Concurrency Control. R/RR/W W/W User 2 ReadWrite User 1 Read Write R/W: Inconsistent Read problem. W/W: Lost Update problem.

Slides:



Advertisements
Similar presentations
Transaction Processing. Objectives After completing this lesson, you should be able to do the following: –Define transactions effectively for an application.
Advertisements

Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.
Concurrency Control. R/RR/W W/W User 2 ReadWrite User 1 Read Write R/W: Inconsistent Read problem. W/W: Lost Update problem.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
Concurrency Control. R/RR/W W/W User 2 ReadWrite User 1 Read Write R/W: Inconsistent Read problem. W/W: Lost Update problem.
VB.NET Database Tools ISYS Net Applications OLE DB Provider OLE DB Data Source OLE DB Provider ODBC Data Source SQL Server Data Source SQL Server.Net.
Website Security ISYS 512. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows.
Transaction Management and Concurrency Control
Transaction Management and Concurrency Control
Database Systems: Design, Implementation, and Management Eighth Edition Chapter 10 Transaction Management and Concurrency Control.
Web Site Security ISYS 512/812. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows:
Concurrency Control. R/RR/W W/W User 2 ReadWrite User 1 Read Write R/W: Inconsistent Read problem. W/W: Lost Update problem.
1 Transaction Management Database recovery Concurrency control.
DBMS Functions Data, Storage, Retrieval, and Update
Coding ADO.NET Objects: Connection, Command, DataReader.
Chapter 9 Transaction Management and Concurrency Control
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
E-Commerce. Internet It is a network that follows the TCP/IP protocol. –Transmission Control Protocol – handles communications between applications. A.
9 Chapter 9 Transaction Management and Concurrency Control Hachim Haddouti.
Database Administration Part 1 Chapter Six CSCI260 Database Applications.
Website Security ISYS 512. Cookies Data in Cookies System.Web Which web site set the cookie Expiration date –DateTime data type –TimeSpan data type One.
Database Systems: Design, Implementation, and Management Eighth Edition Chapter 10 Transaction Management and Concurrency Control.
Transaction Management and Concurrency Control
Transactions and Recovery
Transaction Management Chapter 9. What is a Transaction? A logical unit of work on a database A logical unit of work on a database An entire program An.
DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.
© 2013 Pearson Education, Inc. Publishing as Prentice Hall 1 CHAPTER 11: DATA AND DATABASE ADMINISTRATION Modern Database Management 11 th Edition Jeffrey.
Managing Multi-User Databases AIMS 3710 R. Nakatsu.
DBSQL 7-1 Copyright © Genetic Computer School 2009 Chapter 7 Transaction Management, Database Security and Recovery.
1 Topics in Database Administration u What is database administration? u What are the tasks involved in establishing, creating, implementing and maintaining.
Security and Transaction Nhi Tran CS 157B - Dr. Lee Fall, 2003.
BIS Database Systems School of Management, Business Information Systems, Assumption University A.Thanop Somprasong Chapter # 10 Transaction Management.
Topics in Database Administration What is database administration? What is data administration? What are the tasks involved in establishing, creating,
1cs Intersection of Concurrent Accesses A fundamental property of Web sites: Concurrent accesses by multiple users Concurrent accesses intersect.
Chapter 15 Recovery. Topics in this Chapter Transactions Transaction Recovery System Recovery Media Recovery Two-Phase Commit SQL Facilities.
Lecture 12 Recoverability and failure. 2 Optimistic Techniques Based on assumption that conflict is rare and more efficient to let transactions proceed.
D ATABASE A DMINISTRATION L ECTURE N O 3 Muhammad Abrar.
Ch 10: Transaction Management and Concurrent Control.
Website Security ISYS 512. Authentication Authentication is the process that determines the identity of a user.
11/7/2012ISC329 Isabelle Bichindaritz1 Transaction Management & Concurrency Control.
Database Security Outline.. Introduction Security requirement Reliability and Integrity Sensitive data Inference Multilevel databases Multilevel security.
Introduction to Database Systems1. 2 Basic Definitions Mini-world Some part of the real world about which data is stored in a database. Data Known facts.
Concurrency Control. Objectives Management of Databases Concurrency Control Database Recovery Database Security Database Administration.
ASP.Net and HTML. Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load dim strConn as string ="Provider=Microsoft.Jet.OLEDB.4.0;Data.
CSCI 3140 Module 6 – Database Security Theodore Chiasson Dalhousie University.
Data & Database Administration
MBA 664 Database Management Dave Salisbury ( )
TM 13-1 Copyright © 1999 Addison Wesley Longman, Inc. Data and Database Administration.
Chapter 20 Transaction Management Thomas Connolly, Carolyn Begg, Database System, A Practical Approach to Design Implementation and Management, 4 th Edition,
Transaction Management Transparencies. ©Pearson Education 2009 Chapter 14 - Objectives Function and importance of transactions. Properties of transactions.
Topics in Database Administration What is database administration? What is data administration? What are the tasks involved in establishing, creating,
1 Advanced Database Concepts Transaction Management and Concurrency Control.
Module 11: Managing Transactions and Locks
Database Systems: Design, Implementation, and Management Eighth Edition Chapter 10 Transaction Management and Concurrency Control.
©Bob Godfrey, 2002, 2005 Lecture 17: Transaction Integrity and Concurrency BSA206 Database Management Systems.
3 Database Systems: Design, Implementation, and Management CHAPTER 9 Transaction Management and Concurrency Control.
10 1 Chapter 10 - A Transaction Management Database Systems: Design, Implementation, and Management, Rob and Coronel.
Chapter 13 Managing Transactions and Concurrency Database Principles: Fundamentals of Design, Implementation, and Management Tenth Edition.
SYSTEMS IMPLEMENTATION TECHNIQUES TRANSACTION PROCESSING DATABASE RECOVERY DATABASE SECURITY CONCURRENCY CONTROL.
Copyright © 2016 Pearson Education, Inc. CHAPTER 12: DATA AND DATABASE ADMINISTRATION Modern Database Management 12 th Edition Jeff Hoffer, Ramesh Venkataraman,
TM 13-1 Copyright © 1999 Addison Wesley Longman, Inc. Data and Database Administration.
Transaction Management and Concurrency Control
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Transaction Management
Transaction Properties
Chapter 10 Transaction Management and Concurrency Control
On transactions, and Atomic Operations
Introduction of Week 13 Return assignment 11-1 and 3-1-5
Coding ADO.NET Objects: Connection, Command, DataReader
Presentation transcript:

Concurrency Control

R/RR/W W/W User 2 ReadWrite User 1 Read Write R/W: Inconsistent Read problem. W/W: Lost Update problem.

Example Husband/Wife joint account with $1000 balance. Transactions: –Husband: Withdraw 800 –Wife: Withdraw 100 Processing: –Read Balance, Calculate New Balance, Write New Balance

Husband:ReadBalanceCalNewBalanceWriteNewBalance (In memory)(On disk) 1000New= Wife:ReadBalanceCalNewBalance WriteNewBalance 1000New=

Locking Locking is the most widely used approach to ensure serializability of concurrent transactions. Shared lock: read only access Exclusive lock: for both read and write access.

Lock Granularity The size of data items protected by a lock. –Entire database –Entire table –A page –A record –A Field The coarser the data item size, the lower the degree of concurrency permitted.

Dead Lock Two transactions wait for locks on items held by the other. T1T2 DataItem 1 DataItem 2 Lock Wait For Lock

Transaction An unit of work on database that is either completed in its entirety or is not performed at all.

Transaction Commands Begin Transaction Update commands Commit RollBack End Transaction

DefiningTransaction in An Application Truck Rental System: –Vehicle Table:VID, VType, VStatus » V1PickUp Available » V2TowTruck Booked –VReservation:RID, VID, Date » R1V21/2/04

Transaction Example (Pseudo Code) Sub Rent(RID, VID, RDate) Begin Transaction Insert (RID, VID, RDate) into VReservation table If No Error Then Update Vehicle Status If No Error Then Commit Transaction Else Roll Back End if Else Roll Back End if End Sub

Transaction ACID Properties Atomic –Transaction cannot be subdivided –All or nothing Consistent –Constraints don’t change from before transaction to after transaction –A transaction transforms a database from one consistent state to another consistent state. Isolated –Transactions execute independently of one another. –Database changes not revealed to users until after transaction has completed Durable –Database changes are permanent and must not be lost.

Oracle Table Lock 1. When DML commands are issued, Oracle implicitly places a shared lock on rows being affected, so no other user can change the same rows. When DDL commands are issued, Oracle implicitly places an exclusive lock on the table. 2. A user can explicitly lock a table by a LOCK TABLE command: –LOCK TABLE tablename IN SHARE MODE; –LOCK TABLE tablename IN EXCLUSIVE MODE; Note: Lock will be released when the user issues a ROLLBACK or COMMIT command, or when the user exits the system.

SELECT … FOR UPDATE Example: –SELECT * FROM Employee –WHERE EID=‘E5’ –FOR UPDATE; This command places a shared lock on selected records and let the user to view the records when it is anticipated that they will need to update. The lock is released after a UPDATE command is used or by a ROLLBACK or COMMIT command.

Oracle SQL Commit Autocommit –On –Off Rollback Commit

Log File (Journal) A file that contains all information about all updates to the database. It may contain the following data: –Transaction records: Transaction ID Type of action: –Begin, Insert,Delete, Modify, Commit, Rollback, End Before-image After-image –Checkpoint records The point of synchronization between the database and the transaction log file.

To Recover In the event of a failure, examine the log starting from the most recent checkpoint record. Any transaction with Transaction Start and Transaction Commit records should be redone: –Perform all the writes to the database using the after-image log records in the order in which they were written to the log.

Database Security

Threats to Data Security Accidental losses attributable to: –People Users: using another person’s means of access, viewing unauthorized data, introduction of viruses Programmers/Operators Database administrator: Inadequate security policy –Software failure DBMS: security mechanism, privilege Application software: program alteration –Hardware failure Theft and fraud Improper data access: –Loss of privacy (personal data) –Loss of confidentiality (corporate data) Loss of data integrity Loss of availability (through, e.g. sabotage)

Countermeasures to Threats Authorization –Authentication Access controls: privileges Database views BackUp and Recovery Enforcing integrity rules Encryption –Symmetric encryption: use same key for encryption and decryption –Asymmetric encryption: Public key: for encryption Private key: decryption RAID

Authorization Rules Controls incorporated in the data management system  Restrict: –access to data –actions that people can take on data  Authorization matrix for: –Subjects –Objects –Actions –Constraints

Figure 12-5 Authorization matrix

SQL Injection "SQL Injection" is an unverified/unsanitized user input vulnerability, and the idea is to convince the application to run SQL code that was not intended. Exploits applications that use external input for database commands.

SQL Injection Demo On a web page that takes customer ID entered in a textbox as input, then displays the customer’s data. 1. Retrieve all records:In the textbox, enter: ‘ OR 1=1 OR CID = ‘ 2. Guess table name or field name: ‘ AND 1=(SELECT COUNT(*) FROM Orders) AND CID=‘ 3. Finding some users: ' or cname like 'S%' or cid=‘ SQLInjectionDemo

Demo Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click Dim strConn As String = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source = c:\salesDB.mdb" Dim objConn As New OleDbConnection(strConn) Dim strSQL As String = "select * from customer where cid = '" & TextBox1.Text & "'" Dim objComm As New OleDbCommand(strSQL, objConn) Try objConn.Open() Dim objDataReader As OleDbDataReader objDataReader = objComm.ExecuteReader() GridView1.DataSource = objDataReader GridView1.DataBind() Catch except As SystemException Response.Write(except.Message) End Try End Sub