Numeric key types for designing optimized databases and protecting against SQL attacks
DOI: 10.31673/2409-7292.2024.040010
DOI:
https://doi.org/10.31673/2409-7292.2024.040010Abstract
The material of this article is intended to develop an optimal approach to database development (DB) in terms of choosing field types. The choice of numeric type fields for constructing primary and foreign key identifiers is justified from the point of view of optimal work with databases and optimizing the implementation of data protection. The advantages of such a choice are emphasized in terms of the speed of performing operations with numerical data and saving resources and simplifying data sampling. The structure and methodology of data validation are proposed, which allow minimizing the need to add special frameworks when protecting data from internal threats and attacks such as SQL injections. A holistic analysis is carried out to implement recommendations for working with DBMSs - namely, the principle of “do not take any input fields on the server side without checking”. This issue is considered in terms of the correct selection of field types when developing a database structure to optimize the solution of such issues at subsequent development steps. A strategy from building a structure to a security method is proposed. Examples of implementing identifier validation on the server and a method for transferring identifiers from the client to the server with the length of the transferred value are developed. The authors paid attention not to creating a new security framework, but to developing an optimal approach to developing a database structure and developing a data validation method, and examples of countering attacks based on it are given. A method for countering attacks based on a combination of the key and the length of the field in identifiers transferred to the server is built. In general, developers are recommended to use numeric field types to build primary and foreign keys - a security strategy is formulated that can be used to implement a secure code approach in accordance with modern development standards.
Keywords: database design, secure code, countering SQL attacks, database optimization, web application security methods, key fields, numeric types of database fields.
