Teaching Kai About Cybersecurity: The CIA Triad, Strong Passwords, and SQL Injection Protection

Introduction

When it comes to cybersecurity, many people think of secret agents and high-tech gadgets. But in reality, protecting data online comes down to a simple yet powerful concept called the CIA triad — Confidentiality, Integrity, and Availability.

In this post, I’ll share a teaching session I had with Kai, walking him through these principles and showing how they relate to building secure login systems. We’ll cover why strong passwords matter, how to detect SQL injection attacks, and how to write database functions and stored procedures to keep our systems safe.

What Is the CIA Triad?



CIA stands for:

  • Confidentiality: Ensuring data is only accessible by those authorized to see it.
  • Integrity: Making sure data isn’t altered or tampered with by unauthorized users.
  • Availability: Guaranteeing data and systems are accessible when needed.

These three principles are the foundation of cybersecurity and help guide how we design secure applications.

The Conversation: Teaching Kai

Me: “Kai, think of the CIA triad as the pillars of security. Confidentiality keeps secrets safe, Integrity keeps data trustworthy, and Availability makes sure systems don’t go offline.”

Kai: “So how do we do that when building something like a login system?”

Me: “Great question! Let’s walk through how these ideas come to life with real SQL tables and code.”

Step 1: Building the Database Tables

CREATE TABLE dbo.Users (
    UserId INT PRIMARY KEY IDENTITY,
    Username NVARCHAR(100) UNIQUE NOT NULL,
    CreatedAt DATETIME DEFAULT GETDATE()
);

CREATE TABLE dbo.Passwords (
    PasswordId INT PRIMARY KEY IDENTITY,
    UserId INT FOREIGN KEY REFERENCES dbo.Users(UserId),
    HashedPassword NVARCHAR(256) NOT NULL,
    Salt NVARCHAR(64) NOT NULL,
    LastUpdated DATETIME DEFAULT GETDATE()
);

Kai: “Why split passwords into another table?”

Me: “It’s a security best practice. This separation helps keep password data isolated and lets us store important details like salts alongside the hashes.”

Step 2: Protecting Against SQL Injection

SQL injection is a common way attackers try to mess with your database by inserting malicious commands.

We create a simple function to check inputs:

CREATE FUNCTION dbo.CheckSQLInjection(@Input NVARCHAR(MAX))
RETURNS BIT
AS
BEGIN
    IF @Input LIKE '%--%' OR @Input LIKE '%;%' OR 
       @Input LIKE '%DROP%' OR @Input LIKE '%OR 1=1%' OR
       @Input LIKE '%EXEC%' OR @Input LIKE '%UNION%'
       RETURN 1
    RETURN 0
END

Step 3: Enforcing Strong Passwords

Strong passwords are critical for confidentiality. Here’s a function that ensures passwords meet complexity requirements:

CREATE FUNCTION dbo.CheckWeakPassword(@Password NVARCHAR(MAX))
RETURNS BIT
AS
BEGIN
    IF LEN(@Password) < 8 OR
       @Password NOT LIKE '%[0-9]%' OR
       @Password NOT LIKE '%[A-Z]%' OR
       @Password NOT LIKE '%[a-z]%' OR
       @Password NOT LIKE '%[^a-zA-Z0-9]%'
       RETURN 1
    RETURN 0
END

Step 4: Creating a Secure Login Procedure

Finally, we combine everything in a stored procedure:

CREATE PROCEDURE dbo.CreateLoginAccount
    @Username NVARCHAR(100),
    @Password NVARCHAR(100)
AS
BEGIN
    SET NOCOUNT ON;

    IF dbo.CheckSQLInjection(@Username) = 1 OR dbo.CheckSQLInjection(@Password) = 1
    BEGIN
        RAISERROR('SQL injection detected.', 16, 1);
        RETURN;
    END

    IF dbo.CheckWeakPassword(@Password) = 1
    BEGIN
        RAISERROR('Weak password detected. Use at least 8 chars, mix of upper/lowercase, digits, and symbols.', 16, 1);
        RETURN;
    END

    DECLARE @Salt NVARCHAR(64) = CONVERT(NVARCHAR(64), NEWID());
    DECLARE @HashedPassword NVARCHAR(256) = CONVERT(NVARCHAR(256), HASHBYTES('SHA2_256', @Password + @Salt), 1);

    INSERT INTO dbo.Users (Username) VALUES (@Username);
    DECLARE @UserId INT = SCOPE_IDENTITY();

    INSERT INTO dbo.Passwords (UserId, HashedPassword, Salt)
    VALUES (@UserId, @HashedPassword, @Salt);
END

Step 5: Testing the System

Kai: “How do I know this works?”

Try these tests:

  • Valid user:
EXEC dbo.CreateLoginAccount @Username = 'KaiSamurai', @Password = 'Secure$Pass123!';
  • SQL injection attempt:
EXEC dbo.CreateLoginAccount @Username = 'admin''; DROP TABLE Users;--', @Password = 'StrongPass1!';
  • Weak password:
EXEC dbo.CreateLoginAccount @Username = 'WeakUser', @Password = '1234';

Why This Matters

CIA Principle How We Addressed It
Confidentiality Hashed and salted passwords, input validation
Integrity Preventing malicious input to keep data accurate
Availability Protecting database from attacks that cause downtime

Final Thoughts

Kai: “So it’s not just about stopping hackers – it’s about building smart systems that protect people’s data!”

Exactly. The CIA triad isn’t just theory – it’s a guide to real-world secure development. When we build login systems like this, we’re not only keeping attackers out – we’re respecting users’ trust.

If you want me to share more about login validation or password updates, just let me know!

Thanks for reading!
— Terry Jago

Comments

Post a Comment

Popular posts from this blog

Free Monthly Budget Spreadsheet (UK-Friendly)

Want to take control of your finances and live more frugally? I've created a simple, easy-to-use monthly budget spreadsheet — perfect for UK households. Track your income, bills, spending, savings, and more in one place. 📊 What’s Included: Income and bills tracker Subscriptions and everyday expenses Savings and debts planner Savings goals section — plan and visualise your future funds £1 to £365 Savings Challenge — stay motivated as you save! 💡 What is the £1 to £365 Savings Challenge? This challenge helps you gradually save £665 in a year. You simply save an amount between £1 and £365 — one of each — and tick them off as you go. You can save the biggest amounts first, smallest first, or mix it up depending on your budget that week. It’s a flexible and fun way to build savings! 📌 Sample Data & Formulas Each sheet includes sample data to show how to use it. Please delete or replace only the numbers — not the formulas. Any field with calculation...
Read more
Image
👨‍💻 Helping Kai Build His First Front-End App It’s been a few weeks since my last post with Kai. We’ve been heads-down coding together, and instead of just talking about database security, we started building a working front end for his application. This has been a big step for Kai — going from SQL tables and stored procedures to actually seeing his app come alive in the browser. We used C# with ASP.NET Web Forms (ASPX) to create login and home pages, and then expanded into pages for courses, students, lectures, grades, and even a small library system.     🔑 Step 1: Building the Login Page Before you can get into the app, you need a secure login. We reused our earlier hashed + salted password system but wrapped it with an ASPX login form. <asp:TextBox ID="txtUsername" runat="server" Placeholder="Username"></asp:TextBox> <asp:TextBox ID="txtPassword" runat="server" TextMode="Password" Placeholder=...
Read more

Financial Literacy and ADHD – Money, Mistakes, and Learning the Hard Way

Let’s talk money. Not the flashy kind with yachts and investment portfolios. I mean the real stuff—bills, debt, impulse buys, budgeting apps, and that sinking feeling when your card gets declined at Tesco. I grew up without much. Council estate life doesn’t come with lessons in financial planning. You learn fast—or you don’t eat. But ADHD made learning about money even harder. It’s not just about being “bad with money.” ADHD affects how we make decisions, process consequences, and handle stress. Here’s what ADHD and money looks like for me: I once gave away my phone to someone who needed it… and forgot to cancel the bill. It cost me thousands . I’ve bought gadgets on a whim, convinced they’d change my life, only for them to gather dust. I’ve missed payments, not because I didn’t have the money—but because I forgot the due date. I’ve signed up to trials and subscriptions I forgot to cancel. I’ve had months where I lived like a millionaire, followed by months where I ...
Read more