Professional Documents
Culture Documents
Database System Concepts - 6th Edition 16.2 ©Silberschatz, Korth and Sudarshan
Security Overview
Database System Concepts - 6th Edition 16.3 ©Silberschatz, Korth and Sudarshan
Authentication
Database System Concepts - 6th Edition 16.4 ©Silberschatz, Korth and Sudarshan
Authentication
Authentication is the process of verifying a user's identity.
There are several authentication types that DB2 accepts, such
as:
SERVER: authenticates users at the DB2 server. This is the
default value.
SERVER_ENCRYPT: authenticates users at the DB2
server. When the user ID and password are sent to the
server, they are both encrypted.
CLIENT: authenticates users at the DB2 client depending
on the settings of two other configuration parameters:
TRUST_CLNTAUTH and TRUST_ALLCLNTS.
KERBEROS: authenticates users at a Kerberos server.
Database System Concepts - 6th Edition 16.5 ©Silberschatz, Korth and Sudarshan
Authentication Configuration on DB2 Server
Database System Concepts - 6th Edition 16.6 ©Silberschatz, Korth and Sudarshan
Authentication Configuration on DB2 Server
Database System Concepts - 6th Edition 16.7 ©Silberschatz, Korth and Sudarshan
Trusted Context
The three-tiered application model places a middle tier between the
client application and the database server. (e.g. IBM WAS).
In a three-tiered application model, the middle tier is responsible for
authenticating the users running the client applications and for
managing the interactions with the database server.
While the three-tiered application model provides many benefits,
having all interactions with the database server occur under the
middle tier's authorization ID raises several security concerns, which
can be summarized as follows:
Loss of user identity
Diminished user accountability
Over granting of privileges to the middle tier's authorization ID
Weakened security
"Spill over" between users of the same connection
Database System Concepts - 6th Edition 16.8 ©Silberschatz, Korth and Sudarshan
Trusted Context
Database System Concepts - 6th Edition 16.9 ©Silberschatz, Korth and Sudarshan
Authorization
Database System Concepts - 6th Edition 16.10 ©Silberschatz, Korth and Sudarshan
Authorities
Instance level authorities enable you to perform instance-
wide functions, such as creating and upgrading databases,
managing table spaces, and monitoring activity and
performance on your instance.
No instance-level authority provides access to data in
database tables.
Database level authorities enable you to perform functions
within a specific database, such as granting and revoking
privileges, inserting, selecting, deleting and updating data, and
managing workloads.
Database System Concepts - 6th Edition 16.11 ©Silberschatz, Korth and Sudarshan
Authorities
Database System Concepts - 6th Edition 16.12 ©Silberschatz, Korth and Sudarshan
Authorities
Database System Concepts - 6th Edition 16.13 ©Silberschatz, Korth and Sudarshan
Authorities
Database System Concepts - 6th Edition 16.14 ©Silberschatz, Korth and Sudarshan
Authorities
Database System Concepts - 6th Edition 16.15 ©Silberschatz, Korth and Sudarshan
Privileges
Database System Concepts - 6th Edition 16.16 ©Silberschatz, Korth and Sudarshan
Privileges
Database System Concepts - 6th Edition 16.17 ©Silberschatz, Korth and Sudarshan
Granting Privileges
Database System Concepts - 6th Edition 16.18 ©Silberschatz, Korth and Sudarshan
Granular Privileges
Database System Concepts - 6th Edition 16.19 ©Silberschatz, Korth and Sudarshan
Granular Privileges
Database System Concepts - 6th Edition 16.20 ©Silberschatz, Korth and Sudarshan
Granular Privileges
Database System Concepts - 6th Edition 16.21 ©Silberschatz, Korth and Sudarshan
Roles
Database System Concepts - 6th Edition 16.22 ©Silberschatz, Korth and Sudarshan
Roles
Database System Concepts - 6th Edition 16.23 ©Silberschatz, Korth and Sudarshan
Summary
Database System Concepts - 6th Edition 16.24 ©Silberschatz, Korth and Sudarshan
End of Lecture 12