Subject: DA&M BSIT 8th By: Muhammad Imran Afzal

Database Security Mechanisms

1. Using Views for Security: Views can simplify database security by restricting access to
sensitive data. For example, creating a view that omits sensitive columns (like salary or
telephone numbers) allows users to access only necessary information. This is called
vertical restriction. Additionally, horizontal restriction can be achieved by using views
with a WHERE clause to limit data access based on specific conditions (e.g., department).
2. Stored Procedures for Security: Stored procedures can provide an added layer of
security by controlling access to specific data subsets. Users are granted execution rights
for stored procedures rather than direct access to base tables, enhancing security.
3. Oracle Virtual Private Database (VPD): VPD enables row-level security by
dynamically modifying SQL queries with security policies, ensuring that users can only
access the data allowed by the policy.
4. Logic-Oriented Security: Security based on algorithms, such as restricting access to a
table during specific times or for specific users, can be enforced using stored procedures.
5. Auditing: Auditing tracks database operations, such as login attempts, data changes, and
unauthorized access. It helps detect security breaches and ensures compliance with
regulations. However, it may impact system performance and storage.
6. External Security: In addition to DBMS security, external security mechanisms must
protect resources like system catalogs, log files, and user data. Data encryption and
compression can help protect data outside the DBMS.
7. Job Scheduling and Security: When using third-party job schedulers, avoid granting
high-level privileges (like SYSADM) to the scheduler. Instead, grant specific
authorizations to each job. Avoid embedding passwords in scripts to prevent
unauthorized access.

Non-DBMS DBA Security

Non-DBMS DBA Security refers to the security measures and practices that database
administrators (DBAs) must manage and understand outside the specific database management
system (DBMS) itself. This includes the operating system (OS) and other underlying systems
and resources that the DBMS interacts with. While DBMS security focuses on database-level
controls (like user permissions, access control, and data encryption), non-DBMS security
involves ensuring that the systems and environments supporting the DBMS are secure.

Here are the key aspects of Non-DBMS DBA Security:

1. Operating System Access:

o DBAs often need high-level access to the underlying operating system (like
UNIX or Linux) to install, configure, and manage the database. For example,
some installation tasks might require root authority (administrator privileges) on
the OS.
o DBAs can either be granted root access directly or work with the system
administrators (SAs) who handle OS-level tasks.
2. Collaboration with System Administrators:
Subject: DA&M BSIT 8th By: Muhammad Imran Afzal

o To ensure effective security, DBAs must collaborate with system administrators

to set up proper security measures. The goal is to allow DBAs to perform their
necessary tasks while ensuring the security and integrity of the operating system
and the platform as a whole.
3. Platform Security:
o DBAs need to work within the broader platform security framework. This
involves safeguarding things like the server, storage systems, file permissions,
and the network infrastructure on which the DBMS runs.
o For example, the DBA must ensure that only authorized personnel can access
sensitive system files or directories.

In summary, Non-DBMS DBA Security refers to the OS and infrastructure-level security that
DBAs must manage to protect the overall environment where the database operates, ensuring
that the system is secure from threats outside the DBMS itself. This is crucial for maintaining the
integrity, confidentiality, and availability of the data and ensuring smooth operations.

1. Database Security

Database security ensures the confidentiality, integrity, and availability of data. There are several
key areas to focus on:

 Authentication and Authorization: Ensuring that only authorized users or applications

can access the database. Common methods include role-based access control (RBAC)
and multi-factor authentication (MFA).
 Encryption: Protecting data at rest and in transit by using encryption techniques like
TLS for communication and AES for storing sensitive data.
 Backup and Recovery: Implementing regular backups and having a robust disaster
recovery plan in place to restore data in the event of a breach or failure.
 Audit and Monitoring: Continuous monitoring and auditing of database activity to
detect any suspicious behavior or unauthorized access.
 Data Masking: This involves hiding sensitive data, which is often used in development
and testing environments.
 Security Patches: Ensuring that all security vulnerabilities in the database software are
patched promptly.

2. Database Optimization

Optimization is crucial for improving the performance and efficiency of a database system. Key
strategies include:

 Indexing: Indexes speed up data retrieval operations by reducing the number of records
the database engine must scan. However, they can slow down write operations, so
balancing the number of indexes is essential.
Subject: DA&M BSIT 8th By: Muhammad Imran Afzal

 Query Optimization: Analyzing and improving queries to make them run more
efficiently. This involves things like reducing subqueries, using joins effectively, and
avoiding unnecessary data retrieval.
 Normalization and Denormalization:
o Normalization reduces redundancy and improves data integrity but might result
in slower queries due to more complex joins.
o Denormalization can speed up queries by reducing joins but can increase
redundancy and the potential for anomalies.
 Partitioning: Dividing large tables into smaller, more manageable chunks, which can
reduce query times and improve performance for read-heavy workloads.
 Caching: Implementing caching strategies like query caching or application-level
caching to reduce the load on the database.
 Sharding: Splitting data across multiple machines or databases to distribute the load and
increase scalability.

3. Distributed Systems

A distributed system consists of multiple components located on different networked machines

that communicate and coordinate to achieve a common goal. In the context of databases and
services, distributed systems come with their own challenges and strategies:

 Scalability: Distributed systems should be able to scale horizontally (adding more nodes)
to handle an increasing amount of data and requests.
 Consistency, Availability, and Partition Tolerance (CAP Theorem): The CAP
theorem states that in a distributed system, it is impossible to guarantee all three
properties at the same time:
o Consistency: Every read gets the most recent write.
o Availability: Every request gets a response, even if some nodes are down.
o Partition Tolerance: The system continues to function even if there is a network
partition. Depending on the system’s needs, it may favor two of these properties
over the third.
 Replication: Creating copies of data across different nodes or locations to ensure high
availability and fault tolerance.
 Eventual Consistency: In distributed systems, perfect consistency is hard to achieve.
Instead, systems often use eventual consistency, meaning that updates to the database will
propagate to all nodes, but not necessarily instantly.
 Fault Tolerance: Ensuring that the system can handle node failures without affecting the
overall performance or reliability of the system. This often involves strategies like data
replication, redundancy, and failover mechanisms.
 Distributed Transactions: Managing transactions across multiple distributed nodes can
be complex. Techniques like Two-Phase Commit (2PC) and Paxos can be used, though
they come with performance trade-offs.
 Latency: Distributed systems often involve communication between nodes over
networks, and managing latency is crucial for performance.

Connecting the Dots:

Subject: DA&M BSIT 8th By: Muhammad Imran Afzal

 A well-optimized distributed database system needs to balance between ensuring data

security, maintaining high availability, and providing efficient query processing.
 In cloud environments or microservices architectures, ensuring security (e.g.,
encryption and access control), scaling the database across multiple instances or zones,
and optimizing queries for large datasets are especially important.
 Database Sharding and Replication are commonly used in distributed databases to
enhance both availability and performance.