Please review the attach file for instructions.
WK8 Discussion Instructions: Disaster Recovery and SQL Injection
250 words total, answer the questions below with 4 evidence base scholarly articles. APA format, due 27 Dec 24.
1. Describe how disaster recovery from catastrophic failures is handled. Illustrate in detail.
2. What preventive measures are possible against SQL injection attacks?
400 words total, replying to the two posts below. Each reply must be 200 words for post 1 and post 2.
Damien Post #1
Good afternoon class and Happy Holidays!
Our assignment this week asks we describe the process to address disaster recovery from a catastrophic failure. Last week, we learned in course that a catastrophic failure is generally due to the physical failure of a system with significant damage to recovery operations. Generally speaking, a contingency of operations plan, (COOP) should be implemented in a way that geographically separates data centers, so that a natural disaster that impacts one system should not impact the other. Redundancy would be built into this design so that if data is lost from one data center, recovery operations could process using data backups in the other. In a logical sense, there are options to conducting the recovery operations including a full database backup wherein the entire database including data and metadata would be restored, or a differential backup, wherein only the most recent version of the updated information would be restored. In the differential backup approach, the restoration process would require you to restore that last full backup then most recent differential. Transaction logs would help to identify the most recent updates or events that have occurred to ensure the most updated information is being recovered. For cost and efficiency purposes, it is standard to backup system logs more frequently than infrequent full database backups.
Our text lists preventative measures against SQL injection attacks which include the application of programming rule sets to all Web-accessible processes. These rule sets include Bind Variables (parameters) to protect against injection attacks, Filtering Input also known as Input Validation to remove escape characters from input strings, and Function Security, which would limit database functions to specific personnel.
Elmasri, R., & Navathe, S. (2016). Fundamentals of Database Systems. Pearson.
Reply to Thread
Jonah Post #2:
Good day class,
Disaster recovery in database systems involves strategies to restore data and functionality after a catastrophic failure. Key techniques include backups, where both full and incremental backups are used to restore the system to its last known good state; transaction logs, which record all database changes and allow for recovery to the most recent point in time; and replication or mirroring, which ensures data redundancy by maintaining copies across different systems. Fault-tolerant designs, such as RAID (Redundant Array of Independent Disks), ensure system continuity even in the event of hardware failures. The recovery process typically involves restoring the most recent backup, applying transaction logs, and verifying database consistency (Elmasri & Navathe, 2015).
To prevent SQL injection attacks, several techniques can be implemented. Parameterized queries ensure user input is treated as data, not executable code, while input validation and sanitization check and clean user inputs to prevent malicious characters. The least privilege principle restricts user and application access to only necessary data and operations, minimizing potential damage. Stored procedures can also be used to separate input parameters from query logic, further reducing the risk of injection. Additionally, escaping user input ensures special characters are treated literally, and proper error handling prevents attackers from gaining insights into the database structure through error messages. These measures, when combined, help safeguard against SQL injection vulnerabilities (Elmasri & Navathe, 2015).
References:
Elmasri, R., & Navathe, S. B. (2015).
Fundamentals of Database Systems (7th ed.). Pearson Education.
