What is SQL injection attack?

 Ans. A SQL injection attack is an attack mechanism used by hackers to steal sensitive information from the database of an organization. It is the application layer (means front-end) attack which takes benefit of inappropriate coding of our applications that allows a hacker to insert SQL commands into your code that is using SQL statement.


SQL Injection arises since the fields available for user input allow SQL statements to pass through and query the database directly. SQL Injection issue is a common issue with an ADO.NET Data Services query.


Comments

Post a Comment

Popular posts from this blog

What is Entity Framework?

Image
  Entity framework is an Object Relational Mapping (ORM) framework that offers an automated mechanism to developers for storing and accessing the data in the database. Its purpose is to abstract the ties to a relational database, in such a way that the developer can relate to the database entity as to a set of objects and then to classes in addition to their properties. Entity Framework Development Approaches: There are mainly three approaches to create entity frameworks: 1. Code First Approach 2. Model First Approach 3. Database First Approach The Entity Data Model: The entity data model (EDM) is made up of three parts: Conceptual Model: The conceptual model represents the model classes (also known as entities) and their relationships. This will be independent of the database table's architecture. It describes your business objects and their relationships in XML files. Mapping Model: A mapping model specifies how the conceptual model is translated into a storage model. The Mappi...
Read more

Explain the ways to increase the performance of EF.

 Entity Framework's performance is enhanced by following these steps: Choose the right collection for data manipulation. Do not put all DB objects into one entity model. When the entity is no longer required, its tracking should be disabled and altered. Use pre-generating Views to reduce response time for the first request. Don't fetch all fields unless needed. Whenever possible, avoid using Views and Contains. Bind data to a grid or paging only by retrieving the number of records needed. Optimize and debug LINQ queries. Whenever possible, use compiled queries.
Read more