Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT203 Unit 9: Database Security II Is It Secure? Copyright © 2012 Pearson Education, Inc. Publishing as Prentice HallChapter8.1.

Published byHailey Cahill Modified over 11 years ago

Similar presentations

Presentation on theme: "IT203 Unit 9: Database Security II Is It Secure? Copyright © 2012 Pearson Education, Inc. Publishing as Prentice HallChapter8.1."— Presentation transcript:

1 IT203 Unit 9: Database Security II Is It Secure? Copyright © 2012 Pearson Education, Inc. Publishing as Prentice HallChapter8.1

2 Analyzing Security Needs One way to analyze the security needs of a database is to look at the security requirements of each type of database user. You can analyze those needs in terms of specific permissions on tables and objects. Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.2

3 Analysis Example Table nameSELECTINSERTUPDATEDELETEConstraints Student TutorX A public subset of tutor info CourseX StudentCourse Ethnicity SessionXX* *Only for own sessions RequestX RequestNoteX Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.3

4 Threat Analysis Threat analysis involves identifying all the ways a database can be harmed and then finding strategies to mitigate those threats. Databases can also be damaged by accidental actions. Analyzing threats is a complex and ongoing task. Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.4

5 Threat Analysis Example RoleStudent ThreatDescription SELECTSee private information of other students INSERTFalse or inaccurate information in Student table UPDATE False or inaccurate information in the Session table, removing other students from scheduled sessions DELETE-- Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.5

6 Disaster Recovery Disaster recovery means planning for the worst. Disasters can be manmade, such as an attack by a hacker, or a major mistake by an administrator. Disasters can also be natural. Fires, floods, and earthquakes can destroy data. Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.6

7 Disaster Recovery Plan A disaster recovery plan is a plan for how to recover data and its availability after various possible disasters. A disaster recovery plan consists of policies and procedures for disaster prevention and recovery. Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.7

8 Policies Policies are rules for how to do things. For instance, a business could have a rule that all databases are backed up twice a day. Another policy could be that all backups are kept off site in some secure place. Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.8

9 Procedures Procedures are step-by-step instructions for how to do things. In a disaster plan, procedures are the step-by-step instructions for implementing a policy. Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.9

10 Backup Procedure Example Maintain four portable hard drives. Each morning, retrieve the two drives with the oldest backup date. Perform a full database backup to one of the drives at 11:00 AM. Backup the log files to the hard drive. Record the current date and time of the backup on the hard disk. Send an employee to deposit the hard drive in a safety deposit box at Westlake Security Co. At closing, around 5:00 PM, do a full backup to the second hard disk. Back up the log files to the hard disk. Record the date and time on the hard disk. Send an employee to deposit the hard drive in a safety deposit box at Westlake Security Co. (Westlake is open until 7 PM.) If Westlake is closed the employee is to take the disk home and deposit it when he or she drives in to work the next work day. Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.10

11 Finding Solutions Implementing effective security measures can be very complex. You can use a mixture of schema roles and permissions. One approach is to build a layer of views and stored procedures to manage all user access. Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.11

12 Views Views are essentially stored queries. Ideally, each view corresponds to a particular view that a user has of the data. Views can be used to hide the underlying structure of the database. Views are accessed just like tables. Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.12

13 Syntax for a View CREATE VIEW AS Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.13

14 View Example CREATE VIEW vw_Sessions AS SELECT TutorLastName AS [Tutor], StudentKey AS [Student], SessionDateKey AS [Date], SessionTimeKey AS [Time], CourseKey AS [Course] FROM Tutor t INNER JOIN [Session] s ON t.TutorKey=s.TutorKey WHERE SessionDateKey >=GetDate() Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.14

15 Stored Procedures Stored procedures consist of one or more SQL commands. They can take parameters from the user. They allow all the commands to be executed as a unit. They allow error checking and validation to help ensure a safe transaction. Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.15

16 Stored Procedure Syntax CREATE PROC AS Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.16

17 Stored Procedure Example CREATE PROCEDURE usp_StudentLogIn @studentKey nchar(10) AS IF EXISTS (SELECT * FROM student WHERE studentKey=@studentKey) BEGIN SELECT studentLastName FROM Student WHERE Studentkey=@studentKey END Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.17

18 A Few Stored Procedure Notes The following slides discuss a few of the features of stored procedures, specifically: – Parameters – Variables – If/else and blocks – Transactions and try/catch blocks Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.18

19 Parameters A parameter is a value passed to the stored procedure from the user. Parameters are listed after the CREATE statement and before the AS. All parameters start with the @ symbol and must be given a data type: @studentKey nchar(10) Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.19

20 Variables Variables are declared after the AS keyword and must be assigned values internally. Variables are declared with the DECLARE keyword. Variables can be assigned values with the SET or SELECT keywords. Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.20

21 Variable Examples DECLARE @CourseKey NCHAR(10) SELECT @CourseKey=CourseKey FROM [Session] WHERE SessionDateKey=@SessionDateKey AND SessionTimeKey=@SessionTimeKey DECLARE @CurrentDate Date SET @CurrentDate=GetDate() Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.21

22 IF, ELSE, BEGIN, END It is possible to select among possibilities by using the IF and ELSE keywords. IF sets up the condition and what to do if the condition is true. ELSE describes what to do if the condition is false. BEGIN is used to mark the start of an IF or ELSE block. END is used to mark the end of the block. Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.22

23 If Example IF EXISTS (SELECT * FROM student WHERE studentKey=@studentKey) BEGIN SELECT studentLastName FROM Student WHERE Studentkey=@studentKey END Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.23

24 TRY CATCH TRANS TRY CATCH blocks can be used with transactions to catch any errors. The TRY tests the code for errors. If there are no errors, the statements are committed to the database. If there are errors, the execution will go to the CATCH block and roll back the transaction. Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.24

25 TRY CATCH Example BEGIN TRAN BEGIN TRY UPDATE [Session] SET StudentKey=@StudentKey WHERE SessionDateKey=@SessionDateKey AND SessionTimeKey=@SessionTimeKey COMMIT TRAN END TRY BEGIN CATCH ROLLBACK TRAN END CATCH Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.25

26 Documentation It is crucial to document the security setup. Authentication types and policies should be spelled out. All roles and schema should be described. All stored procedures and views should be described. Disaster plans and all policies and procedures should be documented and readily available. Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall Chapter8.26

27 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. Printed in the United States of America. Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

Download ppt "IT203 Unit 9: Database Security II Is It Secure? Copyright © 2012 Pearson Education, Inc. Publishing as Prentice HallChapter8.1."

Similar presentations

Chapter 1 The Study of Body Function Image PowerPoint

Chapter 1 The Study of Body Function Image PowerPoint
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.

1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
IT203 Unit 8: Database Security I Is It Secure? Copyright © 2012 Pearson Education, Inc. Publishing as Prentice HallChapter8.1.

IT203 Unit 8: Database Security I Is It Secure? Copyright © 2012 Pearson Education, Inc. Publishing as Prentice HallChapter8.1.
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
IT203 Unit 3: Database Design

IT203 Unit 3: Database Design
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.

Title Subtitle.
Statistics for Managers using Microsoft Excel 6th Edition

Statistics for Managers using Microsoft Excel 6th Edition
CHAPTER 8 The Buying Process and Buyer Behavior.

CHAPTER 8 The Buying Process and Buyer Behavior.
Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall. 5- 1 Chapter 5 The Voice of the Customer.

Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall Chapter 5 The Voice of the Customer.
The Office Procedures and Technology

The Office Procedures and Technology
Information Systems Today: Managing in the Digital World

Information Systems Today: Managing in the Digital World
ABC Technology Project

ABC Technology Project
INSERT BOOK COVER 1Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall. Exploring Microsoft Office Excel 2010 by Robert Grauer, Keith.

INSERT BOOK COVER 1Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall. Exploring Microsoft Office Excel 2010 by Robert Grauer, Keith.
Chapter 4 Database Design Chapter4.1 Copyright © 2014 Pearson Education Inc.

Chapter 4 Database Design Chapter4.1 Copyright © 2014 Pearson Education Inc.
15-1 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall Chapter 15 Money and Banking.

15-1 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall Chapter 15 Money and Banking.
The Revenue Cycle: Sales to Cash Collections

The Revenue Cycle: Sales to Cash Collections
© Copyright 1992-2004 by Deitel & Associates, Inc. and Pearson Education Inc. All Rights Reserved. 1 Tutorial 12 – Security Panel Application Introducing.

© Copyright by Deitel & Associates, Inc. and Pearson Education Inc. All Rights Reserved. 1 Tutorial 12 – Security Panel Application Introducing.

Similar presentations

Ads by Google