Professional Documents
Culture Documents
Database Security
Database Security
Chapter Six
Database Administration
Part 2
Chapter Objectives
• Understand the need for and importance of database
administration
• Learn different ways of processing a database
• Understand the need for concurrency control, security, and
backup and recovery
• Learn typical problems that can occur when multiple users
process a database concurrently
• Understand the use of locking and the problem of deadlock
Understand the use of locking and the problem of deadlock
2
Chapter Objectives (continued)
• Learn the difference between optimistic and pessimistic
locking
• Know the meaning of ACID transaction
• Learn the four 1992 ANSI standard isolation levels
• Understand the need for security and learn a generalized
model of database security
• Know the difference between DBMS and application security
• Know the difference between recovery via reprocessing and
recovery via rollback/rollforward
3
Chapter Objectives (continued)
• Understand the nature of the tasks required for recovery
using rollback/rollforward
• Know basic administrative and managerial DBA functions
4
Database Security
5
Admin Asst: Read,
Insert and change data
in all tables.
ONLY delete from
SEMINAR-CUSTOMER
(un-enroll customer
from seminar) and
LINE-ITEM (take item
off order).
Management: Take all
actions except delete
customers.
Never want to delete a
customer.
Sys Admin: Only
define permissions. No
other rights. Not a user,
no need to change data.
6
Database Security Guidelines
• Run the DBMS behind a firewall
– No access outside of organization
– Problem with e-commerce applications
– Still protect all non-e-commerce activities
• Apply the latest operating system and DBMS service
packs and patches
– Spring 2003 Slammer worm exploited security hole in SQL
Server
– MS published patch eliminating hole, for those who
applied it
7
Database Security Guidelines
• Limit DBMS functionality to needed features
– Remove extra communication protocols
– Remove pre-packaged stored procedures
• Protect the computer that runs the DBMS
– No one should use or access this computer
– Keep behind locked and logged doors
• Manage accounts and passwords
8
Processing Rights and
Responsibilities
• Processing rights define who is permitted to
do what, when
• The individuals performing these activities
have full responsibility for the implications of
their actions
• Individuals are identified by a username and a
password
9
DBMS Security
(Granting Permissions)
• Database users are known as an individual and as a
member of one or more role
• Granting access and processing rights/privileges may
be granted to an individual and/or a role
• Users possess the compilation of rights granted to
the individual and all the roles for which they are
members
10
Application Security
• Beyond providing generic access
limitations to users, an application may
introduce specific access rights for
particular users.
11
A Model of DBMS Security
12
Database Backup and Recovery
• Common causes of database failures…
– Hardware failures
– Programming bugs
– Human errors/mistakes
– Malicious actions
• Since these issues are impossible to completely
avoid, recovery procedures are essential
13
Database Backup and Recovery
• First – business functions must continue.
– Customer orders, financial transactions, packing lists – all
completed manually
• Second – system must be restored to usable stage
ASAP and as close as possible to what it was when it
crashed
• Third – users must be notified when system back
online
– Some data may need to be re-entered
14
Recovery via Reprocessing
• In reprocessing, all activities since the backup
was performed are redone
• This is a brut-force technique
• This procedure is costly in the effort involved
in re-entering the data
• This procedure is risky in that human error is
likely and in that paper record-keeping may
not be accurate
15
Recovery via
Rollback and Rollforward
• Most database management systems provide
a mechanism to record activities into a log
file
16
Rollforward
• Activities recorded in the log files may be
replayed. In doing so, all activities are re-
applied to the database
• This procedure is used to resynchronize
restored database data
• This procedure is termed a Rollforward
17
Rollback
• Since log files save activities in sequence
order, it is possible to undo activities in
reverse order that they were originally
executed
• This is performed to correct/undo erroneous
or malicious transaction(s)
• This procedure is known as a Rollback
18
End of Presentation on Chapter Six
Database Administration
Final Project for CSCI260