https://moodle.cs.ubbcluj.ro/pluginfile.php/50142/mod_resource/content/1/DBMSs_Lecture6.pdf

Database protection

Security

• protecting the data against unauthorized users (who may want to read, modify, destroy the data)

  i.e. users have the right to do what they are trying to do

Aspects related to security

• legal, ethical aspects
  • certain rules are being broken
  • e.g. a person searches for a password or accidentally finds a password and uses it
• physical controls
  • e.g. the computer room is locked (or guarded)
• software controls
  • files are protected (unauthorized access is not allowed)
  • there are no programs intercepting the actions of authorized users
  • operational problems
  • if a password mechanism is used, how are the passwords kept secret and how often should a user change his / her password?

Integrity

• protecting the data against unauthorized users
• i.e. the operations that users are trying to execute are correct
• the consistency of the database must be maintained at all times

Similarities

• the system enforces certain constraints (users cannot violate these constraints)
• security constraints, integrity constraints
• constraints are:

  • specified in a declarative language

  • saved in the system catalog

    e.g. primary key constraint, specified in SQL and saved in the system catalog

    (retrieving info about PK constraints in SQL Server: SELECT * FROM sys.objects WHERE type = 'PK')

  • the system monitors users' actions to enforce the specified constraints e.g. INSERT, UPDATE statements cannot violate a PK constraint

DBMS’s authorization subsystem (security subsystem)

• checks any given access request against the applicable constraints

Access request