Scribd Logo
Upload

Welcome to Scribd!

  • Lecture 12: Database Security: Database System Concepts, 6 Ed

    Uploaded by

    Anonymous 3leVwlP03r
    44 views25 pages
    database

    Original Title

    security

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    database

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    44 views25 pages

    Lecture 12: Database Security: Database System Concepts, 6 Ed

    Uploaded by

    Anonymous 3leVwlP03r
    database

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 25

    Lecture 12: Database Security

    Database System Concepts, 6th Ed.


    ©Silberschatz, Korth and Sudarshan
    See www.db-book.com for conditions on re-use
    Database Security
     Authentication
     Trusted Context
     Authorization
     Authorities
     Privileges
     Label-Based Access Control (LBAC)
     Roles

    Database System Concepts - 6th Edition 16.2 ©Silberschatz, Korth and Sudarshan
    Security Overview

    Database System Concepts - 6th Edition 16.3 ©Silberschatz, Korth and Sudarshan
    Authentication

    Database System Concepts - 6th Edition 16.4 ©Silberschatz, Korth and Sudarshan
    Authentication
     Authentication is the process of verifying a user's identity.
     There are several authentication types that DB2 accepts, such
    as:
     SERVER: authenticates users at the DB2 server. This is the
    default value.
     SERVER_ENCRYPT: authenticates users at the DB2
    server. When the user ID and password are sent to the
    server, they are both encrypted.
     CLIENT: authenticates users at the DB2 client depending
    on the settings of two other configuration parameters:
    TRUST_CLNTAUTH and TRUST_ALLCLNTS.
     KERBEROS: authenticates users at a Kerberos server.

    Database System Concepts - 6th Edition 16.5 ©Silberschatz, Korth and Sudarshan
    Authentication Configuration on DB2 Server

     To configure the authentication type at a DB2 server, you can


    use the Database Manager (DBM) Configuration parameter
    AUTHENTICATION.
     Command “GET DBM CFG” can be used to display the current
    DBM parameter settings.

     Look for the <authentication> parameter for the current


    authentication type used.

    Database System Concepts - 6th Edition 16.6 ©Silberschatz, Korth and Sudarshan
    Authentication Configuration on DB2 Server

     To change the authentication type, you can use DB2 command


    “UPDATE DBM CFG USING AUTHENTICATION <type>”

    Database System Concepts - 6th Edition 16.7 ©Silberschatz, Korth and Sudarshan
    Trusted Context
     The three-tiered application model places a middle tier between the
    client application and the database server. (e.g. IBM WAS).
     In a three-tiered application model, the middle tier is responsible for
    authenticating the users running the client applications and for
    managing the interactions with the database server.
     While the three-tiered application model provides many benefits,
    having all interactions with the database server occur under the
    middle tier's authorization ID raises several security concerns, which
    can be summarized as follows:
     Loss of user identity
     Diminished user accountability
     Over granting of privileges to the middle tier's authorization ID
     Weakened security
     "Spill over" between users of the same connection

    Database System Concepts - 6th Edition 16.8 ©Silberschatz, Korth and Sudarshan
    Trusted Context

    Database System Concepts - 6th Edition 16.9 ©Silberschatz, Korth and Sudarshan
    Authorization

    Database System Concepts - 6th Edition 16.10 ©Silberschatz, Korth and Sudarshan
    Authorities
     Instance level authorities enable you to perform instance-
    wide functions, such as creating and upgrading databases,
    managing table spaces, and monitoring activity and
    performance on your instance.
     No instance-level authority provides access to data in
    database tables.
     Database level authorities enable you to perform functions
    within a specific database, such as granting and revoking
    privileges, inserting, selecting, deleting and updating data, and
    managing workloads.

    Database System Concepts - 6th Edition 16.11 ©Silberschatz, Korth and Sudarshan
    Authorities

    Database System Concepts - 6th Edition 16.12 ©Silberschatz, Korth and Sudarshan
    Authorities

    Database System Concepts - 6th Edition 16.13 ©Silberschatz, Korth and Sudarshan
    Authorities

    Database System Concepts - 6th Edition 16.14 ©Silberschatz, Korth and Sudarshan
    Authorities

    Database System Concepts - 6th Edition 16.15 ©Silberschatz, Korth and Sudarshan
    Privileges

    Database System Concepts - 6th Edition 16.16 ©Silberschatz, Korth and Sudarshan
    Privileges

    Database System Concepts - 6th Edition 16.17 ©Silberschatz, Korth and Sudarshan
    Granting Privileges

    Database System Concepts - 6th Edition 16.18 ©Silberschatz, Korth and Sudarshan
    Granular Privileges

    Database System Concepts - 6th Edition 16.19 ©Silberschatz, Korth and Sudarshan
    Granular Privileges

    Database System Concepts - 6th Edition 16.20 ©Silberschatz, Korth and Sudarshan
    Granular Privileges

    Database System Concepts - 6th Edition 16.21 ©Silberschatz, Korth and Sudarshan
    Roles

    Database System Concepts - 6th Edition 16.22 ©Silberschatz, Korth and Sudarshan
    Roles

    Database System Concepts - 6th Edition 16.23 ©Silberschatz, Korth and Sudarshan
    Summary

    Database System Concepts - 6th Edition 16.24 ©Silberschatz, Korth and Sudarshan
    End of Lecture 12

    Database System Concepts, 6th Ed.


    ©Silberschatz, Korth and Sudarshan
    See www.db-book.com for conditions on re-use

    You might also like