Scribd
Upload
147 views25 pages

Lecture 12: Database Security: Database System Concepts, 6 Ed

database

Uploaded by

Anonymous 3leVwlP03r
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
147 views25 pages

Lecture 12: Database Security: Database System Concepts, 6 Ed

database

Uploaded by

Anonymous 3leVwlP03r
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 25

Lecture 12: Database Security

Database System Concepts, 6th Ed.


©Silberschatz, Korth and Sudarshan
See www.db-book.com for conditions on re-use
Database Security
 Authentication
 Trusted Context
 Authorization
 Authorities
 Privileges
 Label-Based Access Control (LBAC)
 Roles

Database System Concepts - 6th Edition 16.2 ©Silberschatz, Korth and Sudarshan
Security Overview

Database System Concepts - 6th Edition 16.3 ©Silberschatz, Korth and Sudarshan
Authentication

Database System Concepts - 6th Edition 16.4 ©Silberschatz, Korth and Sudarshan
Authentication
 Authentication is the process of verifying a user's identity.
 There are several authentication types that DB2 accepts, such
as:
 SERVER: authenticates users at the DB2 server. This is the
default value.
 SERVER_ENCRYPT: authenticates users at the DB2
server. When the user ID and password are sent to the
server, they are both encrypted.
 CLIENT: authenticates users at the DB2 client depending
on the settings of two other configuration parameters:
TRUST_CLNTAUTH and TRUST_ALLCLNTS.
 KERBEROS: authenticates users at a Kerberos server.

Database System Concepts - 6th Edition 16.5 ©Silberschatz, Korth and Sudarshan
Authentication Configuration on DB2 Server

 To configure the authentication type at a DB2 server, you can


use the Database Manager (DBM) Configuration parameter
AUTHENTICATION.
 Command “GET DBM CFG” can be used to display the current
DBM parameter settings.

 Look for the <authentication> parameter for the current


authentication type used.

Database System Concepts - 6th Edition 16.6 ©Silberschatz, Korth and Sudarshan
Authentication Configuration on DB2 Server

 To change the authentication type, you can use DB2 command


“UPDATE DBM CFG USING AUTHENTICATION <type>”

Database System Concepts - 6th Edition 16.7 ©Silberschatz, Korth and Sudarshan
Trusted Context
 The three-tiered application model places a middle tier between the
client application and the database server. (e.g. IBM WAS).
 In a three-tiered application model, the middle tier is responsible for
authenticating the users running the client applications and for
managing the interactions with the database server.
 While the three-tiered application model provides many benefits,
having all interactions with the database server occur under the
middle tier's authorization ID raises several security concerns, which
can be summarized as follows:
 Loss of user identity
 Diminished user accountability
 Over granting of privileges to the middle tier's authorization ID
 Weakened security
 "Spill over" between users of the same connection

Database System Concepts - 6th Edition 16.8 ©Silberschatz, Korth and Sudarshan
Trusted Context

Database System Concepts - 6th Edition 16.9 ©Silberschatz, Korth and Sudarshan
Authorization

Database System Concepts - 6th Edition 16.10 ©Silberschatz, Korth and Sudarshan
Authorities
 Instance level authorities enable you to perform instance-
wide functions, such as creating and upgrading databases,
managing table spaces, and monitoring activity and
performance on your instance.
 No instance-level authority provides access to data in
database tables.
 Database level authorities enable you to perform functions
within a specific database, such as granting and revoking
privileges, inserting, selecting, deleting and updating data, and
managing workloads.

Database System Concepts - 6th Edition 16.11 ©Silberschatz, Korth and Sudarshan
Authorities

Database System Concepts - 6th Edition 16.12 ©Silberschatz, Korth and Sudarshan
Authorities

Database System Concepts - 6th Edition 16.13 ©Silberschatz, Korth and Sudarshan
Authorities

Database System Concepts - 6th Edition 16.14 ©Silberschatz, Korth and Sudarshan
Authorities

Database System Concepts - 6th Edition 16.15 ©Silberschatz, Korth and Sudarshan
Privileges

Database System Concepts - 6th Edition 16.16 ©Silberschatz, Korth and Sudarshan
Privileges

Database System Concepts - 6th Edition 16.17 ©Silberschatz, Korth and Sudarshan
Granting Privileges

Database System Concepts - 6th Edition 16.18 ©Silberschatz, Korth and Sudarshan
Granular Privileges

Database System Concepts - 6th Edition 16.19 ©Silberschatz, Korth and Sudarshan
Granular Privileges

Database System Concepts - 6th Edition 16.20 ©Silberschatz, Korth and Sudarshan
Granular Privileges

Database System Concepts - 6th Edition 16.21 ©Silberschatz, Korth and Sudarshan
Roles

Database System Concepts - 6th Edition 16.22 ©Silberschatz, Korth and Sudarshan
Roles

Database System Concepts - 6th Edition 16.23 ©Silberschatz, Korth and Sudarshan
Summary

Database System Concepts - 6th Edition 16.24 ©Silberschatz, Korth and Sudarshan
End of Lecture 12

Database System Concepts, 6th Ed.


©Silberschatz, Korth and Sudarshan
See www.db-book.com for conditions on re-use

You might also like