RV HIGHER EDUCATION & TECHNICAL INSTITUTE DADRI

BCA Department
DBMS

( BCA 501 )
RAHUL SHARMA NOTES
RAHUL SHARMA NOTES

Database security
• Database security refers to the collective
measures used to protect and secure a
database or database management software
from illegitimate use and malicious cyber
threats and attacks.
RAHUL SHARMA NOTES

Database security
Database security covers and enforces security on all
aspects and components of databases. This includes:
• Data stored in database.
• Database server.
• Database management system (DBMS).
• Other database workflow applications.
• Database security is generally planned, implemented
and maintained by a database administrator and or
other information security professional.
RAHUL SHARMA NOTES
Some of the ways database security is
analyzed and implemented include:
• Restricting unauthorized access and use by implementing strong
and multifactor access and data management controls.
• Load/stress testing and capacity testing of a database to ensure it
does not crash in a distributed denial of service (DDoS) attack or
user overload.
• Physical security of the database server and backup equipment
from theft and natural disasters. Regular data backups can be
planned as part of a database security protocol, and multiple copies
can be stored off-site to provide redundancy and emergency
recovery.
• Reviewing the existing system for any known or unknown
vulnerabilities and defining and implementing a road map/plan to
mitigate them.
• Data encryption can provide an additional layer of security to
protect the integrity and confidentiality of data.
RAHUL SHARMA NOTES
Enforcing adequate database security practices is vital
for any organizations for a variety of reasons.
Benefits
• Ensuring business continuity: Many enterprises cannot operate until the breach is resolved.
• Minimizing financial damage: Once a breach occurs, an organization must sustain significant
financial costs to communicate the breach to all its customers, manage the crisis, repair or
update the affected systems and hardware, pay for investigative activities, etc.
• Loss of intellectual property: If a database is accessed, there’s a chance that a company’s
trade secrets, proprietary procedures, and other forms of intellectual property are stolen or
exposed. In some instances, this means the complete loss of any competitive edge
maintained by that organization.
• Brand reputation damage: Once a breach is notified to the customer base, partners and
customers may lose faith in the organization’s ability to protect their data. The brand’s
reputation will suffer, and many might decide not to buy that organization’s products or
services anymore.
• Penalties and fines: Organizations must be compliant with a large number of regulations,
such as those in the General Data Protection Regulation (GDPR), Payment Card Industry Data
Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), and
more. If a data breach occurs because the organization failed to comply with these
regulations, fines and penalties can be very severe, in some cases even exceeding several
million dollars per violation.
RAHUL SHARMA NOTES
The Different Security And Authorization Mechanisms
In Database Management System.

A DBMS system always has a separate system for

security which is responsible for protecting
database against accidental or intentional loss,
destruction or misuse.
• Security Levels:
– Database level:- DBMS system should ensure that the
authorization restriction needs to be there on users.
– Operating system Level:- Operating system should not
allow unauthorized users to enter in system.
– Network Level:- Database is at some remote place and
it is accessed by users through the network so security
is required.
RAHUL SHARMA NOTES

Security Mechanisms:
• Access Control(Authorization)
– Which identifies valid users who may have any access to the valid data
in the Database and which may restrict the operations that the user
may perform?
– For Example The movie database might designate two roles:”users”
(query the data only) and “designers”(add new data)user must be
assigned to a role to have the access privileges given to that role.
– Each applications is associated with a specified role. Each role has a list
of authorized users who may execute/Design/administers the
application.
• Authenticate the User:
– Which identify valid users who may have any access to the data in the
Database?
– Restrict each user’s view of the data in the database
– This may be done with help of concept of views in Relational
databases.
RAHUL SHARMA NOTES

Security Mechanisms:
• Cryptographic control/Data Encryption:
– Encode data in a cryptic form(Coded)so that although data is captured by unintentional user
still he can’t be able to decode the data.
– Used for sensitive data, usually when transmitted over communications links but also may be
used to prevent by passing the system to gain access to the data.
• Inference control:
– Ensure that confidential information can’t be retrieved even by deduction.
– Prevent disclosure of data through statistical summaries of confidential data.
• Flow control or Physical Protection:
– Prevents the copying of information by unauthorized person.
– Computer systems must be physically secured against any unauthorized entry.
• Virus control:
– At user level authorization should be done to avoid intruder attacks through humans.
– There should be mechanism for providing protection against data virus.
• User defined control:
– Define additional constraints or limitations on the use of database.
– These allow developers or programmers to incorporate their own security procedures in
addition to above security mechanism.
RAHUL SHARMA NOTES

Authorization
• Authorization is finding out if the person, once identified, is
permitted to have the resource.
• Authorization explains that what you can do and is handled through
the DBMS unless external security procedures are available.
• Database management system allows DBA to give different access
rights to the users as per their requirements.
• Basic Authorization we can use any one form or combination of the
following basic forms of authorizations
– Resource authorization:-Authorization to access any system resource.
e.g. sharing of database, printer etc.
– Alternation Authorization:- Authorization to add attributes or delete
attributes from relations
– Drop Authorization:-Authorization to drop a relation.
RAHUL SHARMA NOTES

Authorization
Granting of privileges
• A system privilege is the right to perform a
particular action, or to perform an action on
any schema objects of a particular type.
• An authorized user may pass on this
authorization to other users. This process is
called as granting of privileges..
RAHUL SHARMA NOTES

Authorization
Revoking of privileges:
• We can reject the privileges given to particular
user with help of revoke statement.
• To revoke an authorization, we use the revoke
statement.
RAHUL SHARMA NOTES

What is Data Recovery?

• It is the method of restoring the database to
its correct state in the event of a failure at the
time of the transaction or after the end of a
process.
RAHUL SHARMA NOTES

What is the Need for Recovery of data?

The storage of data usually includes four types of media with an increasing amount of
reliability: the main memory, the magnetic disk, the magnetic tape, and the optical disk.
Many different forms of failure can affect database processing and/or transaction, and each
of them has to be dealt with differently. Some data failures can affect the main memory only,
while others involve non-volatile or secondary storage also. Among the sources of failure are:
• Due to hardware or software errors, the system crashes, which ultimately resulting in loss of
main memory.
• Failures of media, such as head crashes or unreadable media that results in the loss of
portions of secondary storage.
• There can be application software errors, such as logical errors that are accessing the
database that can cause one or more transactions to abort or fail.
• Natural physical disasters can also occur, such as fires, floods, earthquakes, or power failures.
• Carelessness or unintentional destruction of data or directories by operators or users.
• Damage or intentional corruption or hampering of data (using malicious software or files)
hardware or software facilities.
• Whatever the grounds of the failure are, there are two principal things that you have to
consider:
• Failure of main memory, including that database buffers.
• Failure of the disk copy of that database.
RAHUL SHARMA NOTES

Recovery Mechanism
Every DBMS should offer the following facilities to help
out with the recovery mechanism:
• Backup mechanism makes backup copies at a specific
interval for the database.
• Logging facilities keep tracing the current state of
transactions and any changes made to the database.
• Checkpoint facility allows updates to the database for
getting the latest patches to be made permanent and
keep secure from vulnerability.
• Recovery manager allows the database system for
restoring the database to a reliable and steady-state
after any failure occurs.