1
00:00:00,700 --> 00:00:07,120
Hello and welcome to this video and this video we are going to discuss about how an application fetches

2
00:00:07,150 --> 00:00:11,240
the user's data from the database with the help of a school.

3
00:00:11,920 --> 00:00:17,640
Let's imagine this is an application made by to for all its students.

4
00:00:17,680 --> 00:00:20,800
So every user and does the user name and.

5
00:00:21,720 --> 00:00:28,320
And does the correct password, he or she is allowed to enter into the application and maybe he or she

6
00:00:28,320 --> 00:00:34,150
can see their profile, their progress, maybe their attendance and a lot of things.

7
00:00:34,440 --> 00:00:38,340
So this is how generally an application looks like and it works.

8
00:00:39,240 --> 00:00:44,820
So how the application takes help from the database to fetch the users.

9
00:00:44,820 --> 00:00:49,610
Correct details such as the correct username and password.

10
00:00:49,950 --> 00:00:55,890
So we will see the general security water has been used in most of the applications.

11
00:00:56,740 --> 00:01:03,780
So here is the General Escuela query your I am taking username as admin and password as admin.

12
00:01:04,000 --> 00:01:08,130
Let's imagine that this user does exist into the database.

13
00:01:08,430 --> 00:01:17,640
So the query should look something like select star from student where user name equals admin and password

14
00:01:17,640 --> 00:01:19,060
equals admin.

15
00:01:19,410 --> 00:01:27,510
So if both the details match and do the database as we have used and logic operator over a year, which

16
00:01:27,510 --> 00:01:36,630
means if both the conditions are true, only if both the conditions are true, then only and operator

17
00:01:36,630 --> 00:01:44,760
will allow to access the application or else it will not allow the user to go into the application.

18
00:01:46,070 --> 00:01:47,450
But as I said there.

19
00:01:48,480 --> 00:01:56,160
Both the details does exist into the database, let's imagine this or both username and password is

20
00:01:56,160 --> 00:02:02,760
correct so that men will be able to see the profile page which says hello Erdmann, which belongs to

21
00:02:02,760 --> 00:02:04,450
a particular user.

22
00:02:04,830 --> 00:02:07,500
So this is our application generally works.

23
00:02:07,980 --> 00:02:13,950
When you enter in your credentials, your username and your password, it forms up equerry.

24
00:02:14,250 --> 00:02:18,540
It fits into the query and then it goes through the database.

25
00:02:18,540 --> 00:02:21,960
It checks whether the user exists or not.

26
00:02:22,230 --> 00:02:30,150
If the user exist, if the credentials are correct, the particular user is allowed in to the application.

27
00:02:30,180 --> 00:02:32,820
Otherwise, he or she might get an error.

28
00:02:33,090 --> 00:02:35,640
Seeing the credentials are not good.

29
00:02:37,260 --> 00:02:43,140
So in the next video, we are going to move towards a scale injection and how do we spoof Aguirre,

30
00:02:43,140 --> 00:02:49,960
how do we spoof a database to get the details without knowing correct passwords and user names?

31
00:02:50,580 --> 00:02:51,690
Thank you so much.