DEV Community: MarshmellowSalad

SQL vs NoSQL

MarshmellowSalad — Wed, 16 Dec 2020 22:36:55 +0000

Introduction

Hey, readers, my name is Marcelo Salas but you call me Marshmellow Salad. I'm an undergraduate at Penn State University majoring in Applied Data Science. While I may seem like just your run of the mill tech nerd, I'm also really passionate about philosophy. Those might seem like two fully independent fields, but the overlap between technology and philosophy is vast. More specifically, I'm interested in the ethical considerations and the drives behind technological innovations.

Data Science is a field at the forefront of ethical considerations as the rapidly growing potential for harvesting vast amounts of user data becomes more and more daunting. That's why I want to enter the field and have a say on how companies levy this power of information against concerns over privacy.

What are SQL and NoSQL

SQL stands for Structured Query Language. It's a programming language used to build databases. Databases that use SQL have a pretty universal structure that allows you to easily cross-reference data. SQL is like the organized file cabinet that lets anyone easily understand where things go and where to find them.

NoSQL on the other hand is a completely different ball park. If SQL is the file cabinet, then NoSQL is the cluttered mess of papers on your desk. Even though you might have the perfect system for understanding where everything is that works for you, none of your coworkers are going to be able to find what they need in the pile.

The distinction between the two types of databases means that if your going to be working solo on a project, you don't need to follow SQL's strict formatting and design the system that works for you. If you are working with other people, the universal format of SQL mean anyone can hop in and understand what's going on with your database.

While everything is an SQL database needs to be stored as tables, NoSQL gives you the option of using a document-based, key-value pairs, graph or wide-column data storage method. Lastly, SQL uses a concentrated node storage, which means to scale up an SQL database you have to use a more powerful machine. NoSQL on the other hand uses multiple node, which means you can simply add more servers to improve its performance.

SQL Injection

MarshmellowSalad — Sat, 05 Dec 2020 20:17:17 +0000

SQL is an extremely useful language for anyone who want to work with data structures. Its simple formatting allows those with little coding experience to understand the simple syntax, while it's versatility allows experts to create complex programs.

Unfortunately for introductory programmers, using SQL to connect your front end to your database leaves you vulnerable to certain malicious attacks. Hooking up a form on your web page that can be filled out to complete an SQL statement may be the simplest way to let users interact with your database, but it also the least secure. Below are some common SQL injections attacks and how you can defend your site from them.

Free Passwords!

One common SQL attack is a work around user security. If you throw user input in as a string to complete an SQL statement, it's like giving the user a blank check and hoping they follow rules. While, setting up a password entry might seem like a simple way to keep out unwanted agents, adding any true statement such as "OR 1=1" can bypass an improperly structured comparison statement.

Slippery Tables

Similar to the previous attack, if you throw user input directly into an SQL, problems will ensue. For visualization purposes, imagine you write an SQL statement, but leave the last word for the user to finish: SELECT * FROM $input;. A particularly savvy individual might realize, there's nothing stopping them from adding another statement at the end of your line: SELECT * FROM (tableA; DROP TABLE tableB);.

URL Form

Another problem with HTML forms is that the sent form, carries its information through it's URL. This allows users to what's being sent through the form and even manipulate that data, so if you're using that form to send information other than what the user should be able to change, you might come across some problems. For a quick example of this injection attack, check out the video below.

Covid ER Diagram and Aura's Security Flaws

MarshmellowSalad — Mon, 14 Sep 2020 00:47:35 +0000

Hello everyone,

Universities have been placed in a tough position due to the dangers of Covid-19. While every college student across the globe can agree that in-person learning is more beneficial for our education, the logistics of in-person learning can endanger the entire student body. Safety aside, universities are still run as businesses and remote learning makes the school less appealing for incoming students. Stacked with the loss of profits from campus housing, the balancing of loss of profits with student safety becomes a difficult choice.

The specific case of Albion College in Michigan provides a great example of what colleges shouldn't do in this situation. The rushed roll out of their unsecured but still mandatory tracing app is an ethical problem that needs more attention. Forcing students to install an app that tracks them through GPS constantly and preventing them from leaving the campus is unnecessarily strict and the benefits of the system are grossly outweighed by its flaws. If the same policy was enacted here at Penn State, I would choose to return home rather that allowing my location data to be collected 24/7 without even telling me who has access to that information. While public safety is very important, so is privacy and Albion's program absolutely destroys their students' privacy without enough benefit to public health

Covid-19 ER Diagram

MarshmellowSalad — Mon, 07 Sep 2020 00:28:54 +0000

Hey, everyone!

Covid-19 has had a devastating impact on the state of the world in the past year. It's reasonable to assume the fact that every single person, at least in the developed world, has been personally affected by the pandemic in some way. The extent to which we've been affected can vary greatly from the loss of a loved one, to the loss of a job, to even just the loss of being able to go to your favorite restaurant. Just as varied are the responses that people have taken to the threats posed by Covid-19. There are those who doubt any claims of its dangers or its existence and then there are those who believe that this pandemic is the end of the world as we know it.

With the virus, there's a lot of information flooding the internet that can make it hard for people to properly understand the scale of what's happening in the world. As data scientists and those knowledgeable enough to parse through so much information, we have a social responsibility to help others understand the information being thrown at them. Below is a simple entity-relationship diagram, ER diagram for short, that can be used to understand how different factors on the issue come together as a system.

The keystone of this diagram is of course the individual, labelled patient. With a virus, people are the aspect of the system that we are most concerned about. From a systematic point of view, we don't need to know everything about an individual to understand the virus's affect on us but there are important factors such as sex, race, age, and how healthy the person that can help us understand their situation as well as a form of identification for the individual. Directly related to the individual, is their personal habits that affect both their general health and their likely of getting the virus. The most influential factors I thought of were if they attended large parties, social distanced, dined out, exercised regularly, and wore a mask when in public.

The next factor I thought would be good to model is the occupation of the individual. More specifically I wanted to track what type of interactions the individual would have at their job, such as the frequency of their interactions with others and how intimate those interactions were. Just as important would be the scale of safety procedures in place at their job. After jobs, I added a field for locations to account for the general surroundings of the individual. This includes broader information such as country, city, and basic information about the virus in these locations. The location entry directly ties into the individual in terms of where they live and work, but also the next category of hospitals. Hospitals are obviously a key factor when trying to analyze a virus including the availability of the hospital by location, capacity, and how ready they are to treat patients.

Lastly I added the broad risk entity that ties many entities together and helps to contextualize how the other fields interact. Being such a broad category I included a diverse topic of attributes such as the chance of someone being infected which directly ties into the number of people they've had interactions with and their closest contacts. I also decided to add the severity of their particular case as well as the treatment options available to them. Below I've included a small sample of possible examples for each aspect of the model.