Scribd
Upload
50 views3 pages

CHAPTER 8 - Database Security and Integrity

Uploaded by

jainventor.casaptaytay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
50 views3 pages

CHAPTER 8 - Database Security and Integrity

Uploaded by

jainventor.casaptaytay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Chapter 8: Database Security and Integrity

As databases store critical business and personal data, security and integrity are essential to
prevent unauthorized access, data corruption, and cyber threats. This chapter explores
fundamental security concepts such as authentication, authorization, SQL security features
(GRANT and REVOKE), encryption, data privacy regulations, and cyber threats like SQL injection.

Authentication and Authorization


Authentication
The process of verifying the identity of a user or system trying to access the database. It ensures
that only authorized users are allowed into the system.
Methods of Authentication:
 Username and Password Authentication: The most common method where users log in
with credentials.
 Multi-Factor Authentication (MFA): Adds an extra layer of security by requiring
additional verification, such as a code sent to a mobile device.
 Biometric Authentication: Uses physical attributes like fingerprints or retina scans for
access.

Authorization
The process of determining the level of access and permissions granted to authenticated users.
It restricts users to specific operations or data based on their roles.
Access Control Models in Databases
 Discretionary Access Control (DAC): Users control their own data permissions.
 Mandatory Access Control (MAC): Administrators enforce strict access policies.
 Role-Based Access Control (RBAC): Users are assigned roles with predefined privileges.

Example:
 A database administrator (DBA) can modify schema structures.
 A data analyst can only query and analyze data.

SQL Security Features (GRANT, REVOKE)


SQL provides commands to control access permissions at a granular level, enhancing database
security.
The GRANT Command: Assigning Permissions
GRANT is used to assign permissions to database users.
Types of Privileges:
 Data privileges: SELECT, INSERT, UPDATE, DELETE
 Structural privileges: CREATE, ALTER, DROP
 Execution privileges: EXECUTE (for stored procedures)
Example: Grant SELECT and INSERT permissions to user ‘john_doe’
GRANT SELECT, INSERT ON Employees TO john_doe;
The REVOKE Command: Removing Permissions
REVOKE is used to remove permissions from users.
Example: Remove INSERT privileges from user ‘john_doe’
REVOKE INSERT ON Employees FROM john_doe;

Privileges in SQL
 Data Privileges: Control specific actions on data, such as SELECT, INSERT, UPDATE,
DELETE.
 Structure Privileges: Control actions on database structures, such as CREATE, DROP,
ALTER.
Benefits of SQL Security Features:
 Prevent unauthorized data manipulation.
 Provide role-based access control for enhanced security.

Encryption and Data Privacy


Encryption
The process of converting plaintext into unreadable ciphertext to protect data from unauthorized
access.
Types of Database Encryption:
 Column-Level Encryption – Encrypts specific columns, e.g., credit card numbers.
 Database-Level Encryption – Encrypts the entire database.
 Transport-Level Encryption – Uses SSL/TLS to protect data in transit.
Benefits of Encryption:
 Prevents unauthorized access and data breaches.
 Meets compliance requirements for industries like healthcare and finance.
Data Privacy
Ensures that personal and sensitive information is handled responsibly, in compliance with data
protection regulations (e.g., GDPR, HIPAA).
Best Practices for Data Privacy:
 Minimal Data Collection: Only gather essential information to reduce exposure.
 Data Masking and Anonymization: Mask sensitive data like credit card numbers
 Access Monitoring: Regularly track and audit user access logs to detect suspicious
activities.
Best Practices:
 Minimize data collection to only necessary fields.
 Anonymize or mask sensitive data where possible.
 Regularly audit access and data usage logs.

SQL Injection and Cyber Threats


SQL injection is a cyberattack technique where attackers exploit vulnerabilities in SQL-based
applications to manipulate databases. This occurs when applications fail to validate user input
before executing SQL queries.

Consequences of SQL Injection:


 Unauthorized Access: Attackers can view confidential information like usernames and
passwords.
 Data Corruption: Attackers can modify or delete data within the database.
 Financial Loss: Exploited databases can lead to reputational damage and fines for
companies.

Preventing SQL Injection:


 Use Prepared Statements and Parameterized Queries: Avoid directly embedding user
input into SQL statements.
 Input Validation: Restrict inputs to expected formats (e.g., rejecting special characters).
 Firewalls and Security Software: Deploy Web Application Firewalls (WAFs) to detect and
block malicious attacks.
 Regular Security Updates: Patching vulnerabilities in the database system or web
applications ensures protection against known threats.

SUMMARY
Database security is crucial for protecting sensitive business and personal data from
unauthorized access, corruption, and cyber threats. This chapter explores key security concepts,
including authentication (verifying user identity) and authorization (controlling access based on
roles). It also covers SQL security features like GRANT and REVOKE for managing database
permissions, ensuring only authorized users can manipulate data.
Additionally, the chapter discusses encryption methods such as column-level and database-level
encryption to protect data from breaches, along with data privacy regulations like GDPR and
HIPAA. Finally, it examines cyber threats, particularly SQL injection attacks, which exploit
vulnerabilities to gain unauthorized access. Preventive measures include prepared statements,
input validation, and security firewalls to safeguard databases from malicious attacks.

You might also like