Professional Documents
Culture Documents
Ku Database
Ku Database
Qn1 (b & c)
CONSTRAINT
students_pk_2 UNIQUE
(Faculty_name)
CONSTRAINT
students_pk_3 UNIQUE
(School)
Qn1 (d)
Qn2.
Incomplete transaction is the premature termination of transaction processing before transactions
can be committed to the database, which might result in data loss or corruption.
When a transaction is not completed either because a query times out or because the batch is
cancelled in the middle of a transaction without issuing a COMMIT or ROLLBACK statement to
complete the transaction, the transaction is left open and all the locks acquired during that
transaction continue to be held. Subsequent transactions executed under the same connection are
treated as nested transactions, so all the locks acquired in these completed transactions are not
released. This problem repeats with all the transactions executed from the same connection until
a ROLLBACK is executed. As a result, a large number of locks are held, users are blocked, and
transactions are lost, which results in data that is different from what you expect.
Recovery using Log File
When has a transaction committed?
‒ When <Ti, Start>and <Ti,Commit> is in the log file
When has a transaction failed/aborted?
‒ When <Ti, Start> is in the log file but <Ti,Commit>
Backward Recovery:
‒ Undo transaction (restore old values) if no Commit
Forward Recovery:
‒ Start with an earlier copy of the database
‒ Redo transaction (write new values) if Commit
Qn3.
DBMS Transaction properties
The transaction has the four properties. These are used to maintain consistency in a database,
before and after the transaction.
1. Atomicity
2. Consistency
3. Isolation
4. Durability
Atomicity
It states that all operations of the transaction take place at once if not, the transaction is
aborted.
There is no midway, i.e., the transaction cannot occur partially. Each transaction is
treated as one unit and either run to completion or is not executed at all.
Abort: If a transaction aborts then all the changes made are not visible.
Commit: If a transaction commits then all the changes made are visible.
T1 T2
Read(A) Read(B)
A:=A-100 Y:=Y+100
Write(A) Write(B)
If the transaction T fails after the completion of transaction T1 but before completion of
transaction T2, then the amount will be deducted from A but not added to B. This shows the
inconsistent database state. In order to ensure correctness of database state, the transaction must
be executed in entirety.
Consistency
The integrity constraints are maintained so that the database is consistent before and after
the transaction.
The execution of a transaction will leave a database in either its prior stable state or a new
stable state.
The consistent property of database states that every transaction sees a consistent
database instance.
The transaction is used to transform the database from one consistent state to another
consistent state.
For example: The total amount must be maintained before or after the transaction.
Total before T occurs = 600+300=900
Total after T occurs= 500+400=900
Therefore, the database is consistent. In the case when T1 is completed but T2 fails, then
inconsistency will occur.
Isolation
It shows that the data which is used at the time of execution of a transaction cannot be
used by the second transaction until the first one is completed.
In isolation, if the transaction T1 is being executed and using the data item X, then that
data item can't be accessed by any other transaction T2 until the transaction T1 ends.
The concurrency control subsystem of the DBMS enforced the isolation property.
Durability
The durability property is used to indicate the performance of the database's consistent
state. It states that the transaction made the permanent changes.
They cannot be lost by the erroneous operation of a faulty transaction or by the system
failure. When a transaction is completed, then the database reaches a state known as the
consistent state. That consistent state cannot be lost, even in the event of a system's
failure.
The recovery subsystem of the DBMS has the responsibility of Durability property.
Qn4.
Database Security
Database security includes a variety of measures used to secure database management systems
from malicious cyber-attacks and illegitimate use. Database security programs are designed to
protect not only the data within the database, but also the data management system itself, and
every application that accesses it, from misuse, damage, and intrusion.
Database Security Threats
Insider Threats
An insider threat is a security risk from one of the following three sources, each of which has
privileged means of entry to the database:
A malicious insider with ill-intent
A negligent person within the organization who exposes the database to attack through
careless actions
An insider threat is one of the most typical causes of database security breaches and it often
occurs because a lot of employees and students have been granted privileged user access.
Human Error
Weak passwords, password sharing, accidental erasure or corruption of data, and other
undesirable user behaviors are still the cause of almost half of data breaches reported.
An Evolving IT Environment
The evolving IT environment is making databases more susceptible to threats. Here are trends
that can lead to new types of attacks on databases, or may require new defensive measures:
Growing data volumes - storage, data capture, and processing is growing exponentially across
almost all organizations. Any data security practices or tools must be highly scalable to address
distant and near-future requirements.
Securing Database Server
A database server is a physical or virtual machine running the database. Securing a database
server, also known as “hardening”, is a process that includes physical security, network security,
and secure operating system configuration.
If you do rely on a web hosting service to manage your database, you should ensure that it is a
company with a strong security track record. It is best to stay clear of free hosting services due to
the possible lack of security.
If you manage your database in an on-premise data center, keep in mind that your data center is
also prone to attacks from outsiders or insider threats. Ensure you have physical security
measures, including locks, cameras, and security personnel in your physical facility. Any access
to physical servers must be logged and only granted to authorize individuals.
In addition, do not leave database backups in locations that are publicly accessible, such as
temporary partitions, web folders, or unsecured cloud storage buckets.
If you install an Oracle database manually, this doesn’t happen and default privileged accounts
won’t be expired or locked. Their password stays the same as their username, by default. An
attacker will try to use these credentials first to connect to the database.
It is critical to ensure that every privileged account on a database server is configured with a
strong, unique password. If accounts are not needed, they should be expired and locked.
For the remaining accounts, access has to be limited to the absolute minimum required. Each
account should only have access to the tables and operations (for example, SELECT or INSERT)
required by the user. Avoid creating user accounts with access to every table in the database.
A timely deployment of up-to-date versions of database service packs, critical security hotfixes,
and cumulative updates will improve the stability of database performance.
Irrespective of how solid your defenses are, there is always a possibility that a hacker may
infiltrate your system. Yet, attackers are not the only threat to the security of your database. Your
employees and students may also pose a risk to your database. There is always the possibility
that a malicious or careless insider will gain access to a file they don’t have permission to access.
Encrypting your data makes it unreadable to both attackers and employees and students. Without
an encryption key, they cannot access it, this provides a last line of defense against unwelcome
intrusions. Encrypt all-important application files, data files, and backups so that unauthorized
users cannot read your critical data.
It also keeps track of the activities completed during that time frame and stops administrators
from sharing passwords. While administrators may feel that sharing passwords is convenient,
however, doing so makes effective database accountability and security almost impossible.
Accounts must be regularly reviewed and deactivated if staff move to different roles,
leave the company, or no longer require the same level of access
To make sure the test is comprehensive, involve ethical hackers or recognized penetration testing
services in your security testing. Penetration testers provide extensive reports listing database
vulnerabilities, and it is important to quickly investigate and remediate these vulnerabilities. Run
a penetration test on a critical database system at least once per year.
In particular, File Integrity Monitoring (FIM) can help you log all actions carried out on the
database’s server and to alert you of potential breaches. When FIM detects a change to important
database files, ensure security teams are alerted and able to investigate and respond to the threat.
As well as safeguarding the database with a firewall, you must deploy a web application
firewall (WAF). This is because attacks aimed at web applications, including SQL injection, can
be used to gain illicit access to your databases.
A database firewall will not stop most web application attacks, because traditional firewalls
operate at the network layer, while web application layers operate at the application layer (layer
7 of the OSI model). A WAF operates at layer 7 and is able to detect malicious web application
traffic, such as SQL injection attacks, and block it before it can harm your database.
Cloud Data Security – Simplify securing your cloud databases to catch up and keep up with
DevOps. Imperva’s solution enables cloud-managed services users to rapidly gain visibility and
control of cloud data.
Database Security – Imperva delivers analytics, protection, and response across your data
assets, on-premise and in the cloud – giving you the risk visibility to prevent data breaches and
avoid compliance incidents. Integrate with any database to gain instant visibility, implement
universal policies, and speed time to value.
Data Risk Analysis – Automate the detection of non-compliant, risky, or malicious data access
behavior across all of your databases enterprise-wide to accelerate remediation.
Qn5.
However, if the password is predictable, this can lead to vulnerabilities in the authentication process.
Predictable usernames can make it easier for attackers to target specific users.
Rather than using a full brute-force attack, the attackers will look for accounts with easy-to-guess
passwords, which are used far too often. . They’ll try common credentials like "admin," "admin1," and
"password1." With no restrictions on weak passwords, even sites protected against brute-force attacks
can find themselves compromised.
Weak passwords always play a major role in any hack. For the ease of user, sometime
applications do not enforce password complexity and as a result of that users use simple
passwords such as password, password123, Password@123, 12345, god, own mobile number
etc. Weak password does not always mean length and the characters used, it also means the
guessability. Name@12345, it looks quite complex password but can be guessable. So do not use
password related to name, place, or mobile number. Weak passwords can be guessable or
attacker can bruteforce if the length of the password is very small, so try to use random strings
with special characters. Though that can be hard to remember as a security point of view it’s
quite secure.