Chapter 1 Introduction- Review questions

1.1 List four examples of database systems other than those listed in Section

1.1.

Some examples could be:

 A system that maintains component part details for a car manufacturer;

 An advertising company keeping details of all clients and adverts placed with

them;

 A training company keeping course information and participants’ details;

 An organization maintaining all sales order information.

1.2 Discuss the meaning of each of the following terms:

(a) data

For end users, this constitutes all the different values connected with the various

objects/entities that are of concern to them.

(b) database

A shared collection of logically related data (and a description of this data), designed to

meet the information needs of an organization.

(c) database management system

A software system that: enables users to define, create, and maintain the database and

provides controlled access to this database.

(d) application program

A computer program that interacts with the database by issuing an appropriate request

(typically an SQL statement) to the DBMS.

(e) data independence

This is essentially the separation of underlying file structures from the programs that

operate on them, also called program-data independence.

(f) views.

A virtual table that does not necessarily exist in the database but is generated by the

DBMS from the underlying base tables whenever it’s accessed. These present only a

subset of the database that is of particular interest to a user. Views can be customized,

for example, field names may change, and they also provide a level of security preventing

users from seeing certain data.

1.3 Describe the main characteristics of the database approach.

Focus is now on the data first, and then the applications. The structure of the data is now

kept separate from the programs that operate on the data. This is held in the system

catalog or data dictionary. Programs can now share data, which is no longer fragmented.

There is also a reduction in redundancy, and achievement of program-data independence.

1.4 Describe the five components of the DBMS environment and discuss how

they relate to each other.

(1) Hardware: The computer system(s) that the DBMS and the application programs run on. This can range

(2) Software: The DBMS software and the application programs, together with the operating system, inclu

(3) Data: The data acts as a bridge between the hardware and software components and the human c

(4) Procedures: The instructions and rules that govern the design and use of the

database. This may include instructions on how to log on to the DBMS, make backup

copies of the database, and how to handle hardware or software failures.

(5) People: This includes the database designers, database administrators (DBAs),

application programmers, and the end-users.

1.5 Describe the problems with the traditional two-tier client-server

architecture and discuss how these problems were overcome with the three-

tier client-server architecture.

In the mid-1990s, as applications became more complex and potentially could be

deployed to hundreds or thousands of end-users, the client side of this architecture

gave rise to two problems:

 A ‘fat’ client, requiring considerable resources on the client’s computer to run

effectively (resources include disk space, RAM, and CPU power).

 A significant client side administration overhead.

By 1995, a new variation of the traditional two-tier client-server model appeared to

solve these problems called the three-tier client-server architecture. This new

architecture proposed three layers, each potentially running on a different platform:

(1) The user interface layer, which runs on the end-user’s computer (the client).

(2) The business logic and data processing layer. This middle tier runs on a server and is

often called the application server. One application server is designed to serve

multiple clients.

(3) A DBMS, which stores the data required by the middle tier. This tier may run on a

separate server called the database server.

The three-tier design has many advantages over the traditional two-tier design, such

as:

 A ‘thin’ client, which requires less expensive hardware.

 Simplified application maintenance, as a result of centralizing the business logic for

many end-users into a single application server. This eliminates the concerns of

software distribution that are problematic in the traditional two-tier client-server

architecture.

 Added modularity, which makes it easier to modify or replace one tier without

affecting the other tiers.

 Easier load balancing, again as a result of separating the core business logic from the

database functions. For example, a Transaction Processing Monitor (TPM) can be

used to reduce the number of connections to the database server. (A TPM is a

program that controls data transfer between clients and servers in order to provide

a consistent environment for Online Transaction Processing (OLTP).)

An additional advantage is that the three-tier architecture maps quite naturally to

the Web environment, with a Web browser acting as the ‘thin’ client, and a Web server

acting as the application server. The three-tier client server architecture is illustrated

in Figure 1.4.
1.6 Describe the functions that should be provided by a modern full-scale multi-

user DBMS.

Data Storage, Retrieval and Update Authorization S

A User-Accessible Catalog Support

Transaction Support I

Concurrency Control Services Services

Recovery Services U

1.7 Of the functions described in your answer to Question 1.6, which ones do

you think would not be needed in a standalone PC DBMS? Provide

justification for your answer.

Concurrency Control Services - only single user.

Authorization Services - only single user, but may be needed if different individuals are

to use the DBMS at different times.

Utility Services - limited in scope.

Support for Data Communication - only standalone system.

1.8 Discuss the advantages and disadvantages of DBMSs.

Some advantages of the database approach include control of data redundancy, data

consistency, sharing of data, and improved security and integrity. Some disadvantages

include complexity, cost, reduced performance, and higher impact of a failure.

 Chapter 2 The Relational Model - Review questions

2.1 Discuss each of the following concepts in the context of the relational data

model:

(a) relation

A table with columns and rows.

(b) attribute

A named column of a relation.

(c) domain

The set of allowable values for one or more attributes.

(d) tuple

A record of a relation.

(e) relational database.

A collection of normalized tables.

2.2 Discuss the properties of a relational table.

A relational table has the following properties:

 The table has a name that is distinct from all other tables in the database.

 Each cell of the table contains exactly one value. (For example, it would be wrong to

store several telephone numbers for a single branch in a single cell. In other words,

tables don’t contain repeating groups of data. A relational table that satisfies this

property is said to be normalized or in first normal form.)

 Each column has a distinct name.

 The values of a column are all from the same domain.

 The order of columns has no significance. In other words, provided a column name is

moved along with the column values, we can interchange columns.

 Each record is distinct; there are no duplicate records.

 The order of records has no significance, theoretically.

2.3 Discuss the differences between the candidate keys and the primary key of

a table. Explain what is meant by a foreign key. How do foreign keys of

tables relate to candidate keys? Give examples to illustrate your answer.

The primary key is the candidate key that is selected to identify tuples uniquely within a

relation. A foreign key is an attribute or set of attributes within one relation that

matches the candidate key of some (possibly the same) relation.

2.4 What does a null represent?

Represents a value for a column that is currently unknown or is not applicable for this

record.

2.5 Define the two principal integrity rules for the relational model. Discuss why

it is desirable to enforce these rules.

Entity integrityIn a base table, no column of a primary key can be null.

Referential integrityIf a foreign key exists in a table, either the foreign key value must match a candidate k
Chapter 4 Database Systems Development Lifecycle - Review

questions

4.1 Describe what is meant by the term ‘software crisis’.

The past few decades has witnessed the dramatic rise in the number of software

applications. Many of these applications proved to be demanding, requiring constant

maintenance. This maintenance involved correcting faults, implementing new user

requirements, and modifying the software to run on new or upgraded platforms. With so

much software around to support, the effort spent on maintenance began to absorb

resources at an alarming rate. As a result, many major software projects were late, over

budget, and the software produced was unreliable, difficult to maintain, and performed

poorly. This led to what has become known as the ‘software crisis’. Although this term

was first used in the late 1960s, more than 30 years later, the crisis is still with us. As a

result, some people now refer to the software crisis as the ‘software depression’.

4.2 Discuss the relationship between the information systems lifecycle and the

database system development lifecycle.

An information system is the resources that enable the collection, management, control,

and dissemination of data/information throughout a company. The database is a

fundamental component of an information system. The lifecycle of an information

system is inherently linked to the lifecycle of the database that supports it.

Typically, the stages of the information systems lifecycle include: planning, requirements

collection and analysis, design (including database design), prototyping, implementation,

testing, conversion, and operational maintenance. As a database is a fundamental

component of the larger company-wide information system, the database system

development lifecycle is inherently linked with the information systems lifecycle.

4.3 Briefly describe the stages of the database system development lifecycle.

See Figure 4.1 Stages of the database system development lifecycle.

Database planning is the management activities that allow the stages of the database

system development lifecycle to be realized as efficiently and effectively as possible.

System definition involves identifying the scope and boundaries of the database system

including its major user views. A user view can represent a job role or business

application area.

Requirements collection and analysis is the process of collecting and analyzing

information about the company that is to be supported by the database system, and

using this information to identify the requirements for the new system.

There are three approaches to dealing with multiple user views, namely the centralized

approach, the view integration approach, and a combination of both. The centralized

approach involves collating the users’ requirements for different user views into a single

list of requirements. A data model representing all the user views is created during the

database design stage. The view integration approach involves leaving the users’

requirements for each user view as separate lists of requirements. Data models

representing each user view are created and then merged at a later stage of database

design.

Database design is the process of creating a design that will support the company’s

mission statement and mission objectives for the required database. This stage includes

the logical and physical design of the database.

The aim of DBMS selection is to select a system that meets the current and future

requirements of the company, balanced against costs that include the purchase of the

DBMS product and any additional software/hardware, and the costs associated with

changeover and training.

Application design involves designing the user interface and the application programs

that use and process the database. This stage involves two main activities: transaction

design and user interface design.

Prototyping involves building a working model of the database system, which allows the

designers or users to visualize and evaluate the system.

Implementation is the physical realization of the database and application designs.

Data conversion and loading involves transferring any existing data into the new

database and converting any existing applications to run on the new database.

Testing is the process of running the database system with the intent of finding errors.

Operational maintenance is the process of monitoring and maintaining the system

following installation.

4.4 Describe the purpose of creating a mission statement and mission objectives

for the required database during the database planning stage.

The mission statement defines the major aims of the database system, while each

mission objective identifies a particular task that the database must support.

4.5 Discuss what a user view represents when designing a database system.

A user view defines what is required of a database system from the perspective of a

particular job (such as Manager or Supervisor) or business application area (such as

marketing, personnel, or stock control).

4.6 Compare and contrast the centralized approach and view integration

approach to managing the design of a database system with multiple user

views.

An important activity of the requirements collection and analysis stage is deciding how

to deal with the situation where there is more than one user view. There are three

approaches to dealing with multiple user views:

 the centralized approach,

 the view integration approach, and

 a combination of both approaches.

Centralized approach

Requirements for each user view are merged into a single list of requirements for the

new database system. A logical data model representing all user views is created during

the database design stage.

The centralized approach involves collating the requirements for different user views

into a single list of requirements. A data model representing all user views is created in

the database design stage. A diagram representing the management of user views 1 to 3

using the centralized approach is shown in Figure 4.4. Generally, this approach is

preferred when there is a significant overlap in requirements for each user view and the

database system is not overly complex.

See Figure 4.4 The centralized approach to managing multiple user views 1 to 3.

View integration approach

Requirements for each user view remain as separate lists. Data models representing

each user view are created and then merged later during the database design stage.

The view integration approach involves leaving the requirements for each user view as

separate lists of requirements. We create data models representing each user view. A

data model that represents a single user view is called a local logical data model. We

then merge the local data models to create a global logical data model representing all

user views of the company.

A diagram representing the management of user views 1 to 3 using the view

integration approach is shown in Figure 4.5. Generally, this approach is preferred when

there are significant differences between user views and the database system is

sufficiently complex to justify dividing the work into more manageable parts.

See Figure 4.5 The view integration approach to managing multiple user views 1 to 3.

For some complex database systems it may be appropriate to use a combination of both

the centralized and view integration approaches to managing multiple user views. For
example, the requirements for two or more users views may be first merged using the

centralized approach and then used to create a local logical data model. (Therefore in

this situation the local data model represents not just a single user view but the number

of user views merged using the centralized approach). The local data models

representing one or more user views are then merged using the view integration

approach to form the global logical data model representing all user views.

4.7 Explain why it is necessary to select the target DBMS before beginning the

physical database design phase.

Database design is made up of two main phases called logical and physical design. During

logical database design, we identify the important objects that need to be represented

in the database and the relationships between these objects. During physical database

design, we decide how the logical design is to be physically implemented (as tables) in

the target DBMS. Therefore it is necessary to have selected the target DBMS before

we are able to proceed to physical database design.

See Figure 4.1 Stages of the database system development lifecycle.

4.8 Discuss the two main activities associated with application design.

The database and application design stages are parallel activities of the database

system development lifecycle. In most cases, we cannot complete the application design

until the design of the database itself has taken place. On the other hand, the database

exists to support the applications, and so there must be a flow of information between

application design and database design.

The two main activities associated with the application design stage is the design of the

user interface and the application programs that use and process the database.

We must ensure that all the functionality stated in the requirements specifications is

present in the application design for the database system. This involves designing the

interaction between the user and the data, which we call transaction design. In addition

to designing how the required functionality is to be achieved, we have to design an

appropriate user interface to the database system.

4.9 Describe the potential benefits of developing a prototype database system.

The purpose of developing a prototype database system is to allow users to use the

prototype to identify the features of the system that work well, or are inadequate, and

if possible to suggest improvements or even new features for the database system. In

this way, we can greatly clarify the requirements and evaluate the feasibility of a

particular system design. Prototypes should have the major advantage of being relatively

inexpensive and quick to build.

4.10 Discuss the main activities associated with the implementation stage.

The database implementation is achieved using the Data Definition Language (DDL) of

the selected DBMS or a graphical user interface (GUI), which provides the same

functionality while hiding the low-level DDL statements. The DDL statements are used

to create the database structures and empty database files. Any specified user views

are also implemented at this stage.

The application programs are implemented using the preferred third or fourth

generation language (3GL or 4GL). Parts of these application programs are the

database transactions, which we implement using the Data Manipulation Language (DML)

of the target DBMS, possibly embedded within a host programming language, such as

Visual Basic (VB), VB.net, Python, Delphi, C, C++, C#, Java, COBOL, Fortran, Ada, or

Pascal. We also implement the other components of the application design such as menu

screens, data entry forms, and reports. Again, the target DBMS may have its own fourth

generation tools that allow rapid development of applications through the provision of

non-procedural query languages, reports generators, forms generators, and application

generators.

Security and integrity controls for the application are also implemented. Some of these

controls are implemented using the DDL, but others may need to be defined outside the

DDL using, for example, the supplied DBMS utilities or operating system controls.

4.11 Describe the purpose of the data conversion and loading stage.

This stage is required only when a new database system is replacing an old system.

Nowadays, it’s common for a DBMS to have a utility that loads existing files into the new
database. The utility usually requires the specification of the source file and the target

database, and then automatically converts the data to the required format of the new

database files. Where applicable, it may be possible for the developer to convert and

use application programs from the old system for use by the new system.

4.12 Explain the purpose of testing the database system.

Before going live, the newly developed database system should be thoroughly tested.

This is achieved using carefully planned test strategies and realistic data so that the

entire testing process is methodically and rigorously carried out. Note that in our

definition of testing we have not used the commonly held view that testing is the

process of demonstrating that faults are not present. In fact, testing cannot show the

absence of faults; it can show only that software faults are present. If testing is

conducted successfully, it will uncover errors in the application programs and possibly

the database structure. As a secondary benefit, testing demonstrates that the

database and the application programs appear to be working according to their

specification and that performance requirements appear to be satisfied. In addition,

metrics collected from the testing stage provides a measure of software reliability and

software quality.

As with database design, the users of the new system should be involved in the

testing process. The ideal situation for system testing is to have a test database on a

separate hardware system, but often this is not available. If real data is to be used, it is

essential to have backups taken in case of error.

Testing should also cover usability of the database system. Ideally, an evaluation

should be conducted against a usability specification. Examples of criteria that can be

used to conduct the evaluation include (Sommerville, 2000):

 Learnability - How long does it take a new user to become productive with the

system?

 Performance - How well does the system response match the user’s work practice?

 Robustness - How tolerant is the system of user error?

 Recoverability - How good is the system at recovering from user errors?

 Adapatability - How closely is the system tied to a single model of work?

 Some of these criteria may be evaluated in other stages of the lifecycle. After

testing is complete, the database system is ready to be ‘signed off’ and handed over to

the users.

4.13 What are the main activities associated with operational maintenance stage.

In this stage, the database system now moves into a maintenance stage, which involves

the following activities:

 Monitoring the performance of the database system. If the performance falls below

an acceptable level, the database may need to be tuned or reorganized.

 Maintaining and upgrading the database system (when required). New requirements

are incorporated into the database system through the preceding stages of the

lifecycle.
Chapter 5 Database Administration and Security - Review questions

5.1 Define the purpose and tasks associated with data administration and

database administration.

Data administration is the management and control of the corporate data, including

database planning, development and maintenance of standards, policies and procedures,

and logical database design.

Database administration is the management and control of the physical realization of the corporate database

5.2 Compare and contrast the main tasks carried out by the DA and DBA.

The Data Administrator (DA) and Database Administrator (DBA) are responsible for

managing and controlling the activities associated with the corporate data and the

corporate database, respectively. The DA is more concerned with the early stages of

the lifecycle, from planning through to logical database design. In contrast, the DBA is

more concerned with the later stages, from application/physical database design to

operational maintenance. Depending on the size and complexity of the organization

and/or database system the DA and DBA can be the responsibility of one or more

people.
5.3 Explain the purpose and scope of database security.

Security considerations do not only apply to the data held in a database. Breaches of

security may affect other parts of the system, which may in turn affect the database.

Consequently, database security encompasses hardware, software, people, and data. To

effectively implement security requires appropriate controls, which are defined in

specific mission objectives for the system. This need for security, while often having

been neglected or overlooked in the past, is now increasingly recognized by

organizations. The reason for this turn-around is due to the increasing amounts of

crucial corporate data being stored on computer and the acceptance that any loss or

unavailability of this data could be potentially disastrous.

5.4 List the main types of threat that could affect a database system, and for

each, describe the possible outcomes for an organization.

Figure 5.1 A summary of the potential threats to computer systems.

5.5 Explain the following in terms of providing security for a database:

authorization;

views;

backup and recovery;

integrity;

encryption;

RAID.

Authorization

Authorization is the granting of a right or privilege that enables a subject to have

legitimate access to a system or a system’s object. Authorization controls can be built

into the software, and govern not only what database system or object a specified user

can access, but also what the user may do with it. The process of authorization involves
authentication of a subject requesting access to an object, where ‘subject’ represents a

user or program and ‘object’ represents a database table, view, procedure, trigger, or

any other object that can be created within the database system.

Views

A view is a virtual table that does not necessarily exist in the database but can be

produced upon request by a particular user, at the time of request. The view mechanism

provides a powerful and flexible security mechanism by hiding parts of the database

from certain users. The user is not aware of the existence of any columns or rows that

are missing from the view. A view can be defined over several tables with a user being

granted the appropriate privilege to use it, but not to use the base tables. In this way,

using a view is more restrictive than simply having certain privileges granted to a user on

the base table(s).

Backup and recovery

Backup is the process of periodically taking a copy of the database and log file (and

possibly programs) onto offline storage media. A DBMS should provide backup facilities

to assist with the recovery of a database following failure. To keep track of database

transactions, the DBMS maintains a special file called a log file (or journal) that

contains information about all updates to the database. It is always advisable to make

backup copies of the database and log file at regular intervals and to ensure that the

copies are in a secure location. In the event of a failure that renders the database

unusable, the backup copy and the details captured in the log file are used to restore

the database to the latest possible consistent state. Journaling is the process of

keeping and maintaining a log file (or journal) of all changes made to the database to

enable recovery to be undertaken effectively in the event of a failure.

Integrity constraints

Contribute to maintaining a secure database system by preventing data from becoming

invalid, and hence giving misleading or incorrect results.

Encryption
Is the encoding of the data by a special algorithm that renders the data unreadable by

any program without the decryption key. If a database system holds particularly

sensitive data, it may be deemed necessary to encode it as a precaution against possible

external threats or attempts to access it. Some DBMSs provide an encryption facility

for this purpose. The DBMS can access the data (after decoding it), although there is

degradation in performance because of the time taken to decode it. Encryption also

protects data transmitted over communication lines. There are a number of techniques

for encoding data to conceal the information; some are termed irreversible and others

reversible. Irreversible techniques, as the name implies, do not permit the original data

to be known. However, the data can be used to obtain valid statistical information.

Reversible techniques are more commonly used. To transmit data securely over insecure

networks requires the use of a cryptosystem, which includes:

• an encryption key to encrypt the data (plaintext);

• an encryption algorithm that, with the encryption key, transforms the plain text

into ciphertext;

• a decryption key to decrypt the ciphertext;

• a decryption algorithm that, with the decryption key, transforms the ciphertext

back into plain text.

Redundant Array of Independent Disks (RAID)

RAID works by having a large disk array comprising an arrangement of several

independent disks that are organized to improve reliability and at the same time

increase performance. The hardware that the DBMS is running on must be fault-

tolerant, meaning that the DBMS should continue to operate even if one of the hardware

components fails. This suggests having redundant components that can be seamlessly

integrated into the working system whenever there is one or more component failures.

The main hardware components that should be fault-tolerant include disk drives, disk

controllers, CPU, power supplies, and cooling fans. Disk drives are the most vulnerable

components with the shortest times between failures of any of the hardware

components.

One solution is the use of Redundant Array of Independent Disks (RAID) technology.

RAID works by having a large disk array comprising an arrangement of several

independent disks that are organized to improve reliability and at the same time

increase performance.