Re: Databases and web services

mopkn wrote:
> Hi all, I am currently on a project work for uni about web services and
> security.
>
> I came across vulnerabilities related to SQL injection and what I
> cannot figure out is how databases are related and interfaced to web
> services.

Sorry, mopkn, but I suspect you will have to adjust your question. Any software, whether a web service or any other type can access a database by means of whatever languages and/or API's the database vendor makes available. In many cases, this includes the SQL language. If the dbms "speaks SQL" then there is also likely a means to use a client/server approach such as jdbc, odbc, or ole/db to wrap the SQL statements for communication with the dbms, retrieving a SQL result set, for example.

> I
> understand that the entity offering the web service might be accessing
> a database (local or remote) and I would like to know how this is done.

The same way it would be done by any software that access a database. It is irrelevant that it is a web service that is accessing the database.

> For a java web service, is something like JDBC used to access a
> database

It can be. I have accessed a database from java without using jdbc, however. I used a library provided by the dbms vendor which did not require SQL statements. So, yes, they might use jdbc, but no, they don't have to.

> (and which?) and for .NET is there something similar? I would
> like to know what is done in the
> industry by professionals for the web service / database interraction.

The answer is pretty much the same as the answer to the question of how any software accesses a database -- the web service part of the question is irrelevant. Also, this question would be better posed to the comp.databases group, rather than the comp.databases.theory group, I suspect. Best wishes. --dawn Received on Thu Apr 06 2006 - 02:51:43 CEST