Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Lecture 14: Midterm Review Security Friday, February 4, 2005.

Similar presentations


Presentation on theme: "1 Lecture 14: Midterm Review Security Friday, February 4, 2005."— Presentation transcript:

1 1 Lecture 14: Midterm Review Security Friday, February 4, 2005

2 2 Outline Midterm review SQL Security – 8.7 SQL Injection

3 3 Midterm Monday, 11:30, this room (in class) –50’ Open book –Notes, notebooks, anything –No computers

4 4 Midterm SQL E/R Diagrams Functional Dependencies Recovery from crashes

5 5 Midterm How to prepare: Read lecture notes Read from the textbook Review the homeworks Make sure you understand

6 6 Discretionary Access Control in SQL GRANT privileges ON object TO users [WITH GRANT OPTIONS] privileges = SELECT | INSERT(column-name) | UPDATE(column-name) | DELETE | REFERENCES(column-name) object = table | attribute

7 7 Examples GRANT INSERT, DELETE ON Customers TO Yuppy WITH GRANT OPTIONS Queries allowed to Yuppy: Queries denied to Yuppy: INSERT INTO Customers(cid, name, address) VALUES(32940, ‘Joe Blow’, ‘Seattle’) DELETE Customers WHERE LastPurchaseDate < 1995 INSERT INTO Customers(cid, name, address) VALUES(32940, ‘Joe Blow’, ‘Seattle’) DELETE Customers WHERE LastPurchaseDate < 1995 SELECT Customer.address FROM Customer WHERE name = ‘Joe Blow’ SELECT Customer.address FROM Customer WHERE name = ‘Joe Blow’

8 8 Examples GRANT SELECT ON Customers TO Michael Now Michael can SELECT, but not INSERT or DELETE

9 9 Examples GRANT SELECT ON Customers TO Michael WITH GRANT OPTIONS Michael can say this: GRANT SELECT ON Customers TO Yuppi Now Yuppi can SELECT on Customers

10 10 Examples GRANT UPDATE (price) ON Product TO Leah Leah can update, but only Product.price, but not (say) Product.name

11 11 Examples GRANT REFERENCES (cid) ON Customer TO Bill Customer(cid, name, address, …..) Orders(..., cid, …) cid=foreign key Now Bill can INSERT tuples into Orders Bill has INSERT/UPDATE rights to Orders. BUT HE CAN’T INSERT ! (why ?)

12 12 Views and Security David has SELECT rights on table Customers John is a debt collector: should see the delinquent customers only: David says: CREATE VIEW DelinquentCustomers SELECT * FROM Customers WHERE balance < -1000 GRANT SELECT ON DelinquentCustomers TO John David says: CREATE VIEW DelinquentCustomers SELECT * FROM Customers WHERE balance < -1000 GRANT SELECT ON DelinquentCustomers TO John Views are an important security mechanism

13 13 Revokation REVOKE [GRANT OPTION FOR] privileges ON object FROM users { RESTRICT | CASCADE } Administrator says: REVOKE SELECT ON Customers FROM David CASCADE John loses SELECT privileges on DelinquentCustomers

14 14 Revocation Joe: GRANT [….] TO Art … Art: GRANT [….] TO Bob … Bob: GRANT [….] TO Art … Joe: GRANT [….] TO Cal … Cal: GRANT [….] TO Bob … Joe: REVOKE [….] FROM Art CASCADE Same privilege, same object, GRANT OPTION What happens ??

15 15 Revocation Admin JoeArt CalBob 0 1 2 3 4 5 Revoke According to SQL everyone keeps the privilege

16 16 Search claims by: SQL Injection Your health insurance company lets you see the claims online: Now search through the claims : Dr. Lee First login: User: Password: fred ******** SELECT…FROM…WHERE doctor=‘Dr. Lee’ and patientID=‘fred’ [Chris Anley, Advanced SQL Injection In SQL]

17 17 SQL Injection Now try this: Search claims by: Dr. Lee’ OR patientID = ‘suciu’; -- Better: Search claims by: Dr. Lee’ OR 1 = 1; -- …..WHERE doctor=‘Dr. Lee’ OR patientID=‘suciu’; --’ and patientID=‘fred’

18 18 SQL Injection When you’re done, do this: Search claims by: Dr. Lee’; DROP TABLE Patients; --

19 19 SQL Injection The DBMS works perfectly. So why is SQL injection possible so often ? Quick answer: –Poor programming: use stored procedures ! Deeper answer: –Move policy implementation from apps to DB


Download ppt "1 Lecture 14: Midterm Review Security Friday, February 4, 2005."

Similar presentations


Ads by Google