OSI Days 2010 is the 7th and latest conference in the rich legacy established by the Linux Asia series of conference in India. Organised by the Forum for Open Source Initiatives in India (FOSII) and the Linux for You magazine (part of the EFY Group), OSI Days serves as the focal point for the convergence of the Open Source Community and Industry in Asia.

The conference is targeted at the Policy & Decision makers in a technological ecosystem – Government, Academicians, CXOs, SMEs, Developers and hardcore hackers. OSI Days 2010 will bring together over 3000 of the finest people in the open source domain together to discuss and confer on varied and relevant topics including:

• Mobile: App Development, Game Development, Android, iPhone, Symbian & Others
• IT Managers / Business: Legal, Community Management, Best Practices, Marketing Strategies, Open Web / Standardization, Business Models
• Cloud Computing: Tools and Platforms, Cloudnomics, Cloud for Dummies & Others
• Government: Applications, eGovernance , Case Study, Legal
• Hardware: Infrastructure Management, Security, Semi Embedded Devices, Parallelization, Grid, Multi Core, Multi Threading, Virtualization & Others
• PHP: PHP 5 & 6, PHP Security, Frameworks, Architecture / QA & Best Practices
• Ruby on Rails
• Drupal: Best Practices, Module Development, Theme Development, Scaling/ Management/ Performance & Others
• Databases: MySQL, NoSQL, CouchDB, PostgreSQL, Ingres, SQLite & Others
• Java Script
• Developer / Tools & Techniques

(For details: please See the conference schedule at: http://osidays.com/schedule)

The Call for Papers are open for the conference till June 15th (more: http://osidays.com/call-for-papers). We invite you to come join us in promoting open source technologies and projects by participating at the confernce as speakers and contributing to the knowledge and wisdom at OSI Days 2010.

For any clarifications,
Dhiraj Khare
OSI Days 2010
dhiraj@osidays.com

Schedule at a Glance

Open the Configuration file where you setup database properties, i.e app/etc/local.xml

Just Replace the PORTNO in below xml with your port number.

<default_setup>

<connection>

<host><![CDATA[HOSTADDRESS]]></host>

<username><![CDATA[USERNAME]]></username>

<password><![CDATA[PASSWORD]]></password>

<dbname><![CDATA[DBNAME]]></dbname>

<port><![CDATA[PORTNO]]></port>

<active>1</active>

</connection>

</default_setup>

sqlmap

SQLInjector

Bobcat

Automagic

HacmeBank

Absinthe

admin’–

‘ or 0=0 –

” or 0=0 –

or 0=0 –

‘ or 0=0 #

” or 0=0 #

or 0=0 #

‘ or ‘x’=’x

” or “x”=”x

‘) or (’x’=’x

‘ or 1=1–

” or 1=1–

or 1=1–

‘ or a=a–

” or “a”=”a

‘) or (’a’=’a

“) or (”a”=”a

hi” or “a”=”a

hi” or 1=1 –

hi’ or 1=1 –

hi’ or ‘a’=’a

hi’) or (’a’=’a

hi”) or (”a”=”a

SQL injection refers to the act of someone inserting a MySQL statement to be run on your database without your knowledge. Injection usually occurs when you ask a user for input, like their name, and instead of a name they give you a MySQL statement that you will unknowingly run on your database.

SQL Injection Example

Below is a sample string that has been gathered from a normal user and a bad user trying to use SQL Injection. We asked the users for their login, which will be used to run a SELECT statement to get their information.

// a good user's name
$name = "timmy";
$query = "SELECT * FROM customers WHERE username = '$name'";
echo "Normal: " . $query . "<br />";

// user input that uses SQL Injection
$name_bad = "' OR 1'"; 

// our MySQL query builder, however, not a very safe one
$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";

// display what the new query will look like, with injection
echo "Injection: " . $query_bad;

Display:

The normal query is no problem, as our MySQL statement will just select everything from customers that has a username equal to timmy.

However, the injection attack has actually made our query behave differently than we intended. By using a single quote (‘) they have ended the string part of our MySQL query

• username = ‘ ‘

and then added on to our WHERE statement with an OR clause of 1 (always true).

• username = ‘ ‘ OR 1

This OR clause of 1 will always be true and so every single entry in the “customers” table would be selected by this statement!

More Serious SQL Injection Attacks

Although the above example displayed a situation where an attacker could possibly get access to a lot of information they shouldn’t have, the attacks can be a lot worse. For example an attacker could empty out a table by executing a DELETE statement.

$name_evil = "'; DELETE FROM customers WHERE 1 or username = '"; 

// our MySQL query builder really should check for injection
$query_evil = "SELECT * FROM customers WHERE username = '$name_evil'";

// the new evil injection query would include a DELETE statement
echo "Injection: " . $query_evil;

Display:

If you were run this query, then the injected DELETE statement would completely empty your “customers” table. Now that you know this is a problem, how can you prevent it?

Injection Prevention -mysql_real_escape_string()

Lucky for you, this problem has been known for a while and PHP has a specially-made function to prevent these attacks. All you need to do is use the mouthful of a function mysql_real_escape_string.

What mysql_real_escape_string does is take a string that is going to be used in a MySQL query and return the same string with all SQL Injection attempts safely escaped. Basically, it will replace those troublesome quotes(‘) a user might enter with a MySQL-safe substitute, an escaped quote \’.

Lets try out this function on our two previous injection attacks and see how it works.

//NOTE: you must be connected to the database to use this function!
// connect to MySQL

$name_bad = "' OR 1'"; 

$name_bad = mysql_real_escape_string($name_bad);

$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";
echo "Escaped Bad Injection: <br />" . $query_bad . "<br />";

$name_evil = "'; DELETE FROM customers WHERE 1 or username = '"; 

$name_evil = mysql_real_escape_string($name_evil);

$query_evil = "SELECT * FROM customers WHERE username = '$name_evil'";
echo "Escaped Evil Injection: <br />" . $query_evil;

Display:

Notice that those evil quotes have been escaped with a backslash \, preventing the injection attack. Now all these queries will do is try to find a username that is just completely ridiculous:

• Bad: \’ OR 1\’
• Evil: \’; DELETE FROM customers WHERE 1 or username = \’

And I don’t think we have to worry about those silly usernames getting access to our MySQL database. So please do use the handy mysql_real_escape_string() function to help prevent SQL Injection attacks on your websites. You have no excuse not to use it after reading this lesson!

table a

col1 | col2
—————-
A | Ali
B | Steven
C | Kawan
A | Bayu
B | Cawam
C | didik

how i write a query like below result?

declare @T1 table (col1 varchar(1),col2 varchar(5))
insert into @T1
select 'A','Ali' union all
select 'B','Abu' union all
select 'C','Kawan' union all
select 'A','Bayu' union all
select 'B','Cawam' union all
select 'C','didik'

if object_id('tempdb..#') is not null
	drop table #
select *
into #
from @T1 a
order by col1

alter table # add flag int
go
declare @i int
set @i = 0
declare @c varchar(10)
set @c = ''
update a set
	@i = case when @c = col1 then @i+1 else 1  end
	,flag = @i
	,@c = col1
from # a

select
	a= max(case when col1 = 'a' then col2 else '' end)
	,b = max(case when col1 = 'b' then col2 else '' end)
	,c =max( case when col1 = 'c' then col2 else '' end)
from #
group by flag

Running Apache on my 256MB slice was not fun. I kept getting “swap” warnings from slicehost, and some mornings I wake up to find my server hung.

So I decided to re-install fresh and run Nginx with PHP.

Installing Ubuntu (Jaunty), Nginx, PHP, and MySQL is easy following the slicehost guides: http://articles.slicehost.com/ubuntu-intrepid

The hard part is getting Nginx to work with PHP — You have to enable PHP-CGI.

There are bunch of tutorials out there on how to achieve this, but the most SIMPLE one is here: http://tomasz.sterna.tv/2009/04/php-fastcgi-with-nginx-on-ubuntu/

Two small changes:

PHP_FCGI_CHILDREN=5
sbin/start-stop-daemon --quiet --start ....

running PHP_FCGI_CHILDREN at 15 causes the server to overload, but running 5 seems to work fine. Also, the start-stop-daemon is inside the sbin.

Been running this blog and four other sites on this setup for about a week now. It is way snappier than before on Apache.

It’s a very common requirement, and there are a number of good sample solutions on the web (basically you have to loop down the whole column to find the widest entry, then use that size to set the column width).
You may find this useful:

public void packColumns(JTable table) {


	DefaultTableColumnModel colModel = (DefaultTableColumnModel) table


			.getColumnModel();


	for (int cNumber = 0; cNumber < table.getColumnCount(); cNumber++) {


		TableColumn col = colModel.getColumn(cNumber);


		int width = 0;


		// Get width of column header


		TableCellRenderer renderer = col.getHeaderRenderer();


		if (renderer == null) {


			renderer = table.getTableHeader().getDefaultRenderer();


		}


		Component comp = renderer.getTableCellRendererComponent(table, col


				.getHeaderValue(), false, false, 0, 0);


		width = comp.getPreferredSize().width;


		// Get maximum width of column data


		for (int r = 0; r < table.getRowCount(); r++) {


			renderer = table.getCellRenderer(r, cNumber);


			comp = renderer.getTableCellRendererComponent(table, table


					.getValueAt(r, cNumber), false, false, r, cNumber);


			width = Math.max(width, comp.getPreferredSize().width);


		}


		col.setPreferredWidth(width + 2);  // Add margin


	}


}

MySQL Community Edition is a freely downloadable version of the world’s most popular open source database that is supported by an active community of open source developers and enthusiasts.

MySQL delivers enterprise features, including:

• Partitioning to improve performance and management of very large database environments
• Row-based/Hybrid Replication for improved replication security
• Event Scheduler to create and schedule jobs that perform various database tasks
• XPath Support
• Dynamic General/Slow Query Log
• Performance/Load Testing Utility (mysqlslap)
• Improved! Full Text Search (faster, new dev templates)
• Improved! Archive engine (better compression, more features)
• Improved! User session and problem SQL identification
• Improved! MySQL embedded library (libmysqld)
• Additional INFORMATION_SCHEMA objects
• Faster data import operations (parallel file load)
• ACID Transactions to build reliable and secure business critical applications
• Stored Procedures to improve developer productivity
• Triggers to enforce complex business rules at the database level
• Views to ensure sensitive information is not compromised
• Information Schema to provide easy access to metadata
• Pluggable Storage Engine Architecture for maximum flexibility
• Archive Storage Engine for historical and audit data

Download
This Version
39.00MB ]]> http://blog.theunical.com/databases/mysql/download-mysql-5-1-39-filehippo-com/feed/ 0