Copyright ©2014 Pearson Education, Inc. Chapter 8 Is it Secure? Chapter8.1.

Slides:



Advertisements
Similar presentations
IT203 Unit 8: Database Security I Is It Secure? Copyright © 2012 Pearson Education, Inc. Publishing as Prentice HallChapter8.1.
Advertisements

IT203 Unit 9: Database Security II Is It Secure? Copyright © 2012 Pearson Education, Inc. Publishing as Prentice HallChapter8.1.
With Microsoft Access 2010© 2011 Pearson Education, Inc. Publishing as Prentice Hall1 PowerPoint Presentation to Accompany GO! with Microsoft ® Access.
With Microsoft Access 2010© 2011 Pearson Education, Inc. Publishing as Prentice Hall1 PowerPoint Presentation to Accompany GO! with Microsoft ® Access.
With Microsoft Excel 2010 © 2011 Pearson Education, Inc. Publishing as Prentice Hall1 PowerPoint Presentation to Accompany GO! with Microsoft ® Excel 2010.
Understand Database Security Concepts
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
By Mary Anne Poatsy, Keith Mulbery, Eric Cameron, Jason Davidson, Rebecca Lawson, Linda Lau, Jerri Williams Chapter 9 Fine-Tuning the Database 1 Copyright.
David M. Kroenke and David J. Auer Database Processing: F undamentals, Design, and Implementation Chapter Ten: Managing Databases with SQL Server 2008.
With Microsoft ® Office 2010© 2011 Pearson Education, Inc. Publishing as Prentice Hall1 PowerPoint Presentation to Accompany GO! with Microsoft ® Office.
6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Your Interactive Guide to the Digital World Discovering Computers 2012 Chapter 10 Managing a Database.
Fundamentals, Design, and Implementation, 9/e Chapter 11 Managing Databases with SQL Server 2000.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Chapter 12 File Management Systems
Getting Started Chapter One DAVID M. KROENKE and DAVID J. AUER DATABASE CONCEPTS, 5 th Edition.
Getting Started with Microsoft SQL Server 2012 Express Edition Appendix A DAVID M. KROENKE and DAVID J. AUER DATABASE CONCEPTS, 6 th Edition.
Chapter 7 Managing Data Sources. ASP.NET 2.0, Third Edition2.
Copyright ©2014 Pearson Education, Inc. Chapter 3 Requirements and Business Rules Chapter3.1.
Getting Started with Oracle Database 11g Release 2 Express Edition Appendix B DAVID M. KROENKE and DAVID J. AUER DATABASE CONCEPTS, 6 th Edition.
Overview What is SQL Server? Creating databases Administration Security Backup.
Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall.
Getting Started Chapter One DAVID M. KROENKE and DAVID J. AUER DATABASE CONCEPTS, 6 th Edition.
© 2013 Pearson Education, Inc. Publishing as Prentice Hall 1 CHAPTER 11: DATA AND DATABASE ADMINISTRATION Modern Database Management 11 th Edition Jeffrey.
1 Chapter 12 File Management Systems. 2 Systems Architecture Chapter 12.
Objectives Overview Define the term, database, and explain how a database interacts with data and information Define the term, data integrity, and describe.
Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall 1 Committed to Shaping the Next Generation of IT Experts. Chapter 1: Finding Your.
Technology in Action Alan Evans Kendall Martin Mary Anne Poatsy Twelfth Edition.
Security, Transactions, and Views. Security Achieved through GRANT & REVOKE Assumes the database can recognize its users and verify their identity can.
Database Technical Session By: Prof. Adarsh Patel.
INSERT BOOK COVER 1Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall. Exploring Microsoft Office Excel 2010 by Robert Grauer, Keith.
Technology in Action Alan Evans Kendall Martin Mary Anne Poatsy Twelfth Edition.
1Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall. Exploring Microsoft Access 2010 by Robert Grauer, Keith Mast, Mary Anne Poatsy Chapter.
INSERT BOOK COVER 1Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall. Exploring Microsoft Office Access 2010 by Robert Grauer, Keith.
The protection of the DB against intentional or unintentional threats using computer-based or non- computer-based controls. Database Security – Part 2.
Discovering Computers Fundamentals Fifth Edition Chapter 9 Database Management.
Mark A. Magumba Storage Management. What is storage An electronic place where computer may store data and instructions for retrieval The objective of.
Controlling User Access. Objectives After completing this lesson, you should be able to do the following: Create users Create roles to ease setup and.
Copyright © 2013 Curt Hill Database Security An Overview with some SQL.
Security, Transactions, and Views. About Security As is the case in most shared environments, the DBMS also must implement a security mechanism that allows.
1 Principles of Database Systems With Internet and Java Applications Today’s Topic Chapter 15: Reliability and Security in Database Servers Instructor’s.
Getting Started Chapter One DAVID M. KROENKE and DAVID J. AUER DATABASE CONCEPTS, 4 th Edition.
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
INSERT BOOK COVER 1Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall. Exploring Getting Started with VBA for Microsoft Office 2010 by.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
1 Chapter 9 Database Management. Objectives Overview Define the term, database, and explain how a database interacts with data and information Describe.
Chapter 15: Reliability and Security in Database Servers Neyha Amar CS 157B May 6, 2008.
Chapter 3 Requirements and Business Rules Copyright © 2012 Pearson Education, Inc. Publishing as Prentice HallChapter3.1.
SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.
Oracle 11g: SQL Chapter 7 User Creation and Management.
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
Backup and Recovery - II - Checkpoint - Transaction log – active portion - Database Recovery.
© 2013 Pearson Education, Inc. Publishing as Prentice Hall1 with Microsoft ® Office for Mac 2011 Common Features Using the Common Features of Microsoft.
David M. Kroenke and David J. Auer Database Processing: Fundamentals, Design, and Implementation Chapter Ten: Managing Databases with SQL Server 2012,
In this session, you will learn to: Create and manage views Implement a full-text search Implement batches Objectives.
7.5 Using Stored-Procedure and Triggers NAME MATRIC NUM GROUP Muhammad Azwan Bin Khairul Anwar CS2305A Muhammad Faiz Bin Badrol Shah CS2305B.
Administrating a Database
Controlling User Access
Database Administration
Exploring Microsoft Office Access 2007
Database Security.
Database Security.
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
PT2520 Unit 9: Database Security II
PT2520 Unit 8: Database Security I
Getting Started Chapter One DATABASE CONCEPTS, 5th Edition
Chapter 11 Managing Databases with SQL Server 2000
Getting Started Chapter One DATABASE CONCEPTS, 4th Edition
Administrating a Database
Presentation transcript:

Copyright ©2014 Pearson Education, Inc. Chapter 8 Is it Secure? Chapter8.1

Copyright ©2014 Pearson Education, Inc. Overview Security is essential for any database that will be put into production. One way to begin thinking about security is to look at two terms: Authentication Authorization Chapter8.2

Copyright ©2014 Pearson Education, Inc. Authentication Authentication is the process of determining if the person is, in fact, who he or she claims to be. This can be done in a variety of ways: Login name and password Certificate Biometrics Chapter8.3

Copyright ©2014 Pearson Education, Inc. Authorization Authorization is about “authorizing” a user to do things in the database. It involves setting permissions on objects and data. Chapter8.4

Copyright ©2014 Pearson Education, Inc. SQL Server Authentication SQL Server has two primary ways of authenticating users: Windows authentication SQL Server authentication Chapter8.5

Copyright ©2014 Pearson Education, Inc. Windows Authentication In Windows Authentication, a windows or Active Directory account is mapped to an SQL Server Account. The user logs into their Windows machine and accesses the SQL Server through this account. This is the preferred method of authentication. Chapter8.6

Copyright ©2014 Pearson Education, Inc. SQL Server Authentication In SQL Server or mixed authentication, a user is given a login name and a password for logging into the server. This is useful in environments where not every user has a Windows account. Chapter8.7

Copyright ©2014 Pearson Education, Inc. Example: Creating an SQL Server Login CREATE LOGIN StudentLogIn WITH DEFAULT_DATABASE=TutorManagement Chapter8.8

Copyright ©2014 Pearson Education, Inc. Roles Roles are collections of permissions. Rather than try to assign and maintain individual user permissions, users can be assigned to a role that provides a common set of permissions. Roles provide a much more efficient and maintainable way of controlling user access to the database. New roles can be created as needed and SQL Server provides a set of built-in roles. Chapter8.9

Copyright ©2014 Pearson Education, Inc. Table of Built-in Roles Database RoleDescription db_accessadminCan ALTER any User and create Schema db_backupoperatorGrants the user to back up and restore the particular database db_datareaderGrants the user SELECT on all Tables and Views in the database db_datawriterGrants the user INSERT, UPDATE, and DELETE permissions on all Tables and Views db_ddladminGrants the ability to CREATE or ALTER any database object db_denydatareaderDenies SELECT on all Tables and Views db_denydatawriterDenies INSERT,UPDATE, and DELETE on all Tables and Views db_ownerGrants ownership and full permissions on all database objects db_securityadminGranted the ability to ALTER roles and CREATE Schema publicGrants access to database but by default has no permissions on any objects. Every user is a member of public as well as any other roles. The public role cannot be removed. Chapter8.10

Copyright ©2014 Pearson Education, Inc. Example: Creating a Role USE TutorManagement Go CREATE ROLE StudentRole Chapter8.11

Copyright ©2014 Pearson Education, Inc. Schema Schema can be used to achieve results similar to roles. However, a role is a collection of permissions; a schema is a collection of objects owned by a schema. A user can be assigned to a schema and then assigned permissions on schema objects. When they log in, they will only see the objects in their schema. Chapter8.12

Copyright ©2014 Pearson Education, Inc. Analyzing Security Needs One way to analyze the security needs of a database is to look at security requirements of each type of database user. You can analyze those needs in terms of specific permissions on tables and objects. Chapter8.13

Copyright ©2014 Pearson Education, Inc. Analysis Example Table nameSELECTINSERTUPDATEDELETEConstraints Student TutorX A public subset of tutor info CourseX StudentCourse Ethnicity SessionXX* *Only for own sessions RequestX RequestNoteX Chapter8.14

Copyright ©2014 Pearson Education, Inc. Threat Analysis Threat analysis involves identifying all the ways a database can be harmed and then finding strategies to mitigate those threats. Databases can also be damaged by accidental actions. Analyzing threats is a complex and ongoing task. Chapter8.15

Copyright ©2014 Pearson Education, Inc. Threat Analysis Example RoleStudent ThreatDescription SELECTSee private information of other students INSERTFalse or inaccurate information in Student table UPDATE False or inaccurate information in the Session table, removing other students from scheduled sessions DELETE Chapter8.16

Copyright ©2014 Pearson Education, Inc. Disaster Recovery Disaster recovery means planning for the worst. Disasters can be manmade, such as an attack by a hacker or a major mistake by an administrator. Disasters can also be natural. Fires, floods, and earthquakes can destroy data. Chapter8.17

Copyright ©2014 Pearson Education, Inc. Disaster Recovery Plan A disaster recovery plan is a plan for how to recover data and its availability after various possible disasters. A disaster recovery plan consists of policies and procedures for disaster prevention and recovery. Chapter8.18

Copyright ©2014 Pearson Education, Inc. Policies Policies are rules for how to do things. For instance, a business could have a rule that all databases are backed up twice a day. Another policy could be that all backups are kept off-site in some secure place. Chapter8.19

Copyright ©2014 Pearson Education, Inc. Procedures Procedures are step-by-step instructions for how to do things. In a disaster plan procedures are the step-by-step instructions for implementing a policy. Chapter8.20

Copyright ©2014 Pearson Education, Inc. Backup Procedure Example We will maintain 4 portable hard drives. Each morning retrieve the two drives with the oldest backup date. Perform a full database backup to one of the drives at 11:00 AM. Back up the log files to the hard drive. Record the current date and time of the backup on the hard disk. Send an employee to deposit the hard drive in a safety deposit box at Westlake Security Co. At closing, around 5:00 PM, do a full backup to the second hard disk. Back up the log files to the hard disk. Record the date and time on the hard disk. Send an employee to deposit the hard drive in a safety deposit box at Westlake Security Co. (Westlake is open until 7). If Westlake is closed, the employee is to take the disk home and deposit it when he or she picks up the drives the next work day. Chapter8.21

Copyright ©2014 Pearson Education, Inc. Finding Solutions Implementing effective security measures can be very complex. You can use a mixture of schema roles and permissions. One approach is to build a layer of views and stored procedures to manage all user access. Chapter8.22

Copyright ©2014 Pearson Education, Inc. Views Views are essential stored queries. Ideally, each view corresponds to a particular “view” that a user has of the data. Views can be used to hide the underlying structure of the database. Views are accessed just like tables. Chapter8.23

Copyright ©2014 Pearson Education, Inc. Syntax for a View CREATE VIEW AS Chapter8.24

Copyright ©2014 Pearson Education, Inc. View Example CREATE VIEW vw_Sessions AS SELECT TutorLastName AS [Tutor], StudentKey AS [Student], SessionDateKey AS [Date], SessionTimeKey AS [Time], CourseKey AS [Course] FROM Tutor t INNER JOIN [Session] s ON t.TutorKey=s.TutorKey WHERE SessionDateKey >=GetDate() Chapter8.25

Copyright ©2014 Pearson Education, Inc. Stored Procedures Stored procedures consist of one or more SQL commands. They can take parameters from the user. They allow all the commands to be executed as a unit. They allow error checking and validation to help ensure a safe transaction. Chapter8.26

Copyright ©2014 Pearson Education, Inc. Stored Procedure Syntax CREATE PROC AS Chapter8.27

Copyright ©2014 Pearson Education, Inc. Stored Procedure Example CREATE PROCEDURE nchar(10) AS IF EXISTS (SELECT * FROM student WHERE BEGIN SELECT studentLastName FROM Student WHERE END Chapter8.28

Copyright ©2014 Pearson Education, Inc. A Few Stored Procedure Notes The following slides discuss a few of the features of stored procedures, specifically: Parameters Variables If/else and blocks Transactions and try/catch blocks Chapter8.29

Copyright ©2014 Pearson Education, Inc. Parameters A parameter is a value passed to the stored procedure from the user. Parameters are listed after the CREATE Statement and before the AS. All parameters start with symbol and must be given a data nchar(10) Chapter8.30

Copyright ©2014 Pearson Education, Inc. Variables Variables are declared after the AS keyword and must be assigned values internally. Variables are declared with the DECLARE keyword. Variables can be assigned values with the SET or SELECT keywords. Chapter8.31

Copyright ©2014 Pearson Education, Inc. Variable Examples NCHAR(10) FROM [Session] WHERE AND Date Chapter8.32

Copyright ©2014 Pearson Education, Inc. IF ELSE BEGIN END It is possible to select among possibilities by using the IF and ELSE keywords. IF sets up the condition and what to do if the condition is true. ELSE describes what to do if the condition is false. BEGIN is used to mark the start of an IF or ELSE block. END is used to mark the end of the block. Chapter8.33

Copyright ©2014 Pearson Education, Inc. If Example IF EXISTS (SELECT * FROM student WHERE BEGIN SELECT studentLastName FROM Student WHERE END Chapter8.34

Copyright ©2014 Pearson Education, Inc. TRY CATCH TRANS TRY CATCH blocks can be used with transactions to catch any errors. The TRY tests the code for errors. If there are no errors the statements are committed to the database. If there are errors, the execution will go to the CATCH block and roll back the transaction. Chapter8.35

Copyright ©2014 Pearson Education, Inc. TRY CATCH Example BEGIN TRAN BEGIN TRY UPDATE [Session] SET WHERE AND COMMIT TRAN END TRY BEGIN CATCH ROLLBACK TRAN END CATCH Chapter8.36

Copyright ©2014 Pearson Education, Inc. Big Data Big data refers to the recent attempts to utilize extremely large stores of data, often of Exabyte scale, to glean as much information as possible about current trends. Big data often uses mixed structured and unstructured data, traditional databases, and also things like social media, s, usage logs, etc. The tools for analyzing this data are still being developed, but big data is becoming more and more important as we go forward. Chapter8.37

Copyright ©2014 Pearson Education, Inc. Documentation It is crucial to document the security setup. Authentication types and policies should be spelled out. All roles and schema should be described. All stored procedures and views should be described. Disaster plans and all policies and procedures should be documented and readily available. Chapter8.38

Copyright ©2014 Pearson Education, Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. Printed in the United States of America. Chapter8.39

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.