Re: Databases and web services


mopkn wrote:
Hi all, I am currently on a project work for uni about web services and
security.

I came across vulnerabilities related to SQL injection and what I
cannot figure out is how databases are related and interfaced to web
services.

Sorry, mopkn, but I suspect you will have to adjust your question. Any
software, whether a web service or any other type can access a database
by means of whatever languages and/or API's the database vendor makes
available. In many cases, this includes the SQL language. If the dbms
"speaks SQL" then there is also likely a means to use a client/server
approach such as jdbc, odbc, or ole/db to wrap the SQL statements for
communication with the dbms, retrieving a SQL result set, for example.

I
understand that the entity offering the web service might be accessing
a database (local or remote) and I would like to know how this is done.

The same way it would be done by any software that access a database.
It is irrelevant that it is a web service that is accessing the
database.

For a java web service, is something like JDBC used to access a
database

It can be. I have accessed a database from java without using jdbc,
however. I used a library provided by the dbms vendor which did not
require SQL statements. So, yes, they might use jdbc, but no, they
don't have to.

(and which?) and for .NET is there something similar? I would
like to know what is done in the
industry by professionals for the web service / database interraction.

The answer is pretty much the same as the answer to the question of how
any software accesses a database -- the web service part of the
question is irrelevant. Also, this question would be better posed to
the comp.databases group, rather than the comp.databases.theory group,
I suspect. Best wishes. --dawn

.

Relevant Pages

  • Fixed
    ... I also found this article that gives the proper way to move system dbs in sql 2008: ... The model exists where the master states it exists. ... This is the error log prior to detaching the model database. ...
    (microsoft.public.sqlserver.server)
  • Re: CREATE AGGREGATE failed because type Concatenate does not conform to UDAGG specification due to
    ... Go to the Database tab and click on the browse button next to the connection string. ... In the New Database Reference dialog, enter the details for the database where you want to deploy the assembly and create the user defined aggregate. ... I'm trying to do some CLR integration with sql server 2005. ...
    (microsoft.public.sqlserver.programming)
  • CREATE AGGREGATE failed because type Concatenate does not conform to UDAGG specification due to meth
    ... Now register the assembly and the aggregate in the SQL Server database you want ... I'm trying to do some CLR integration with sql server 2005. ...
    (microsoft.public.sqlserver.programming)
  • Re: dbdebunk Quote of Week comment
    ... > a lot of really bad SQL programmers. ... But SQL does not have a pointer data type or the ... > being told to design a database. ... But why is little Cindy Lou Who employee ...
    (comp.databases.theory)
  • Re: DBMS and lisp, etc.
    ... Naively implemented with SQL, again for 10 ... (1 query for the initial orders, 1 query for each order for its ... soon as you upgrade to the SQL database. ... (eq (order-customer orderA) ...
    (comp.lang.lisp)