Professional Documents
Culture Documents
Sample
Sample
Sample
ID Number:
1. AM2304013408
Declaration: I/we the undersigned confirm that I/we have read and agree to abide by these regulations on
plagiarism and cheating. I/we confirm that this piece of work is my/our own. I/we consent to appropriate
storage of our work for checking to ensure that there is no plagiarism/ academic cheating.
Signature:
Full Name: (MUHAMMAD EZRAL REDZUAN BIN AZLEE)
2
Activity 1 – Creating the database schema
3
Activity 2 – Populating the database
4
Activity 3 – Analysing the problem.
Tracey (Supervisor)
– Need to be able to see and change everything.
User Matrix
Tracey
Bill
Sheila
Govind
Temp1
Temp2
Temp3
5
Activity 4 – Executing the security script
6
mysql> GRANT SELECT, UPDATE, DELETE ON orders.customer TO ‘Bill’’@'localhost';
Query OK, 0 rows affected (0.03 sec)
7
mysql> GRANT SELECT, UPDATE, DELETE ON orders.customer TO ‘Govind’@'localhost';
Query OK, 0 rows affected (0.03 sec)
8
mysql> CREATE USER 'Temp1'@'localhost' IDENTIFIED BY 'temp1';
Query OK, 0 rows affected (0.03 sec)
9
10
mysql> show grants for ’Tracey’@’localhost’;
11
mysql> show grants for ‘Temp1’@’localhost’;
mysql> show grants for ‘Temp2’@’localhost’;
mysql> show grants for ‘Temp3’@’localhost’;
12
Activity 5 – Testing the access control.
SELECT STATEMENT
INSERT STATEMENT
13
UPDATE STATEMENT
DELETE STATEMENT
14
TRACEY – ORDER_ITEM TABLE
SELECT STATEMENT
INSERT STATEMENT
15
UPDATE STATEMENT
DELETE STATEMENT
16
TRACEY – ORDER_RECEIPT TABLE
SELECT STATEMENT
INSERT STATEMENT
17
UPDATE STATEMENT
DELETE STATEMENT
18
BILL, SHEILA, GOVIND – CUSTOMER TABLE
SELECT STATEMENT
INSERT STATEMENT
19
UPDATE STATEMENT
DELETE STATEMENT
20
BILL, SHEILA, GOVIND – ORDER_ITEM TABLE
SELECT STATEMENT
INSERT STATEMENT
21
UPDATE STATEMENT
DELETE STATEMENT
22
BILL, SHEILA, GOVIND – ORDER_RECEIPT TABLE
SELECT STATEMENT
INSERT STATEMENT
23
UPDATE STATEMENT
DELETE STATEMENT
24
TEMP1, TEMP2, TEMP3 – CUSTOMER TABLE
SELECT STATEMENT
INSERT STATEMENT
UPDATE STATEMENT
25
DELETE STATEMENT
26
TEMP1, TEMP2, TEMP3 – ORDER_ITEM TABLE
SELECT STATEMENT
INSERT STATEMENT
UPDATE STATEMENT
27
DELETE STATEMENT
28
TEMP1, TEMP2, TEMP3 – ORDER_RECEIPT TABLE
SELECT STATEMENT
INSERT STATEMENT
UPDATE STATEMENT
29
DELETE STATEMENT
30
Activity 6 – Conclusion
Strength:
- Each user role has a different level of authorization that can ensure that
each user has their own job and what kind of level of authorization they
can access.
Weakness:
- Lack of encryption or masking of sensitive data.
31
Activity 7 – Postscript
1. Tracey then tried to delete the CUSTOMER table. Did she succeed?
2. I hope not, but if so, why? Did you not inadvertently give her SYSADM
privileges?
If Tracey does manage to delete the CUSTOMER table, then that mean
the administrator accidentally give Tracey excessive privileges without
they realize.
3. She then tried to delete some customers. Did she succeed? Did the
deletes cascade?
No, Tracey should not be able to delete customers data because the
data in CUSTOMER table relates to another table that we called as
child table. So, the data cannot be deleted or cascade, unless the
CASCADE DELETE is set up into the system.
4. She tried to insert a line in all orders over RM1000 for 500 coffee
machines. Did she succeed?
For this case, Tracey does succeed in insert a line in orders that over
RM1000. This is because the access control mechanism that deny the
permission for user that doesn’t have the privilege to handle that orders
is not set up in the system. Even if that access control mechanism does
have been set up, Tracey and Govind have the access to handle that
orders.
32
5. And how was the problem detected?
No, she doesn’t succeed in changing her password, this is because the
authority to change password and manage the user can only be done
by SYSTEM ADMIN and not the supervisor in sales office.
33