The explosions of websites that make current data accessible to viewers through the Internet connection raise a lot of security issues. The challenge is to transmit and receive information over the Internet while ensuring that:
• It is accessible only to the sender and receiver
• It has not been changed during transmission
• The receiver can be certain that the data came from the sender
• The sender can be certain that the receiver is genuine
• The sender cannot deny he or she sent the data
Another issue that needs to consider in the web environment is that the information being transmitted may have executable content. And executable content can perform the following malicious actions:
• Destroy data or program
• Reformat complete disk
• Shut down the system
• Collect and download confidential data (Connolly and Begg 2005)
Nowadays, malware or malicious software like computer virus and spams are widely spread. Computer viruses are unauthorised computer codes that are created to destroy the data or corrupt the computer. On the other hand, a spam is just unwanted electronic mails that we receive without knowing who the sender is or without wanting to receive the electronic mails. Their presence could fill up the inbox of the electronic mails and we would be just wasting our time deleting them. Thus, the next section will discuss some of the methods on how to secure the database in a web environment.
8.4.1 Proxy Servers
A proxy server is a computer that is located between a web browser and a web server. It intercepts all requests to the web server and performs the requests. If it
8.4
SELF-CHECK 8.3
1. How do you set the password to open an exisitng database in Microsoft Office Access?
cannot fulfill the requests itself, then it will pass the request to the web server.
Thus, actually its main purpose is to improve the performance. For instance, assume that user 1 and user 2 access the web through a proxy server. When user 1 requests a certain web page and later user 2 requests the same, the proxy server would just fetch the page that has been resided in the cache page. Thus, the retrieval process would be faster. Besides that, proxy servers can also be used to filter requests. For instance, an organization might use a proxy server to prevent its employees or clients to access certain web sites. In this case, the known bad websites or insecure websites could be identified and accessed to it could be denied (Connolly and Begg 2005).
8.4.2 Firewalls
„A firewall is a system designed to prevent unauthorised access to or from a private network‰ (Connolly and Begg 2005). Firewalls could be implemented in hardware, software or a combination of both. All messages or requests entering or leaving the internet pass through the firewall and it would examine the messages and requests and would block those that do not meet the specified security characteristics.
8.4.3 Digital Signatures
A digital signature could be used to verify that the data comes from the authorised sender. It consists of two pieces of information, that are, a string of bits that is computed from the data that is being signed using signature algorithms and the private key or password of the individual wishing the signature (Connolly and Begg 2005).
8.4.4 Digital Certificates
A digital certificate is an attachment to an electronic message used to verify that a user sending a message is who he or she claims to be. It also provides the receiver with the ways to decode a reply. A digital certificate could be applied from a Certificate Authority (CA). The CA issues an encrypted digital certificate that consists of the applicantÊs public key and various other identification of information. The receiver of an encrypted message uses the CAÊs public key to decode the digital certificate attached to the message (Connolly and Begg 2005).
• Database security is the mechanism that protects the database against intentional or unintentional threats.
• A threat is any situation or event, whether intentional or unintentional, that will affect a system and organisation.
• Computer-based security controls for the multi-user environment include authorisation, access controls, views, backup and recovery, encryption and RAID technology.
• The security measures associated with DBMS on the web include proxy servers, firewalls, digital signature and digital certificate.
ACTIVITY 8.2
1. For each of the following situation, identify the appropriate computer-based control and discuss one reason why such control is chosen : (a) a national brokerage firm uses an electronic funds transfer (EFT)
system to transmit sensitive financial data between locations (b) an organization has set up an off-site computer-based training
center and it wishes to restrict access to the site to authorized employees only
(c) a small manufacturing firm uses a simple password system to protect its database but finds it needs a more comprehensive system to grant different privileges like read, view, delete or update to different users.
2. What concerns would you have if you accept a job as a database administrator and discovers that the database users are entering one common password to log on to the database?
An organisation has a database server with three disk devices. The accounting and payroll applications share one of these devices and are experiencing performance problems. You have been asked to investigate the problem. What might you have suggested to overcome this problem?
Authorisation Authentication Cold backup Decryption Digital certificates Digital signatures
Encryption Firewalls Hot Backup RAID Recovery Threat
Connolly, M. & Begg, C. (2005). Database systems ă A practical approach to design, implementation and management. (4th ed.). Harlow, Essex, England:
Addison-Wesley (Pearson Education Limited).
Hoffer, J,, Prescott, M. & McFadden, F. (2007). Modern database management (8th ed.). New jersey: Prentice-Hall.
Database security issues. (n. d.). Retrieved December 29, 2009, from http:// data bases.about.com/ od/security/Database_Security_Issues.htm
Mannino, M. V. (2001). Database: Application development & design. New York:
McGraw-Hill.
1. Discuss the importance of database security.
2. Discuss the security measures provided by Microsoft Office Access.
3. Explain the approaches to secure DBMS on the Web.
4. Please read the tutorial on Microsoft Office Access in the appendix and do the assignment.
TABLE OF CONTENTS
Introduction
9.1 Database Transactions
9.1.1 Transaction Examples 9.1.2 Transaction Properties 9.2 Concurrency Control
9.2.1 Interference problems 9.2.2 Concurrency Control Tools 9.3 Recovery Management
9.3.1 Database Failures 9.3.2 Recovery Tools 9.3.3 Recovery Techniques Summary
Key Terms References