IMS 4212: Database Security 1 Dr. Lawrence West, Management Dept., University of Central Florida Data & Database Administration Security Overview Physical Protection Network Protection Permissions Management Views as a Security Tool
IMS 4212: Database Security 2 Dr. Lawrence West, Management Dept., University of Central Florida Database Security Database security is the management of risks and tradeoffs –The risk of a loss Destruction of data Theft of data Privacy issues (including legal liability) Database corruption Loss of availability –The cost of data security efforts
IMS 4212: Database Security 3 Dr. Lawrence West, Management Dept., University of Central Florida Database Security (cont.) Name some database security measures and their costs What sorts of risks to they protect against?
IMS 4212: Database Security 4 Dr. Lawrence West, Management Dept., University of Central Florida Security Action Categories Physical Protection Access Protection Protection in Transit Loss Prevention –Backup and Recovery plans covered next week
IMS 4212: Database Security 5 Dr. Lawrence West, Management Dept., University of Central Florida Physical Protection Don’t forget the step of physically protecting access to your equipment and data Lock the door! Be aware of portable copies of data, who has them, where they are –Recent news stories
IMS 4212: Database Security 6 Dr. Lawrence West, Management Dept., University of Central Florida Network Protection Use appropriate network access protections to guard against hacking into the network Be aware of security threats –Weaknesses in the operating system –Database vulnerabilities –Application vulnerabilities Expert consultation is desirable
IMS 4212: Database Security 7 Dr. Lawrence West, Management Dept., University of Central Florida Authorization Rules or Permissions Authorization rules are permissions to perform certain actions on the database –Allow a user to view, edit, or add records to a table –Permissions are granted to Individuals Groups –Permissions are granted on Entire database Distinct objects (tables, views, indexes, etc.) Specific columns or rows
IMS 4212: Database Security 8 Dr. Lawrence West, Management Dept., University of Central Florida Permissions DBA is usually granted authority to do anything in the database DBA may GRANT or REVOKE permissions to other users –May include permission to grant or revoke permission to others Users may be assigned to a group and permissions granted to a group Applications usually have security privileges established by the userid used in the connection string Application must have appropriate permissions
IMS 4212: Database Security 9 Dr. Lawrence West, Management Dept., University of Central Florida Views as a Security Tool Views are query definitions stored in the DB A security measure may be to grant the user permission on the view but not to the underlying tables WHERE clauses in the view definition query can restrict rows Field list in the SELECT clause can restrict columns Views may be used like any other table in the DB See discussion of other security measures –Encryption, authentication