{"id":1009,"date":"2023-05-22T15:21:06","date_gmt":"2023-05-22T12:21:06","guid":{"rendered":"https:\/\/www.juustila.com\/antti\/?p=1009"},"modified":"2023-05-22T15:24:22","modified_gmt":"2023-05-22T12:24:22","slug":"new-demo-for-students","status":"publish","type":"post","link":"https:\/\/www.juustila.com\/antti\/2023\/05\/22\/new-demo-for-students\/","title":{"rendered":"New demo for students"},"content":{"rendered":"\n<p>When going through some course projects, there were some deliverables using a SQL database. <\/p>\n\n\n\n<p>If you are just hacking something to quickly test or demonstrate a thing, you do not necessarily have to do things as they should be done. Course projects are usually <em>not<\/em> quick hacks, but should demonstrate the things you have been taught and things you have actually learned.<\/p>\n\n\n\n<p>So, for course projects using SQL databases, this means that you should do things so that the database is not exposed to simple <strong>SQL injections<\/strong>. Or that you should actually <strong>encrypt confidential data<\/strong>, such as passwords saved in database tables. <\/p>\n\n\n\n<p>Why I am being such an asshole, expecting these to be done properly in student course projects? <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Because the way you implement things, demonstrates what you have learned. Demonstrating that in course projects is kind of expected.<\/li>\n\n\n\n<li>The things you learn going through the study program courses, should be carried on from course to course, <em>accumulating<\/em> skills and knowledge.<\/li>\n\n\n\n<li>Because the things you consistently design and implement, is embedded into your deeper knowledge and skills and is then easier to take into use when needed in real life settings. <\/li>\n\n\n\n<li>Because  when knowing at least the basics of these things, you perhaps do not expose <em>real<\/em> apps and systems to these vulnerabilities when you go to work in the industry. Something that happens way too often&#8230;<\/li>\n<\/ul>\n\n\n\n<p>So, if you do use a SQL database in your course work, do the basic things the way they should be done. Use prepared queries instead of exposing the app to SQL injections. Encrypt the confidential data, at least the user passwords.<\/p>\n\n\n\n<p>I made a <a rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/anttijuu\/sql-inject\" target=\"_blank\">demo app<\/a> to show how this is done, and a (Finnish) <a rel=\"noreferrer noopener\" href=\"https:\/\/youtu.be\/FFOfpr61TFA\" target=\"_blank\">YouTube video<\/a> to demonstrate the things in action to anyone learning database programming basics.<\/p>\n\n\n\n<p>Yes, I know this <strong>demo<\/strong> app is not perfect either. But the idea is to demonstrate (simply) how to consider these very basic, small things in database programming. Small things that still have a considerable impact on app security.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"600\" src=\"https:\/\/www.juustila.com\/antti\/wp-content\/uploads\/2023\/02\/img_2296.jpg\" alt=\"\" class=\"wp-image-991\" srcset=\"https:\/\/www.juustila.com\/antti\/wp-content\/uploads\/2023\/02\/img_2296.jpg 600w, https:\/\/www.juustila.com\/antti\/wp-content\/uploads\/2023\/02\/img_2296-300x300.jpg 300w, https:\/\/www.juustila.com\/antti\/wp-content\/uploads\/2023\/02\/img_2296-150x150.jpg 150w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 984px) 61vw, (max-width: 1362px) 45vw, 600px\" \/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>When going through some course projects, there were some deliverables using a SQL database. If you are just hacking something to quickly test or demonstrate a thing, you do not necessarily have to do things as they should be done. Course projects are usually not quick hacks, but should demonstrate the things you have been &hellip; <a href=\"https:\/\/www.juustila.com\/antti\/2023\/05\/22\/new-demo-for-students\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;New demo for students&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[2],"tags":[115,77,113,114,12],"class_list":["post-1009","post","type-post","status-publish","format-standard","hentry","category-coding","tag-encrypting","tag-java","tag-security","tag-sql-injection","tag-teaching"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.juustila.com\/antti\/wp-json\/wp\/v2\/posts\/1009","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.juustila.com\/antti\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.juustila.com\/antti\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.juustila.com\/antti\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.juustila.com\/antti\/wp-json\/wp\/v2\/comments?post=1009"}],"version-history":[{"count":3,"href":"https:\/\/www.juustila.com\/antti\/wp-json\/wp\/v2\/posts\/1009\/revisions"}],"predecessor-version":[{"id":1012,"href":"https:\/\/www.juustila.com\/antti\/wp-json\/wp\/v2\/posts\/1009\/revisions\/1012"}],"wp:attachment":[{"href":"https:\/\/www.juustila.com\/antti\/wp-json\/wp\/v2\/media?parent=1009"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.juustila.com\/antti\/wp-json\/wp\/v2\/categories?post=1009"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.juustila.com\/antti\/wp-json\/wp\/v2\/tags?post=1009"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}