate.format(new java.util.Date());
out.println (ApprovedT1);
String ApprovedT2=dashdate.format(new java.util.Date());
out.println(ApprovedT2);
String Indentdate=(dashdate.format(slashdate.parse(request.getParameter("dateindent").trim())));
out.println(Indentdate);
String Cocode ="BML001";
out.println(Cocode);
String Deptcode = request.getParameter("dept1");
out.println(Deptcode);
String Empcode = request.getParameter("emp");
out.println(Empcode);
String Refno =request.getParameter("rtype");
out.println(Refno);
String Divcode = request.getParameter("todiv1");
out.println(Divcode);
String Usercode = "CIRIUS";
String Whcode = request.getParameter("stor");
out.println(Whcode);
// String Itemgroupcode = request.getParameter("");
String Itemgroupcode ="120000";
out.println(Itemgroupcode);
String Supplytypecode = request.getParameter("stype");
out.println(Supplytypecode);
String Delcode = request.getParameter("deliverycode");
out.println(Delcode);
String Itemclass="WS";
out.println(Itemclass);
// String Itemclass = request.getParameter("iclass");
// out.println(Itemclass);
String unitcode = request.getParameter("uni");
out.println(unitcode);
String Todivcode = request.getParameter("todiv1");
out.println(Todivcode);
String Appxrate = request.getParameter("rate");
out.println(Appxrate);
String Srno = request.getParameter("srno");
out.println(Srno);
/* String Indqty = request.getParameter("indentqty");
out.println(Indqty);*/
String Itemcode = request.getParameter("itmcd");
out.println(Itemcode);
String Othersp = request.getParameter("remark1");
out.println(Othersp);
String Reqdt = request.getParameter("dor");
out.println(Reqdt);
String Munitcode = request.getParameter("mcode");
out.println(Munitcode);
String Packqty = request.getParameter("packqty");
out.println(Packqty);
String Packuom = request.getParameter("pack");
out.println(Packuom);
String Remark2 = request.getParameter("remark2");
out.println(Remark2);
String BC = request.getParameter("bcc");
out.println(BC);
String CC = request.getParameter("ccc");
out.println(CC);
try{
st=connection.createStatement();
connection.setAutoCommit(false);
String sql="INSERT INTO PTXNINDHDR(COCODE,DEPTCODE,EMPCODE,APPROVEDT1,APPROVEDT2,INDDT,ENTRYNO,REFNO,REMARKS,DIVCODE,USERCODE,WHCODE,ITEMGROUPCODE,SUPTYPECODE,DELCODE,UNITCODE,TODIVCODE,ITEMCLASS)VALUES('"+Cocode+"','"+Deptcode+"','"+Empcode+"','"+ApprovedT1+"','"+ApprovedT2+"','"+Indentdate+"',"+Entryno+",'"+Refno+"','"+Othersp+"','"+Divcode+"','"+Usercode+"','"+Whcode+"','"+Itemgroupcode+"','"+Supplytypecode+"','"+Delcode+"','"+unitcode+"','"+Todivcode+"','"+Itemclass+"')";
out.println(sql);
st.addBatch(sql);
for(int i=0;i<serials.size();i++){
out.println("Inside the Statement");
String query3="test query for u";
out.println(query3);
String queryx="Insert into PTXNINDDTL(APXRATE,ENTRYNO,BRKNO,INDQTY,ITEMCODE,OTHERSPFCS,MUNITCODE,PACKQTY,PACKUOM,REMARKS,DIMSUBGRPCODE,DIMCODE,REQDT)VALUES("+arate.get(i)+","+entryno+","+srname.get(i)+","+iqnty.get(i)+","+itcode.get(i)+",'"+Othersp+"','"+mucode.get(i)+"',"+pqnty.get(i)+",'"+puom1.get(i)+"','"+remarkss.get(i)+"','"+bcs.get(i)+"','"+ccs.get(i)+"','"+rdate.get(i)+"')";
out.println(queryx);
st.addBatch(queryx);
int[] result=st.executeBatch();
connection.commit();
for(int k=0;k<result.length;k++)
out.println("rows updated by "+(k+1)+"insert sta:"+result[k]+"");
catch(BatchUpdateException bue)
out.println("error1;"+bue+"");
catch(SQLException sql)
out.println("error2;"+sql+"");
catch(Exception l)
out.println("error3;"+l+"");
</html>
Now I looking for to retrieve this footer section data available in multiple rows from footer table and present it in jsp page .
I am finding difficulties in how to show this multiple row data for dynamic no of rows .i.e. variable no. of rows.
I have able to show the data in Header portions of page in this ways
here i am adding the part of code which shows the data from header part of table i.e from Header table
<html>
<h2 align="center"><b>Indent Preparation</b></h2>
<div align="left">
<table width="849" border="0" cellspacing="3" cellpadding="3" align="center">
<tr>
<td ><div align="left"><b>Indent No.</b></div></td>
<td ><label>
<input name="indentno" type="text" id="indentno" size="15" value="" /><input type="hidden" name="no" id="no">
</label></td>
<td ><div align="center"><strong>Indent Date</strong></div></td>
<td ><label>
<div align="center">
<input name="dateindent" type="text" id="dateindent"value="<%=date1%>"/><input type="hidden" name="no" id="no">
</div>
</label></td>
<td> </td>
<td><div align="right"><strong>Entry No.</strong></div></td>
<%if(oper!=null && oper.equals("view") && hdrcode!=null && hdrdetails!=null){%>
<td><input type="text" value="<%=hdrcode.get(3)%>" size="10"></td>
<%}else{%>
<td><input type="text" name="entryno" id="entryno" value="<%=entryNo%>"/></td>
<%}%>
<div align="right"></div>
</tr>
<tr>
<td><b>Division</b></td>
<%if(oper!=null && oper.equals("view") && hdrcode!=null && hdrdetails!=null){%>
<td><input type="text" value="<%=hdrdetails.get(9)%>" size="20"</td>
<td><input type="hidden" name="div1" id="div1" value='<%=hdrcode.get(10)%>'></td>
<%}else{%>
<td><input type="text" name="div" id="div" /></td>
<td><input type="hidden" name="div1" id="div1" /> </td>
<%}%>
<td> </td>
<td> </td>
<td><div align="right"><strong>Unit</strong></div></td>
<%if(oper!=null && oper.equals("view") && hdrcode!=null && hdrdetails!=null){%>
<td><input type="text" value="<%=hdrdetails.get(14)%>" size="20"</td>
<td><input type="hidden" name="uni" id="uni" value='<%=hdrcode.get(12)%>'></td>
<%}else{%>
<td><input type="text" name="unit" id="unit" /></td>
<td><input type="hidden" name="uni" id="uni" /> </td>
<%}%>
</tr>
<tr>
</html>
Any suggestion on any above works is highly appreciated.
Thanks and regards
harshalToo much code. It's also not well intented nor formatted. I don't see a question either or it got lost in that heap of unformatted code.
I will only answer the question in the thread's subject:
How to retrieve multiple data from table and represent it in jsp pageTo retrieve, make use of HttpServletRequest#getParameterValues() and/or #getParameter().
To display, make use of JSTL's c:forEach. -
How to create xml file from Oracle and sending the same xml file to an url
How to create xml file from Oracle and sending the same xml file to an url
SQL/XML (XMLElement, XMLForest, XMLAgg, etc) and UTL_HTTP.
Whether that works for you with the version of Oracle you have, your requirements, and needs is another story. A little detail goes a long way.
Maybe you are looking for
-
Macbook Pro keyboard and track pad freezes after a day or two of using bluetooth Magic Mouse
The first time this happened I thought my 3 y/old 17" Macbook Pro had died. The mouse cursor had frozen to the top left of the screen and the keyboard was also frozen and no matter what I did it didnt unfreeze. Even restarting. I searched extensively
-
I am trying to but something on the appstore but since i had forgotten the answers to my security questions i am not able to do so. I have tried resetting the questions by using tutorials but it says there should be a reset option at the bottom but t
-
Federated Portal Network configuration
Hi, I just started configuring two test portal systems for federation. When I create a producer object in the consumer portal under system administration-->Federated Portal and then test it gives the following message. "Producer Connection Test Det
-
Solar panel warranties - How do they work?
How do solar companies fulfill their warranties? Do they change one panel if it breaks or is underperforming? How long will my system be out of commission if this happens?
-
sir how to monitor cache in squid proxy. I want to monitor what are the requests pass through squid proxy server. I also want to get detailed information on the contents in /var/spool/squid directory.waiting for your response Regards