DBMSs and Web Security

Securing DBMS in Web Environments

Introduction
• Database Management Systems (DBMS) ensure efficient and
secure data storage, providing quick access and maintaining
data integrity with web Security complementing this by
protecting online data and user privacy from cyber threats.

Together, DBMS and web security create a robust framework

for managing and safeguarding our digital assets.
Introduction
The challenge is to ensure that
• Private: Only accessible to the sender and receiver.
• Integrity: Unchanged during transmission.
• Authentic: Verified to come from a trusted source.
• Non-fabrication: Confirming the receiver's identity.
• Non-repudiation: Preventing the sender from denying the
transmission.
Security Mechanisms
Proxy servers
• A computer that acts as an intermediary between a Web browser and a
Web server. It intercepts and evaluates requests to determine if they can
be fulfilled locally or need to be forwarded to the Web server.
• Improve performance:
• Caches frequently accessed web pages, reducing load times for users.
• Example: If user A requests a page, it's stored by the proxy. When user B
requests the same page, the proxy serves it directly from the cache.
• Supports thousands of users efficiently, like those in large networks (e.g.,
CompuServe, AOL).
• Filter Requests:
• Controls access to certain websites.
• Example: Organizations can block employees from accessing non work-
related sites.
 • A firewall is a system designed to
prevent unauthorized access to or
from a private network.

Looks at each packet and accepts

Packet Filter or rejects it based on rules.

Application Applies security mechanisms to

Gateway specific applications.

Circuit-Level Applies security mechanisms

Gateway when a TCP or UDP connection is
established.

Proxy Intercepts all messages entering

Server and leaving the network.
Cryptographic Measures
Message Digest Algorithm (One-Way Hash Function):
• Generates a fixed-length digest from an arbitrary message.
• Key Characteristics:
• Computationally infeasible to find another message with the same digest.
• The digest does not reveal the original message.
Digital Signature:
• Combines data with a private key to create a unique, verifiable signature.
• Key Properties:
• Authenticity: Can be verified with the corresponding public key.
• Non-forgeable: Cannot be replicated if the private key is secure.
• Integrity: Signature is tied to the specific data, ensuring it hasn't been
altered.
• Often uses message digest algorithms to enhance efficiency.
Cryptographic Measures
Digital Certificates
• An attachment to an electronic message used to verify the sender’s identity
and to provide a secure way to encode a reply.
• Issued by a Certificate Authority.
How It Works:
• Sender: Applies for a digital certificate from a CA, which includes their public
key and identification details.
• Recipient: Uses the CA’s public key to decode the certificate, verify the sender’s
identity, and obtain the sender’s public key to send an encrypted reply.
• Importance:
• - Critical in establishing trust in a large, distributed network.
• - Most commonly used for SSL Web server validation to ensure secure
interactions.
SSL and S-HTTP: Securing Web Communications
Secure Sockets Layer (SSL):
• Developed for encrypting data over the Internet.
• Uses a private key to secure data transmission, preventing eavesdropping,
tampering, and forgery.
• Supported by major browsers like Firefox and Internet Explorer for protecting
sensitive information (e.g., credit card numbers).
Secure HTTP (S-HTTP):
• A modified version of HTTP designed for secure transmission of individual
messages.
• Complements SSL by securing specific messages rather than entire connections.
• Both SSL and S-HTTP are submitted for IETF approval and are used for
authenticating and securing web communications.
SSL and S-HTTP: Securing Web Communications
Benefits of SSL/S-HTTP:
• Authentication: Verifies both the browser and server.
• Access Control: Allows control over server resources.
• Data Security: Ensures sensitive information remains inaccessible to third parties.
• Data Integrity: Prevents data corruption during transmission.
• Key Component:
• Digital certificates are essential for the security of SSL and S-HTTP protocols.
 Secure Electronic Transactions
• The Secure Electronic
Transactions (SET) protocol is an
open, interoperable standard
for processing credit card
transactions over the Internet.

• SET’s goal is to allow credit card

transactions to be as simple and
secure on the Internet as they
are in retail stores.