’ i) An altenate ho log

Shadao faging technqe

3i) Naintina two table
1

Quwtent age Fable Shados fage Table

wocd during banoachon backup apg> unchanged
until ccmnit

Advantaqsn
)No leg needed
Asabacko
DCPying ouenhead
)FasteH eCOVe
3) Enawnes atomici lG 3).2i6hieutt with concuviehay
Page 5
(otd)
2
Page 1 3
Page 4
Page 2(otd
Page 3
Cuoent dorechony Page G Shadno inecton
updai Page 2(reu
Pog5(ncw) (not upda ted)

(Pant Module. i)
 Module - 55. Database Securil
O Authentcaion -’ Enures that ony valid wes
COUn acees the databaae.
DVerifies the idenilË oh the euser to prevent
unawthouised acr Fo
fo database
Techniques
OTP Bfomebric 7Seot
Pas ued Tofeens
Lqin
împortance d Autheieation
)3nveaned data secwity ii) esion maragemont
ii) Psouenta data leak iv) Psoventa nehvork etta cho
2)Authonizahi om ’ i) Detenineo
Determînes what achono |
oenaiems
penhom în database
ii) Conholed woin9 i 4RANT and REvOKE
n SQL.Commands
Audit Trail ’ A A ecod | log that keeps
hrack who did what rd wshen dhe
databae in the
) Database Encyptiom’ The proce» o) convofrg
dala ito in a databae inlo a coded funbuadabi
fomat to phevert unauthoni2ed aeaes

ranopanent olunn level |Fle evel ypiakon e

 Pcce en trot ’ The preLs deidira

Ut eunes that crdu utheized lleA

Acces Conel

futhenicahion Authonizahon Roteo

Specifie sghts
|pivilbgesasign |ike 'SELECT,
b uiers.| NSERT, UPDA
DE LE TE

yreo o Acces Conhot

Aiserionay Aezed landat Acces Roe Baned
mbof (RBAC)
(DAC) (MAc)
’Qune deides’Accen io bascd om
on ’ Acces in
who gets the kired poticies based on olis.
alees to hat
nbollod by the
Conholled by Lala>Cnheleda by systemb ole
poticies
+he wns
lery flexible ’ Vey shnct |Medoratelyy flexibk
Veg
Bared on Secuity ’Bascd n uneH's
fdenily labelo
Aeces shairg allboel -alowed
Aecen shaxing not ependo on the
Aouen Secwnily P Veny high secuxitj’ Modoratr secuunit
->lem men Usage ommon Usage
Personal systems, ilftany, Sefencc, Conporalt envixom
&rmall egtniaiond ovt. Yystms. menlo , Lnivensihe
 întrubion eteetion - pooces
&analyzing daBabase acivihes lo dotoet unauthaviycd
acees , attacko Suspicîns behavi onwt .
Types , tnhusion oletoliom Systems
JHost- based | Netwowk-based| ||Siqnalne
based
|Anomaly
boed
Monitos Mcmites nehonk petets
attacksotets unusu a l
achvihes înside tratic to the woing knonm a

DBMS. behavimw
DBMS
pateans |puules.
LAN
Firewall Work
stahons
Intonet
PnbusiotecheTDs|
Eaawkachs
DPaotect Qata the}t Dlan genesali fabse yiivos
a) ight mot ynatch neo
a) letecti internal misuse een attacko
3) Need to be
conßiquved Prpenly
sqL Injedion ’ a) A hacking techrigue where
whene an
attache naento malicious
maiio SQL code into a quey
to access manipulata the data
) Enploils seouily fauws.
woling meharisn -’ 1) an opplicaton. BindLy uey
woet iput in am SQL auey , an attacke 9a
medift
tt he qyuniels qeny's meaning
 Dasko done uoing sQL snjechon

View, Edit, 1 op tables rAocess

Authenticahionaelete se ords Sersiiue
in da ta bane databaes

Mettads to prevent sQL Dnjecom

Pgpasd |rput Use oRm Aimit

imi DB
Stdlomenb 'Validation Tools /Pexrmissions
Suppose the code is:

sq 2Edit

SELECT *FROM users WHERE username = + user input +

Ifa user types:

OR '1-'1

the query becomes:

O Copy

SELECT* FROM users WHERE usernane = * OR '1'-'1';

This retums all users even without a valid login!