Augmentation and Inheritance

JavaScript, we have prototype-based inheritance. That means an object has a reference to another certain object, its prototype. Whenever a property of an object is accessed, the prototype chain is searched for this property. So if the the object does not have this property itself, its prototype is inspected for this property and so on.

+------------+    +-------------+
|  Instance  |    |  Prototype  |
| __proto__ -+--->|  __proto__ -+-->...
| foo        |    |  bar        |
+------------+    +-------------+

Instance has both, the foo and bar properties.
Now, if you have a constructor function, you can create many instances (objects) referring to the same prototype. When you now add a new property to that prototype, all instances will have this property too (due to the prototype chain).
This is often done to dynamically extend instances but it is only one consequence of prototype inheritance, it is not inheritance itself.

What is the difference between augmentation and inheritance?

Inheritance would be to set the prototype of an object to a certain object so that it is in the prototype chain. Augmentation is just copying properties. The object would own that property then:

+------------+
|  Instance  | 
| __proto__ -+--->...
| foo        |    
| bar        |
+------------+

parentController, childController & myService with Same reference objects

angularjs parent child controller communication

An angular app App having a service myService, which holding an object data that is used by two Controllers, parentCtrl and childCtrl.

Here parentCtrl is parent of childCtrl, childCtrl inherits scope of parentCtrl.If we reference data within parentCtrl like

 $scope.data = myService.getData()

which also makes it accessible from childCtrl.

Here data defined in the closure of myService, hence $scope.data is just a reference to data.

Now, If we altered data's properties within the child controller and everyone, myService, parentCrl and childCtrl will be aware of these changes.

If we want to overwrite the entire data object we need to invoke myServices method setData. If you invoke this method in parentCtrl, myService, parentCrl and childCtrl will be aware of these changes. If you did the same within childCtrl it is not notified to all.

To solve this Issue we can use $broadcast and $on

More information refer http://frontendx.blogspot.in/2016/02/angularjs-provides-on-emit-and.html

This is the setData function of myService


function setData(newData) {
    data = newData;
}

Update this function as below reffered

function setData(newData) {
    data = newData;
    $rootScope.$broadcast('dataHasChanged', {data : data});
}

Now in parentCtrl

$scope.$on('dataHasChanged', function(evt, args) {
  $scope.data = args.data;
});

Here both myService and parentCtrl is notified when ever setData function is called.

This scenario helps to notify the modification to all when modification done outside of these three items(myService,parentCtrl,childCtrl).

Firing $watch event manually in angularjs

Firing $watch event manually in angularjs

We have few options:

1. Use $scope.$apply() to run the digest loop which call all of the watch expressions.
2. Put you inner watch code inside a function and call it manually.
3. Change messages.

Explanation for second one:

var watchFunc = function(){
    // the code
}

$scope.$watch('message',watchFunc);

watchFunc();

SQL Injection - I

SQL Injection:

SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input.
Injected SQL commands can alter SQL statement and compromise the security of a web application.

SQL injection errors occur when:

Data enters a program from an untrusted source.
The data used to dynamically construct a SQL query.

Types:

First Order Attack:

The attacker can simply enter a malicious string and cause the modified code to be executed immediately.

Examples of First Order SQL Injection Attack:

1.UNIONS added to an existing statement to execute a second statement

2.Subquery added to an existing statement

3.Existing SQL short-circuited to bring back all the data (for example, adding a query condition such as OR 1=1)


Second Order Attack:

The attacker injects into persistent storage (such as a table row) which is deemed as a trusted source. An attack is subsequently executed by another activity.

Examples of Second Order SQL Injection Attack:

1.Suppose you have a Web-based application which stores usernames alongside other session information. Given a session identifier such as a cookie you want to retrieve the
current username and then use it in turn to retrieve some user information. You might therefore have code for an "Update User Profile" screen somewhat similar to the following:

execute immediate 'SELECT username FROM sessiontable WHERE session
='''||sessionid||'''' into username;

execute immediate 'SELECT ssn FROM users WHERE
username='''||username||'''' into ssn;

2.This will be injectable if the attacker had earlier on the "Create Account" screen created a username such as:
XXX' OR username='JANE

Which creates the query:
SELECT ssn FROM users WHERE username='XXX’ OR username='JANE'

If the user XXX does not exist, the attacker has successfully retrieved Jane’s social security number.

3.The attacker can create malicious database objects such as a function called as part of an API, or a maliciously named table by using double quotation marks to introduce dangerous constructs.

For example, an attacker can create a table using a table name such as "tab') or 1=1--", which can be exploited later in a second order SQL injection attack.


Lateral SQL Injection:

The attacker can manipulate the implicit function To_Char() by changing the values of the environment variables, NLS_Date_Format or NLS_Numeric_Characters.

Examples of Lateral SQL Injection Attack:

1.Using Lateral SQL Injection, an attacker can exploit a PL/SQL procedure that does not even take user input. When a variable whose data type is date or number is concatenated into the text of a SQL statement, then, contrary to popular belief, there still is a risk of injection. The implicit function TO_CHAR() can be manipulated by using NLS_Date_Format or NLS_Numeric_Characters, respectively. You can include arbitrary text in the format model, and you do not need to include any of the “structured” elements such as Mon, hh24, and so on. Here's the “normal” use of that flexibility:

SQL> SET SERVEROUTPUT ON
     ALTER session SET NLS_Date_Format = '"The time is"... hh24:mi'

Session altered.

SQL> SELECT TO_CHAR(SYSDATE) d FROM Dual D
--------------------

The time is... 19:49

SQL> DECLARE
     d DATE := TO_DATE('The time is... 23:15');
     BEGIN
     -- Implicit To_Char()
     DBMS_OUTPUT.PUT_LINE(d);
     END;

The time is... 23:15
PL/SQL procedure successfully completed.


More Explanation:

SQL Injection Based on 1=1 is Always True:

Comes in to First Order Attack.
Lets assume your SQL query

SELECT * FROM Users WHERE UserId = Username

When username recieved in request is proper value (username), then everything works fine.

If username is something like this

"diffusername or 1=1"

Then your SQL statement becames like

SELECT * FROM Users WHERE UserId = 105 or 1=1

If you sending overall object as response from server thats it story ends. Here the hacker got all user table.

I seen in many websites people returning hash_code (which is the hashed password), If you do that hacker can decode hashed code, there are thousands of decoders available on net.

If hacker decided to collaspe all your client business, He will send username as "diffusername ; DROP TABLE USERS"

SELECT * FROM Users WHERE UserId = 105 or 1=1

If this statement got executed no more users ,no more logins and
no more business. Main triggers on particular queries is another best way.


Ref:

download.oracle.com/oll/tutorials/SQLInjection/html/lesson1/les01_tm_attacks.htm
https://www.owasp.org/index.php/SQL_Injection
http://www.slideshare.net/RespaPeter/types-of-sql-injection-attacks

Still there are many interesting things about SQL Injection, If you people interested I will update in my next Post.

   Next >>>