Intro to DB Indexing: Resolving Query Latencies

Sun, 25 May 2025 00:00:00 +0900

Introduction

As web applications scale and data volumes grow, backend systems often face database bottleneck issues like query latencies.

Running join (JOIN) operations or complex search queries on tables with hundreds of thousands of records without proper index optimizations can cause database CPU spikes, leading to slow response times for end users.

Designing database indices is a powerful way to address these performance bottlenecks. This article explains how database indices work, details B-Tree structures, and shares guidelines for designing effective indices.

SQL Injection Prevention: Modern Database Security Guide

Tue, 01 Oct 2024 00:00:00 +0900

SQL injection remains in the OWASP Top 10 despite decades of awareness. The 2023-2024 period saw high-profile breaches in healthcare, e-commerce, and government sectors involving SQLi. While the classic ' OR 1=1 -- attack is well-known, modern variants include second-order injection, blind SQLi (time-based and boolean-based), and out-of-band exfiltration. Prevention is well-understood but poorly executed due to legacy code, ORM misuse, and insufficient testing automation.

Parameterized Queries and Prepared Statements

Prepared statements are the gold standard for SQL injection prevention. They separate SQL logic from data at the database engine level, making it impossible for user input to alter query structure.

Database on Commentary of Takao

Intro to DB Indexing: Resolving Query Latencies

Introduction

SQL Injection Prevention: Modern Database Security Guide

Parameterized Queries and Prepared Statements