Lecture

Lecture11 Database
DatabaseIntegrity
Integrity

 Integrity means to maintain something in its truth or

originality
 The rules which ensure the correctness of data in the
database

1
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

Constraint
 The logical restriction on data for the purpose of
maintaining integrity and accuracy of data.
 Major type of Database Integrity Constraints are
◦ Domain Constraints
◦ Entity Integrity
◦ Referential Integrity
◦ Action Assertion

2
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

 The value assigned to the attributes of a relation must

be taken from the same domain
 A set of allowable values for one or more attributes.
 Every attribute in a relation is defined on a domain..
 Domain may be distinct for each attribute or two or
more attributes may be define on the same domain.

3
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

 It maintain the integrity of the data by allowing only

legal type of values to an attribute.
 Example: if the age attribute has been assigned a
numeric data type then it will not be possible to assign
a text or date value to it.

4
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

 Restrict the domain of an attribute by applying a

check constraint on the attribute
 Example: Age attribute has numeric data type. If a data
entry operator enter the age of a student as 200, if this
is year then it is not a legal age, yet it is legal from the
domain constraint perspective. So we can assign the
boundaries for the age so that no one can enter the false
value. i.e. apply the check constraint age attribute that
age should not greater then 30 year.

5
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

 Domain definition consist of domain name, meaning,

data type, size or length and the range of allowable
value.

6
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

 Entity integrity ensure that every relation has a

primary key
 No attribute of a primary key (PK) can have null value

7
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

 If a primary key consists of single attribute, this

constraint obviously applies on this attribute, so it
cannot have the Null value.
 If a primary key is composite key, then none of the
attributes of this primary key can have the Null value in
any of the instances.

8
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

 Primary Key have default NOT NULL constraint.

 It also have default UNIQUE constraint.

9
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

CREATE TABLE Flight_Schedule

(
Flight_Number NUMBER,
Airline VARCHAR2(12),
Price NUMBER,
CONSTRAINT pk_ Flight_Number PRIMARY KEY (Flight_Number)
)

Flight_Number is a PK, and it must have unique value

and it can not have a null value

10
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

FLIGHT-SCHEDULE
Flight_Number Airline Price
101 delta 156
545 american 110
912 scandinavian 450

Flight_Number is a PK, and it can not have a null value

11
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

Significance of Constraints
 By definition a PK is a minimal identifier that is used
to identify tuples uniquely. This means that no subset of
the primary key is sufficient to provide unique
identification of tuples.

 If null value is allow for any part of the primary key,

we would be demonstrating that not all of the attributes
are needed to distinguish between tuples, which would
contradict the definition.

12
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

 Represent a value for an attribute that is currently

unknown or not applicable for specific tuple.
 Through Null constraint we can monitor whether an
attribute can have Null value or not.
 The optional attributes can have null value.
 It monitor whether an attribute can have Null value or
not.

13
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

 By default a non-key attribute can have Null value. Null

is not a value but it represents the absence of value.
 if database designer declare an attribute as Not Null then
it become require attribute.
 Example: In a bank, a customer has to fill a form that
may comprises of many entries, but some of them would
be necessary to fill in like CNIC Number, Name,
residential address, Date of Birth but there may be some
entries that may be optional, like fax number etc.

14
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

CREATE TABLE Flight_Schedule

(
Flight_Number NUMBER,
Airline VARCHAR2(12) NOT NULL,
Price NUMBER ,
CONSTRAINT pk_ Flight_Number PRIMARY KEY (Flight_Number)
)

The value of Airline attribute can not be null

15
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

STAFF Not Null Constraint

S_No Name Position Salary Fax_Number

SL21 Atif Ali Manager 30000 05123627632

GG37 Amjad Assistant 12000
SG66 Habib Salesman 25000 0513232323
SA89 Zubair Assistant 9000 Unknown
SL31 Tahir Salesman 23000
SG5 Asim Manager 27000 09927867847

Null value, missing of value , Unknown represent the

absence of value or null value.
16
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

 If a foreign key exists in a relation, either the foreign

key value must match the primary key value of some
tuple in its home relation or the foreign key value must
be completely null.
 If a relationship between two entity type is optional
then the foreign key value could be null but if the
relationship between entity type is mandatory then the
value of foreign key cannot be null.

17
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

Significance of Constraints
 It plays a vital role in maintaining the correctness,
validity or integrity of the database.
 This means that when we have to ensure the proper
enforcement of the referential integrity constraint to
ensure the consistency and correctness of database

18
 Lecture
Lecture11
CREATE TABLE CUSTOMER
( (
Customer_ID NUMBER,
Customer_Name VARCHAR2(15),
Customer_Address VARCHAR2(20),
City VARCHAR2(15),
State VARCHAR2(10),
Postal_code NUMBER,
PRIMARY KEY (Customer_ID )
)
Parent Table
19
Database
DatabaseIntegrity
Integrity
CREATE TABLE CUSTOMER_ORDER
Order_ID NUMBER,
Order_Date DATE ,
Customer_ID NUMBER,
PRIMARY KEY (Order_ID),
FOREIGN KEY (Customer_ID)
REFERENCES CUSTOMER (Customer_ID)
)
Child Table
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

20
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

Referential integrity
constraints are drawn via
arrows from dependent
to parent table

21
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

Deletion Operation
 ON DELETE CASCADE:
◦ It indicate that when the row in the parent table is deleted, the
dependent row in the child table is also deleted.

◦ Without ON DELETE CASCADE option, the row in the

parent option cannot be deleted if it is referenced in the child
table.

22
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

Deletion Operation
 Safety Check :
◦ It does not allow the deletion of the parent table until all
associated records in the child table are deleted.

24
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

Deletion Operation
 Null Value :
◦ If the record is deleted from the parents table then the null
value is placed in the foreign key.

ALTER TABLE EMPLOYEE

ADD CONSTRAINT fk_employee_deptno FOREIGN KEY (Deptno)
REFERENCES DEPT (Deptno)
ON DELETE SET NULL

25
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

 Business rules specify by the user or database

administrators that define or constraint some aspect of
the enterprise.

26
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

Example
 A person may purchase a ticket for the all-star game
only if that person is a season-ticket holder.

 CHECK and some other Constraints are used for

action assertions.

Sal NUMBER CONSTRAINT Check_Sal CHECK (Sal IN (8000,

9000, 10000))

27
Lecture
Lecture11 Database
DatabaseIntegrity
Integrity

Have a Nice Day

28
Lecture 14 Database Security

Database Security
Lec-14

Department of Computer Science, CIIT Abbottabad

Lecture 14 Database Security

 Protection of the data against accidental or intentional

loss, destruction, or misuse.
 Access to data has become more open through the
Internet and corporate intranets and from mobile
computing devices. As a result, managing data security
effectively has become more difficult and time
consuming.

2
Lecture 14 Database Security

 For the protection of data in database it is the

responsibility of Data administration to develop overall
policies and procedures to protect databases.

 Database administration is responsible for

administering database security on a daily basis.

3
Lecture 14 Database Security

 Data is a valuable resource that must be strictly

controlled and managed, as with any corporate
resource.
 Part or all of the corporate data may have strategic
importance and therefore needs to be kept secure and
confidential.

4
Lecture 14 Database Security

 Mechanism that protect the database against intentional

or accidental threats.
 Security considerations do not only apply to the data
held in a database. Breaches of security may affect
other parts of the system, which may in turn affect the
database.

5
Lecture 14 Database Security

 If any unauthorized person gain access to database who

may alter, change, or even steal the data.
 Only database security does not ensure the secure
database.
◦ All parts of the system must be secure, including the database,
network, operating system, building in which the database
resides physically, and the staff member who have any
opportunity to access the system.

6
Lecture 14 Database Security

7
Lecture 14 Database Security

 The threats addresses in a data Security plans are as:

◦ Accidental losses
◦ Theft and fraud
◦ Improper data access
◦ Loss of data integrity
◦ Loss of availability

8
Lecture 14 Database Security

 Accidental losses
◦ Human error
◦ Software failure
◦ Hardware failure

9
Lecture 14 Database Security

Theft and fraud

 These activities are going to be perpetrated by people,
quite possibly through electronic means, and may or
may not alter data. Attention here should focus on each
possible location.
 For example, physical security must be established so
that unauthorized persons are unable to gain access.
 Establishment of a firewall to protect unauthorized
access to the database from outside world so that hamper
people whose aim is to theft or fraud in database.

10
Lecture 14 Database Security

Loss of Privacy
 Loss of Privacy mean a loss of protection of individuals
data.

 Failure to control privacy of information may lead to

blackmail, corruption, public embarrassment, or stealing
of user passwords.

11
Lecture 14 Database Security

Loss of Privacy
 Loss of confidentiality mean loss of protection of
organizational data that may have strategic value to the
organization.

 Failure to control confidentiality may lead to loss of

competitiveness.

12
Lecture 14 Database Security

Loss of data integrity

 When data integrity is compromised, data will be invalid
or corrupted.
 If data integrity can not be restored through backup and
recovery techniques then it may suffer organization data
or make incorrect and expensive decisions based on the
invalid data.

13
Lecture 14 Database Security

Loss of availability
 Damage of hardware, networks, or applications may
cause the data to become unavailable to users, which
again may lead to severe operational difficulties.

14
Lecture 14 Database Security

 Views or subschemas
 Integrity controls
 Authorization rules
 User-defined procedures
 Encryption
 Authentication schemes
 Backup, journalizing, and checkpointing

15
Lecture 14 Database Security

Views or subschemas
 View is virtual relation that does not necessarily exist in
the database but can be produced upon request by a
particular user , at the time of request.
 It may dynamically derived from one or more base
relations.
 It is always based on the current data in the base tables
from which it is built.

16
Lecture 14 Database Security

Views or subschemas
 The view mechanism provides a powerful and flexible
security mechanism by hiding parts of the database from
certain users.
 The user is not aware of the existence of any attributes
or row that are missing from the view.

17
Lecture 14 Database Security

Views or subschemas
 It effectively prevent the user from viewing other data
that may be private or confidential.
 The user may be granted the right to access the view, but
not to access the base tables upon which the view is
based.

18
Lecture 14 Database Security

Integrity controls
 Prevents data from becoming invalid, and hence giving
misleading or incorrect results.
 Maintaining a secure database system by preventing data
from becoming invalid.
 Protect data from unauthorized use
 Domains–set allowable values

19
Lecture 14 Database Security

Authorization rules
 Authorization rules are controls incorporated in the data
management system that restrict access to data and also
restrict the actions that people may take when they
access data.
 A person who can supply a particular password may be
authorized to read any record in a database but cannot
necessarily modify any of those records.

20
Lecture 14 Database Security

Authorization rules
 Example
◦ A person who can supply a particular password may be
authorized to read any record in a database but cannot
necessarily modify any of those records.

The GRANT command gives privileges to users, and the

REVOKE command takes away privileges.

21
Lecture 14 Database Security

Authorization rules

Authorization Matrix

22
Lecture 15 Database Security

Authorization table for subjects (salespeople)

Implementing
authorization
rules
Authorization table for objects (orders)

Oracle privileges

23
Lecture 14 Database Security

Authorization rules

GRANT SELECT, UPDATE (unit_price) ON PRODUCT_T TO SMITH;

The GRANT command gives privileges to users, and the REVOKE

command
24 takes away privileges.
Lecture 14 Database Security

Encryption
 It is the coding of data so that humans cannot read them.
 Some DBMS products include encryption routines that
automatically encode sensitive data when they are stored
or transmitted over communications channels.
 Example
◦ Encryption is commonly used in electronic funds transfer (EFT)
systems.

25
Lecture 14 Database Security

Encryption
 Type of encryption

◦ One Key Encryption

◦ Two Key Encryption

26
Lecture 14 Database Security

Encryption
 Type of encryption
 One Key Encryption
◦ It is also called data encryption standard (DES), both the sender
and the receiver need to know the key that is used to scramble
the transmitted or stored data.

27
Lecture 14 Database Security

Encryption
 Type of encryption
 Two Key Encryption
◦ It is also called asymmetric encryption, employs a private and a
public key.

◦ Two-key methods are especially popular in e-commerce

applications to provide secure transmission and database storage
of payment data, such as credit card numbers.

28
Lecture 14 Database Security

Authentication
 Positive identification of the user
 Identify the user that who are trying to gain access to a
computer or its resources.

29
Lecture 14 Database Security

Authentication
 Identify the user that who are trying to gain access by
supplying one of the following factor.
◦ Something the user knows, usually a password or personal
identification number (PIN)

◦ Something the user possesses, such as a smart card or token

◦ Some unique personal characteristic, such as a fingerprint or

retinal scan

Authentication schemes are called one-factor, two-factor, or

three-factor
30 authentication,
Lecture 14 Database Security

Authentication
 Passwords

 It is a one-factor authentication scheme.

 The person who can supply a valid password can log on
to the database system.

 The DBA is responsible for issuing or creating

passwords for the DBMS and other specific applications.

31
Lecture 14 Database Security

Authentication
 Passwords

 The DBA should follow several guidelines in creating

passwords
◦ Should be at least 8 characters long
◦ Should combine alphabetic and numeric data
◦ Should not be complete words or personal information
◦ Should be changed frequently

32
Lecture 14 Database Security

Authentication
 Strong Authentication

 Two factor authentication schemes (usually card and

PIN code e.g ATM).
 Two factor authentication schemes is more secure than
simple passwords because it is quite difficult for an
unauthorized person to obtain both factors at the same
time.

33
Lecture 14 Database Security

Authentication
 Strong Authentication

 Two-factor schemes are also not perfect. Cards can be

lost or stolen, and PINs can be intercepted. For sensitive
applications, such as e-commerce and online banking,
stronger security is necessary.

 Solution: Three factor authentication schemes

34
Lecture 14 Database Security

Authentication
 Strong Authentication

 Three factor authentication schemes have en extra

biometric attribute (finger prints, voiceprints, eye
pictures etc) that is unique for each individual user.

 Three-factor authentication is normally implemented

with a high-tech card called a smart card.

35
Lecture 14 Database Security

Authentication
 Mediated Authentication

 Introduce the third-party for authentication systems,

which establish user authenticity through a trusted
authentication agent, such as Kerberos.

36
Lecture 14 Database Security

Have a Nice Day

37