7/31/2019 Database Memo

1/3

Introduction

Databases have permeated the information systems in business installations over the

years.

As the size and complexity of data has increased, companies have increasingly chosen

to switch from flat file storage to relational databases to better and more efficiently

organize their data. There are many advantages to databases some of which arereduction in data redundancy, increased data consistency, more data integrity and

increase in data security.

Relational database systems use an English like Structured Query Language for data

storage and retrieval .SQL allows for flexibility in data retrieval which was not

available in using application programs for retrieving data from file based storage.

While database systems are inherently more secure than flat file based systems, with

the increasing amount of data being stored in databases ,crackers are finding new

vulnerabilities and exploits to crack into databases and steal sensitive information

.Therefore ,there is also an urgent need to secure databases and fix security loopholes.

Oracle Database:Oracle Database is an object -relational database that is used in Enterprise

installations .It relies on a group of background processes running simultaneously and

cooperating together to implement database operations.

It is the first database designed for the purpose of enterprise grid computing and is

one of the most flexible and cost effective way to manage information and

applications.

The server side memory structure of an Oracle database is known as System Global

Area. It typically holds cache information such as SQL query data and data buffers.

Storage in The Oracle database is handled in the form of table spaces logically and in

the form of data files physically.

The default Oracle database schema is called SCOTT.

Security in the Oracle database -Security in the Oracle database is handled by

controlling simultaneous access to data resources through locks. Oracle DB also uses

latches to protect shared resources in the system global area.

It is a fairly secure database option since it supports the following options-Virtual

Private Database support, Fine-grained Auditing support for DML Uniform Audit

Trail.

The new version of Oracle also comes with a PL/SQL Encryption package called

DBMS_CRYPTO (Oracle Database Security Guide,Oracle)

IBM DB2

IBM DB2 is the database solution by IBM. Its first version came out in 1983 for the

MVS Mainframe platform. It follows Oracle database closely as the second most

preferred enterprise database solution. DB2 has innovated constantly and has many

salient features that differentiates it from its competitors, these are-greater

concurrency for data management ,access and definition.

Improved security and very fine grained data auditing capabilities, pure XML and

SQL enhancement

s and optimizations to offer faster data access and simplify portability.

Security in IBM DB2

7/31/2019 Database Memo

2/3

IBM DB2 also offers many features to fine tune security so that enterprise users can

store data and operate in a secure environment.

It offers the following security features-

Authentication-Before opening DB2 instance users must authenticate via a LDAB

server or via Kerberos.

Authorization-It is the process of verifying whether the user has the privilege andauthorization to perform certain operations on the database.

Trusted Contexts-This addresses security concerns in a three tier application model.

Auditing- Auditing allows the administrator to monitor data access and provides

options for data analysis and for tracing he data flow.(DB2 Security, IBM)

Microsoft Access:

Microsoft Access is a basic database that is designed for basic database purposes.

It has a GUI based record insertion, deletion and querying.

It is based on Microsoft's Jet database engine and can import data stored in other

databases directly into it.

Access can also be used as a front end with other more robust database servers suchas Microsoft SQL Server acting on the backend.

Security in Microsoft Access:

Microsoft Access supports the following security operations.

Database Encryption-Encryption compacts the database file and makes it inaccessible

to utility programs and disallows casual users from accessing it.

Database password Using a password enables users to provide access level security to

their data.

Setting a Module password-Standard modules or class modules can be protected using

a module password.

Using MDE file-A database file can be converted to an MDE file to prevent

unauthorized access to it.(Exploring Microsoft Access Security, July 2002)

Conclusion:Security can be a big factor when choosing between database products and in a

database there always needs to be a tradeoff between security and performance.

When only lightweight data needs to be supported a lightweight database such as

Microsoft Access can be used.

Those databases provide basic security mechanisms.

However when a database needs to be designed for an enterprise system a more

robust database such as Oracle or DB2 needs to be used.Although database software plays a large role in how secure a database is, it is the

users who need to be educated about database security in order to prevent the

database from being accidentally or purposefully compromised.

Reference:

IBM DB2 9.5 Information Center for Linux, UNIX, and Windows. (n.d.).IBM

Support Portal: Support home. Retrieved July 1, 2012, from

http://publib.boulder.ibm.com/infocenter/db2luw/v9r5/index.jsp?topic=%2Fc

7/31/2019 Database Memo

3/3

om.ibm.db2.luw.admin.sec.doc%2Fdoc%2Fc0021804.html

Ibm Db2 Security Primer. (n.d.). Welcome to SecurityTube.net. Retrieved July 1,

2012, from http://www.securitytube.net/video/966

Introduction to the Oracle Database. (n.d.). Oracle Documentation. Retrieved July 1,

2012, from

http://docs.oracle.com/cd/B19306_01/server.102/b14220/intro.htm

Keeping Your Oracle Database Secure. (n.d.). Oracle Documentation. Retrieved July

1, 2012, from

http://docs.oracle.com/cd/B28359_01/network.111/b28531/guidelines.htm

Rice, F. (n.d.). Exploring Microsoft Access Security.MSDN Explore Windows,

Web, Cloud, and Windows Phone Software Development. Retrieved July 1,

2012, from http://msdn.microsoft.com/en-

us/library/aa139961(v=office.10).aspx

Strategic Benefit Solutions- Database Security. (n.d.). Strategic Benefit Solutions-

Partnering With Employers. Retrieved July 1, 2012, from

http://www.benefitscom.com/security.htm