Professional Documents
Culture Documents
Database System: Since some users may modify data while some may only
query, it is the job of the system to enforce authorization rules.
Operating System: No matter how secure the database system is, the operating
system may serve as another means of unauthorized access.
Network: Since most databases allow remote access, hardware and software
security is crucial.
Physical: Sites with computer systems must be physically secured against entry
by intruders or terrorists.
Human: Users must be authorized carefully to reduce the chance of a user giving
access to an intruder.
4- Database & Data Integrity Violation Process.
Security gaps are points at which security is missing, and thus system is vulnerable.
Vulnerability is state in which an object can potentially be affected by a force or another
object or even a situation but not necessarily is or will be.
Threat is defined as security risk that has high possibility of becoming a system breach.
5- Database Security Enforcement.
Security enforcement is an enabler for databases to meet mandatory regulatory
compliance and privacy requirements. A well-rounded yet efficient security mechanism
would make a database product eligible for high profile government contracts and new
markets in the financial sector, and make it trustworthy among many third-party
applications that are likely to be built on top of it.
6- Database Security Access Point.
A security access point is place where database security must be protected and
applied. And also, data access point must be small.
People (secure data within the DB against violations caused by people).
Applications (when granting security privileges to applications, be cautious, permissions
shouldn’t too loose/too restrictive).
Network.
OS (gateway to data, security credentials must be verified).
DBMS.
Data Files (make use of encryption and permissions to protect data files belonging to
database).
Data
Password Complexity
Password complexity policies are designed to deter brute force attacks by increasing
the number of possible passwords. When password complexity policy is enforced, new
passwords must meet the following guidelines:
The password does not contain the account name of the user.
The password is at least eight characters long.
The password contains characters from three of the following four categories:
Latin uppercase letters (A through Z)
Latin lowercase letters (a through z)
Base 10 digits (0 through 9)
Non-alphanumeric characters such as: exclamation point (!), dollar sign ($),
number sign (#), or percent (%).
Passwords can be up to 128 characters long. Use passwords that are as long and
complex as possible.
Password Expiration
Password expiration policies are used to manage the lifespan of a password. When
SQL Server enforces password expiration policy, users are reminded to change old
passwords, and accounts that have expired passwords are disabled.
GRANT privilege_name
ON object_name
TO {user_name |PUBLIC |role_name}
[WITH GRANT OPTION];
This model depends on the application to authentication the application users by maintain all end
users in a table with their encryption password. In this model, each end user is assigned a database
role, which has specific database privilege for accessing application table. The user can access
whatever privileges are assigned to the role.
The concept of an application role security model is similar to the concept of database role security
model in that they are both methods for organizing and administrating privileges. Application roles
are typically mapped specifically to real business roles.