Upload
pritam-roy
View
219
Download
0
Embed Size (px)
Citation preview
7/31/2019 Database Memo
1/3
Introduction
Databases have permeated the information systems in business installations over the
years.
As the size and complexity of data has increased, companies have increasingly chosen
to switch from flat file storage to relational databases to better and more efficiently
organize their data. There are many advantages to databases some of which arereduction in data redundancy, increased data consistency, more data integrity and
increase in data security.
Relational database systems use an English like Structured Query Language for data
storage and retrieval .SQL allows for flexibility in data retrieval which was not
available in using application programs for retrieving data from file based storage.
While database systems are inherently more secure than flat file based systems, with
the increasing amount of data being stored in databases ,crackers are finding new
vulnerabilities and exploits to crack into databases and steal sensitive information
.Therefore ,there is also an urgent need to secure databases and fix security loopholes.
Oracle Database:Oracle Database is an object -relational database that is used in Enterprise
installations .It relies on a group of background processes running simultaneously and
cooperating together to implement database operations.
It is the first database designed for the purpose of enterprise grid computing and is
one of the most flexible and cost effective way to manage information and
applications.
The server side memory structure of an Oracle database is known as System Global
Area. It typically holds cache information such as SQL query data and data buffers.
Storage in The Oracle database is handled in the form of table spaces logically and in
the form of data files physically.
The default Oracle database schema is called SCOTT.
Security in the Oracle database -Security in the Oracle database is handled by
controlling simultaneous access to data resources through locks. Oracle DB also uses
latches to protect shared resources in the system global area.
It is a fairly secure database option since it supports the following options-Virtual
Private Database support, Fine-grained Auditing support for DML Uniform Audit
Trail.
The new version of Oracle also comes with a PL/SQL Encryption package called
DBMS_CRYPTO (Oracle Database Security Guide,Oracle)
IBM DB2
IBM DB2 is the database solution by IBM. Its first version came out in 1983 for the
MVS Mainframe platform. It follows Oracle database closely as the second most
preferred enterprise database solution. DB2 has innovated constantly and has many
salient features that differentiates it from its competitors, these are-greater
concurrency for data management ,access and definition.
Improved security and very fine grained data auditing capabilities, pure XML and
SQL enhancement
s and optimizations to offer faster data access and simplify portability.
Security in IBM DB2
7/31/2019 Database Memo
2/3
IBM DB2 also offers many features to fine tune security so that enterprise users can
store data and operate in a secure environment.
It offers the following security features-
Authentication-Before opening DB2 instance users must authenticate via a LDAB
server or via Kerberos.
Authorization-It is the process of verifying whether the user has the privilege andauthorization to perform certain operations on the database.
Trusted Contexts-This addresses security concerns in a three tier application model.
Auditing- Auditing allows the administrator to monitor data access and provides
options for data analysis and for tracing he data flow.(DB2 Security, IBM)
Microsoft Access:
Microsoft Access is a basic database that is designed for basic database purposes.
It has a GUI based record insertion, deletion and querying.
It is based on Microsoft's Jet database engine and can import data stored in other
databases directly into it.
Access can also be used as a front end with other more robust database servers suchas Microsoft SQL Server acting on the backend.
Security in Microsoft Access:
Microsoft Access supports the following security operations.
Database Encryption-Encryption compacts the database file and makes it inaccessible
to utility programs and disallows casual users from accessing it.
Database password Using a password enables users to provide access level security to
their data.
Setting a Module password-Standard modules or class modules can be protected using
a module password.
Using MDE file-A database file can be converted to an MDE file to prevent
unauthorized access to it.(Exploring Microsoft Access Security, July 2002)
Conclusion:Security can be a big factor when choosing between database products and in a
database there always needs to be a tradeoff between security and performance.
When only lightweight data needs to be supported a lightweight database such as
Microsoft Access can be used.
Those databases provide basic security mechanisms.
However when a database needs to be designed for an enterprise system a more
robust database such as Oracle or DB2 needs to be used.Although database software plays a large role in how secure a database is, it is the
users who need to be educated about database security in order to prevent the
database from being accidentally or purposefully compromised.
Reference:
IBM DB2 9.5 Information Center for Linux, UNIX, and Windows. (n.d.).IBM
Support Portal: Support home. Retrieved July 1, 2012, from
http://publib.boulder.ibm.com/infocenter/db2luw/v9r5/index.jsp?topic=%2Fc
7/31/2019 Database Memo
3/3
om.ibm.db2.luw.admin.sec.doc%2Fdoc%2Fc0021804.html
Ibm Db2 Security Primer. (n.d.). Welcome to SecurityTube.net. Retrieved July 1,
2012, from http://www.securitytube.net/video/966
Introduction to the Oracle Database. (n.d.). Oracle Documentation. Retrieved July 1,
2012, from
http://docs.oracle.com/cd/B19306_01/server.102/b14220/intro.htm
Keeping Your Oracle Database Secure. (n.d.). Oracle Documentation. Retrieved July
1, 2012, from
http://docs.oracle.com/cd/B28359_01/network.111/b28531/guidelines.htm
Rice, F. (n.d.). Exploring Microsoft Access Security.MSDN Explore Windows,
Web, Cloud, and Windows Phone Software Development. Retrieved July 1,
2012, from http://msdn.microsoft.com/en-
us/library/aa139961(v=office.10).aspx
Strategic Benefit Solutions- Database Security. (n.d.). Strategic Benefit Solutions-
Partnering With Employers. Retrieved July 1, 2012, from
http://www.benefitscom.com/security.htm