Introduction to Database Security

Database security refers to the collective measures used to protect

and secure a database or database management software from
illegitimate use and malicious threats and attacks. It is the process
by which confidentiality, integrity and availability of the database
can be protected. It is a broad term that includes a multitude of
processes, tools and methodologies that ensure security within a
database environment.

Main aspect of database security

1. Secrecy: Only authorized persons should be allowed to access

the database. In addition, only the part of the database that is
required for the functions they perform should be available to
them. In other words, users are allowed to access only the
information that is pertinent to their jobs. For example, an
employee should not be allowed to see other employees
salary.
2. Integrity: Database should be protected from improper
modifications, either intentional or accidental, to maintain
database integrity. Only the type of operations that need to be
performed by the user should be allowed to them. For
example, an employee who doesnot belong to accounts
department should not be allowed to modify the balance sheet
 of the organization. The employees of accounts department
only should be allowed to so.
3. Availability: Security should not restrict the authorized users to
perform their actions on the part of the database available to
them. For example, an accounts department employees should
not be restricted to update the balance sheet.

Role of Database Administrator in Database Security

The database administrator is the central authority that is

responsible to manage the database system. The DBA is
responsible for the overall security of the database system. The two
main responsibilities of DBA are managing user accounts and
peforming database audit.

1. Managing User Accounts: It includes creation and deletion of

accounts as well as granting and revoking privileges to/from
the accounts. For this, the DBA has a system or super user
account in the DBMS, which provides powerful capabilities to
control access to the database. He must restrict the user’s
access to the data so that the user, can perform only the
necessary action on the portion of the database to which they
are authorized.
 2. Performing Database Audits: Auditing is the monitoring and
recording of selected user database actions. It can be based
on individual actions, such as the type of SQL statement
executed, or on combinations of factors that can include the
user name, application, time, and so on.

Need for Database Security

The need for database security is given below:

 In the case of shared data, multiple users try to access the

data at the same time. In order to maintain the consistency of
the data in the database, database security is needed.
 Sometimes insiders may perform the operations, intentionally or
accidentally, that is not allowed. To restrict such operations,
database security is needed.
 Due to the advancement of internet, data are accessed
through World Wide Web, to protect the data against hackers,
database security is needed.

Classification Of Database Security

Physical Security: It refers to the security of the hardware

associated with the system and the protection of the site where the
computer resides. Natural events such as fire, floods, and
earthquakes can be considered as some of the physical threats. It
is a advisable to have backup copies of databases in the face of
massive disasters.
Logical Security: Logical security consists of software safeguards for
an organization’s systems, including user identification and password
access, authenticating, access rights and authority levels. These
measures are to ensure that only authorized users are able to
perform actions or access information in a network or a workstation.
It is a subset of computer security.

Database Security Levels

To protect the database, we must take security measures at several

levels. Security at all these levels must be maintained if database
security is to be ensured. A weakness at a low level of security
allows circumvention of strict high level security measures.

•Physical: The sites containing the computer systems must be

secured against armed or surreptitious entry by intruders.

•Human: Users must be authorized carefully to reduce the chance

of any such user giving access to an intruder in exchange for a
payoff or other favors.

•Operating system: No matter how secure the database system is,

weakness in operating system security may serve as a means of
unauthorized access to the database.

•Network: Since almost all database systems allow remote access

through terminals or networks, software-level security within the
network software is as important as physical security, both on the
Internet and in networks private to an enterprise.
•Database system: Some database-system users may be authorized
to access only a limited portion of the database. Other users may
be allowed to issue queries, but may be forbidden to modify the
data. It is responsibility of the database system to ensure that these
authorization restrictions are not violated.