Database System Security Workbook

K L UNIVERSITY | DATABASE & SYSTEMS SECURITY 21CS3260R
21CS3260R DATABASE & SYSTEMS SECURITY
STUDENT NAME
REG. NO
YEAR
SEMESTER
SECTION
FACULTY
LABORATORY WORKBOOK
4
Table of Contents
1. Fundamentals of Database Security.................................6
2. Backing up, recovering and restoring database..............14
3. Triggers for Database Security 1....................................24
4. Triggers for Database Security 2....................................35
5. Digital Signature Generation..........................................47
6. Hashing in Oracle...........................................................54
7. Validate using Hashing...................................................64
8. Hashing Data in Transit..................................................76
9. Validation of hashes of Data in Transit...........................84
10. Encrypting Data in Transit............................................91
11. Validating Data after Encryption................................101
12. Hashing Data in Transit 2...........................................115
4
Organization of the STUDENT LAB WORKBOOK
The laboratory framework includes a creative element but shifts the time-intensive
aspects outside of the Two-Hourclosed laboratory period. Within this structure, each
laboratory includes three parts: Prelab, In-lab, and Post-lab.
a. Pre-Lab
The Prelab exercise is a homework assignment that links the lecture with the
laboratory period - typically takes 2 hours to complete. The goal is to synthesize the
information they learn in lecture with material from their textbook to produce a
working piece of software. Prelab Students attending a two-hour closed laboratory
are expected to make a good-faith effort to complete the Prelab exercise before
coming to the lab. Their work need not be perfect, but their effort must be real
(roughly 80 percent correct).
b. In-Lab
The In-lab section takes place during the actual laboratory period. The First hour of
the laboratory period can be used to resolve any problems the students might have
experienced in completing the Prelab exercises. The intent is to give constructive
feedback so that students leave the lab with working Prelab software - a significant
accomplishment on their part. During the second hour, students complete the In-lab
exercise to reinforce the concepts learned in the Prelab. Students leave the lab
having received feedback on their Prelab and In-lab work.
c. Post-Lab
The last phase of each laboratory is a homework assignment that is done following
the laboratory period. In the Post-lab, students analyse the efficiency or utility of a
given system call. Each Post-lab exercise should take roughly 120 minutes to
complete.
4
2023-24 EVEN SEMESTER LAB CONTINUOUS EVALUATION

Pre- In-Lab Post Faculty
Viva Voce Total
Lab Lab Signatur
LOGIC EXECUTION RESULT ANALYSIS (5M) (50M)
(5M) (10M) (10M) (10M) (5M) (5M) e
4
Sl (50M Signatur
Date Experiment Name (5M) (5M)
No LOGIC EXECUTION RESULT ANALYSIS ) e
(10M) (10M) (10M) (5M)
10
11
12
4
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

SUBJECT CODE: 18CS3278
DATABASE & SYSTEM SECURITY WORKBOOK
1. Fundamentals of Database Security
Date of the Session: ___/___/___ Time of the Session: _____to______
Learning Outcomes:
 To understand and implement the concept of roles and privileges in a database.
 To understand and implement the concept of data manipulation and authorization
in a database.
PRE-REQUISITE:
In lab, you do not have the admin access to the server and hence cannot perform the
required essential operations.
So, configure using the ‘Net Configuration Assistant’ and create an alias to connect to the
oracle instance. The steps to do so are mentioned below-
Go to the ‘Oracle’ folder in the start menu  Click on ‘Net Configuration Assistant’  Click
on ‘Other Choices’ when asked to login and click on the ‘Samyak’ user and login using the
password ‘klu@123’  Choose ‘Local Net Service Name Configuration’  Choose ‘Add’ 
Service Name: orcl Choose ‘TCP’  Host Name: desktop-t11csnm (or) 10.30.11.121(may
be subject to change. Ask the server admin for details if the aforementioned Host Names
don’t work) Choose ‘Yes, perform a test’  Net Service Name: dbs Click ‘No’.
NOTE – Here, ‘dbs’ is the alias name.
You can now login in to sqlplus with ‘connect KL17003XXXX/KL17003XXXX@dbs’.
4
Pre-Lab:
Q1.What is a role and user in

oracle.
Sol)
Q2. Write a query to create a

role.
Sol)
Q3. What is the default role a user gets when it is created.
Sol)
Q4.What privilege does CONNECT role provide.
Sol)
Q5.List different types of priviliges and explain each of
4
them.
Sol)
Q6. Write a query to grant permissions to a role or a user.
Sol)
Q7.Write a query to grant password protected role to a user.
Sol)
4
In-Lab:
Q1. Create a user with a default tablespace, temporary tablespace and with a 2M quota.
Sol)NOTE – You have to connect to system account first.
Q2. Alter the earlier created user and change his password as well as lock his account.
Sol) NOTE – You have to connect to system account first.
NOTE – The account is now locked. Unlock it using the alter command again.
Q3. Display the count of employees.
Sol) NOTE – We accessed the tables from system account.
4
Q4. PayrollSpecialist - this group of employee needs to create a session and is responsible
for working with all of the Employee data. Create this role using SQL.
Q5. Provide system and object privileges to the role created earlier.
4
Q6. Grant the earlier created role (with the added privileges) to the earlier created user.
Sol)NOTE – You have to connect to system account first.
Q7. Now you will test if the earlier created user can SELECT from the hr.EMPLOYEES table.
Display all the employees with the last name ‘Smith’.
Sol) Connect to the user account you created.
Q8. Remove the earlier granted privilege from the user.
4
Post-Lab:
Q1. Connect to any database as SYS user and grant him SYSDBA privilege.
Sol)
Q2. Write a query to retrieve all the columns of data from V$PWFILE_USERS view.
Sol)
Q3. Create a role named appaccess and grant the ability to read the application tables to
that role.
Sol)
Q4.Create a role create_session_role that will have only one privilege CREATE SESSION in
order to connect to an ORACLE database.
Sol)
Q5.Write a query that adds to existing roles
Sol)
4
Q6.Create the user secadm and grant him password protected create_session_role
Sol)
(For Evaluator’s use only)

Comment of the Evaluator (if Any)
Evaluator’s Observation
Marks Secured: __________ out of ___________
Full Name of the Evaluator:
Signature of the Evaluator Date of Evaluation:
4
4

2. Backing up, recovering and restoring database
Learning Outcomes:
 To understand and implement the concept of backups using Oracle.
 To understand and implement the concept of database recovery and restoring in
Oracle.
Pre-Lab:
Q1. What is a backup in SQL?
Sol)
Q2. What is archivelog mode?
Sol)
4
Q3. What is noarchivelog mode in SQL?
Sol)
Q4. What is the command to shutdown the database?
Sol)
4
In-Lab:
Q1. Enable ARCHIVELOG mode and change flash recovery area size using SQL.
Sol)
4
4
Q2. Backup the database
Sol)
4
Q3. Restore the database
Sol)
4
Q4. Recover a deleted row in employee table using flashback query
Sol)
4
Post-Lab:
Q1. What are the advantages and disadvantages of ARCHIVELOG mode?
Sol)
Q2. What are the advantages and disadvantages of NOARCHIVELOG mode?
Sol)
4
Q3. Write a query to list details about all the database users
Sol)
Q4.Write a query to connect to the security administrator role to validate by a procedure,

that we have only permitted one account, secadm to execute the procedure. Execute it
now to acquire secadm_role
Sol)
4
Q5. Write a query to connect as secadm and run sys.p_check_secadm_access from

SQL*Plus on the Oracle Database?
Sol)

4
4

3. Triggers for Database Security 1
Learning Outcomes:
 To understand and implement the concept of triggersfor database security.
 To understand and implement the concept of restricting access using triggers.
Pre-Lab:
Q1. What is a trigger in sql? What all events are triggers written to be executed in
response to?
Sol)
4
Q2. Write the syntax of a trigger.
Sol)
Q3. What is the TO_CHAR function in sql? Write its syntax.
Sol)
Q4. What is SYSDATE in sql?
Sol)
4
Q5. Which format specifier of the ‘TO_CHAR’ function is

used to convert a datetime value to Day?
Sol)
Q6. How to raise an error in sql? Write its syntax.
Sol)
4
In-Lab:
Flow of the program – (from Q1 to Q3)
Create table ‘emp_data_labtrig’.
Create table ‘emp_backup_labtrig’.
Create trigger ‘labtrig’ to work before deletion in ‘emp_data_labtrig’ table and

create backup in ‘emp_backup_labtrig’.
Fire the trigger and check backup table.
Q1. Create a table ‘emp_data_labtrig’ with the columns ‘eno’, ‘ename’, ‘job’, ‘hire_day’
and ‘salary’ and insert the following data:
‘eno’ is the primary key.
ENO ENAME JOB HIRE_DAY SALARY

23 Jay CEO 22 100000
34 May CTO 14 100500
45 Kay CFO 02 300000
Sol)
4
Q2. Create a table called ‘emp_backup_labtrig’ with the same columns as

‘emp_data_labtrig’. Then create a trigger ‘labtrig’ which will work before deletion in
‘emp_data_labtrig’ table and create a copy of the record to be deleted in the table
‘emp_backup_labtrig’.
Sol)
4
Q3. Fire the trigger ‘labtrig’ and test whether it works by deleting the row where the
employee name is ‘Kay’ and check the ‘emp_backup_labtrig’ table and write the output.
(That means you have to delete the required row and display emp_backup_labtrig to see if
the deleted row has been copied into the table successfully.)
Sol)
4
--------------------------------------------------------------------------------------------------------------------------
Create table ‘rest_table’.
Create trigger ‘restrictions’ to restrict operations on database according to given

requirements.
Fire the trigger to test it.
Q4. Create a table ‘rest_table’ and create a trigger ‘restrictions’ that does not let a user
change the content of the table during working hours (8 am to 6 pm) and during a
Thursday or a Friday.
ENO ENAME JOB

23 Jay CEO
Sol)
4
4
Q5. Test the trigger by trying to delete the row where employee name is ‘Jay’ and write
the output.
Sol)
--------------------------------------------------------------------------------------------------------------------------
4
Post-Lab:
Q1. Create a table ‘dummy’.
DEPTNO DNAME LOC

10 Hi York
Sol)
Q2. Create a trigger ‘restrict_dummy’ on update/delete that will turn the attempted
operation around and reject it.
Sol)
4
Q3. Test the trigger ‘restrict_dummy’ by updating the record where LOC is York to New
and write the output.
Sol)

4
4

4. Triggers for Database Security 2
Learning Outcomes:
 To understand and implement the concept of triggersfor database security.
 To understand and implement the concept of auditing using triggers.
Pre-Lab:
Q1. What is auditing in Oracle?
Sol)
Q2. What are the different types of auditing present in Oracle?
Sol)
4
4
Q3. What is the importance of auditing?
Sol)
4
In-Lab:
Create table ‘emp_data_labtrig2’.
Create table ‘emp_backup_labtrig2’.
Create trigger ‘labtrig2’ to work before updating in ‘emp_data_labtrig2’ table and

create backup in ‘emp_backup_labtrig2’.
Fire the trigger and check backup table.
Q1. Create a table ‘emp_data_labtrig2’ with the column ‘eno’, ‘ename’, ‘job’, ‘hire_day’
and ‘salary’ and insert the following data:
‘eno’ is the primary key.
ENO ENAME JOB HIRE_DAY SALARY

23 Jay CEO 22 100000
34 May CTO 14 100500
45 Kay CFO 02 300000
Sol)
4
Q2. Create a table called ‘emp_backup_labtrig2’ with the same columns as

‘emp_data_labtrig2’. This will be the audit table. Then create a trigger ‘labtrig2’ which will
work before updation in ‘emp_data_labtrig2’ table and create a copy of the record to be
updated in the table ‘emp_backup_labtrig2’.
Sol)
4
Q3. Fire the trigger ‘labtrig2’ and test whether it works by updating the row where the
employee name is ‘Kay’ and check the ‘emp_backup_labtrig2’ table and write the output.
(That means you have to update the required row and display emp_backup_labtrig2 to see
if the updated row has been copied into the table successfully.)
Sol)
4
--------------------------------------------------------------------------------------------------------------------------
Create ‘dept’ table.
Create ‘deptaudit’ table.
Create trigger ‘auditDEPTAR’ that audits according to given requirements and stores the
output in ‘deptaudit’ table.
Test the trigger by inserting data and display the ‘deptaudit’ table.
Q4. Create dept table and deptaudit table.
Dept table -
DEPTNO DNAME LOC

10 ACCOUNTING NEW YORK
20 RESEARCH DALLAS
30 SALES CHICAGO
40 OPERATIONS BOSTON
Deptaudit table structure –
Name Null? Type

DEPTNO NUMBER
DNAME VARCHAR2(14)
LOC VARCHAR2(13)
CHANGE_TYPE VARCHAR2(1)
CHANGED_BY VARCHAR2(30)
4
CHANGED_TIME DATE
Sol)
Q5. Create a trigger ‘auditDEPTAR’ that audits the operations performed on the ‘dept’
table.
The trigger should work after any insert, update or delete operation.
It must log those operations in a table called ‘deptaudit’. It should display ‘I’ for insert, ‘U’
for update and ‘D’ for delete.
It must also log the data (i.e. ‘deptno’, ‘dname’, ‘loc’) as well as who changed the data and
when it was changed.
The output is stored in the table ‘deptaudit’.
Check by inserting the data 50, TEST, TESTS in ‘dept’ table.
Sample Output-
DEPTNO DNAME LOC C CHANGED_BY CHANGED_T

--------------------- ----------- -------------------- -----------------
50 TEST TESTS I SYSTEM 29-DEC-2019
4
Sol)
4
Q6. Display the audit table after insertion of data and write the output.
Sol)
4
Post-Lab:
Q1. Create a table ‘bank_transactions’ with the column ‘TID’, ‘TNO’, ‘NAME’, ‘CREATOR’
and insert the following data:
‘TID’ is the primary key
TID TNO NAME CREATOR

1 T1234 Peter HR
2 T9999 James HR
Sol)
Q2. Create a table called ‘bank_transactions_audit’ with the same columns as

‘bank_transactions’. This will be the audit table. Then create a trigger ‘labtrig22’ which
will work before updation in ‘bank_transactions’ table and create a copy of the record to
be updated in the table ‘bank_transactions_audit’.
Sol)
4
Q3. Fire the trigger ‘labtrig22’ and test whether it works by updating the row where the
name is ‘James’ and check the ‘bank_transactions_audit’ table and write the output.
(That means you have to update the required row and display bank_transactions_audit to
see if the updated row has been copied into the table successfully.)
Sol)

4
4

5. Digital Signature Generation
Learning Outcomes:
 To understand and implement the concept of Java Cryptography.
 To understand and implement the concept of Digital Signature generation.
Pre-Lab:
Q1.What is Digital Signature and what is the need of Digital Signatures?
Sol)
Q2. What are the advantages of Digital Signature?
Sol)
4
Q3. Draw the model diagram for generation of Digital Signature.
Sol)
4
Q4.Why is the KeyPairGenerator class used in java cryptography and what are the steps to
create KeyPairGenerator Class?
Sol)
4
In-Lab:
Q1. Generate the Digital Signature of the file sample.txt and store the output in
sample1.txt using java.
Sol)
4
4
Post-Lab:
Q1. Grant create_session_role to appsec and protect it with a password.
Sol)
Q2. Grant create procedure, create table, create view system priviliges to appsec_role.
Sol)
4
Q3. Grant appsec_role to appsec
Sol)
Q4. To run an application, we will create an application user, appusr. numerous people
will use an application, and the application will connect all of them to Oracle as our one
big application user. Write a query that they do not need individual person accounts and
passwords for this access
Sol)

4
4

6. Hashing in Oracle
Learning Outcomes:
 To understand and implement the concept of use of hashing for database security.
 To understand and implement the concept of hashing in Oracle.
Pre-Lab:
Q1. What is DBMS_CRYPTO?
Sol)
Q2. List the different package features in DBMS_CRYPTO.
Sol)
4
Q3. Write a short note on DBMS_CRYPTO.HASH.
Sol)
Q4. What are the different cryptographic hash algorithms present in DBMS_CRYPTO?
Sol)
Q5. Why is ‘UTL_RAW.CAST_TO_RAW’ used?
Sol)
4
In-Lab:
Flow of the program –
Create table ‘app_users’.
Create sequence ‘app_users_seq’.
Connect as SYSDBA and grant execute on dbms_crypto package.
Create function ‘get_hash’ to hash given username and password using specified
algorithm.
Create procedure ‘add_user’ which executes ‘get_hash’ function and stores the
given username and hashed password in the table ‘app_users’.
Execute the procedure ‘add_user’ with required inputs.
Display table ‘app_users’ which has username and hashed password from
‘add_user’ procedure.
4
Q1. Create a table ‘app_users’ with the following columns: id, username, password. ‘id’ is
the primary key and ‘username’ is unique.
Sol)
Q2. Create a sequence ‘app_users_seq’.
Sol)
Q3. Grant execute on dbms_crypto package to the user to be able to use that to hash.
Sol)
4
Q4. Create a function ‘get_hash’ (which uses dbms_crypto) in PL/SQL to hash the given
username and password using SH1 algorithm.
Sol)
4
Q5. Create a procedure ‘add_user’ which executes the ‘get_hash’ function and stores the
Sol)
4
Q6. Execute the function ‘add_user’ with inputs as ‘labtest’ (for username) and ‘labtest1’
(for password) and display the table ‘app_users’ from Q5.
Sol)
4
Post-Lab:
username and password using MD4 algorithm.
Sol)
4
Q2. Execute the function ‘add_user’ with inputs as ‘labtest2’ (for username) and
‘labtest12’ (for password) and display the table ‘app_users’.
Sol)
username and password using MD5 algorithm.
Sol)
4
Q4. Execute the function ‘add_user’ with inputs as ‘labtest3’ (for username) and
‘labtest123’ (for password) and display the table ‘app_users’.
Sol)

4
4

7. Validate using Hashing
Learning Outcomes:
 To understand and implement the concept of hashing in Oracle.
 To understand and implement the concept of validation using hashing in Oracle.
Pre-Lab:
Q1. Why do we need hashing algorithms for integrity checking?
Sol)
Q2. How can credentials be validated using hashing?
Sol)
4
Q3. What is SELECT INTO in PL/SQL?
Sol)
Q4. How do you execute a PL/SQL procedure?
Sol)
4
In-Lab:
Flow of the program –
Drop table ‘app_users’ and create again.
Drop sequence ‘app_users_seq’ and create again.
Connect as SYSDBA and grant execute on dbms_crypto package.
Create function ‘get_hash’ to hash given username and password using specified
algorithm.
Create procedure ‘add_user’ which executes ‘get_hash’ function and stores the
Execute the procedure ‘add_user’ with required inputs.
Display table ‘app_users’ which has username and hashed password from
‘add_user’ procedure.
Create a procedure ‘valid_user’ that validates the given credentials using the
‘get_hash’ function and ‘app_users’ table.
4
Q1. Drop the table ‘app_users’ created in the previous lab and create a table ‘app_users’
with the following columns: id, username, password. ‘id’ is the primary key and
‘username’ is unique.
Sol)
Q2. Drop the sequence created in the previous lab and create a sequence ‘app_users_seq’.
Sol)
Q3. Similar to the previous lab, grant execute on dbms_crypto package to the user to be
able to use that to hash.
Sol)
4
Q4. Similar to the previous lab, create a function ‘get_hash’ in PL/SQL to hash the given
username and password usingSH1 algorithm.
Sol)
4
Q5. Similar to the previous lab, create a procedure ‘add_user’ which executes the
‘get_hash’ function and stores the given username and hashed password in the table
‘app_users’.
Sol)
4
Q6. Execute the function ‘add_user’ with inputs as ‘labtest’ (for username) and ‘labtest1’
(for password) and display the table ‘app_users’ from Q5.
Sol)
Q7. Create a procedure ‘valid_user’ that will check if the username and password given as
input by user is valid or not by checking with the previously stored values in the
‘app_users’ table and validating.
Username 1 – labtest
Password 1 – labtest1
------------------------------
Username 2 – labtest1
Password 2 – labtest2
Sol)
4
4
Post-Lab:
Q1. Write the differences between a procedure and a function in PL/SQL.
Sol)
4
4
Q2. Create a procedure to protect access to the hrview_role
Sol)
4
Q3. Create a role named hrview_role. Through that role we will grant access to the data
needed by a variety of applications that we plan to build. At the outset, we only want
folks who are on our internal network to access this data, and only during our normal
office hours of 7 AM to 7 PM
Sol)

4
4

8. Hashing Data in Transit
Learning Outcomes:
 To understand and implement the concept of hashing using Oracle.
 To understand and implement the concept of hashing data in transit in Oracle.
Pre-Lab:
Q1. Write a short note on MD5.
Sol)
Q2. Which package of java is to be imported to be able to use MD5?
Sol)
4
Q3. Write the names of a few classes in java.security.
Sol)
Q4. Write some examples of hashing algorithms?
Sol)
Q5. How many bits does the hash value of MD5 have?
Sol)
4
In-Lab:
Q1. You are a database security consultant for a company. The company has given you the
task of creating a registration page which takes username and password as inputs and
stores the hashed value of the password in a database table. You plan to store the hash
value of the password in the database. The hashing is done using MD5. You are to
implement this using Javascript.
First, create a html page with the username and password fields. Once the credentials are
given as input and submit button is pressed, the javascript program in the background will
hash the password and store it in the database along with the username.
Create a table called ‘dbusers’ to store the credentials.
Sol)
4
4
4
Post-Lab:
task of creating apage which takes username, password and gender as inputs and stores
the hashed value of the password, gender in a database table. You plan to store the hash
values of the password, gender in the database. The hashing is done using MD5. You are
to implement this using Javascript.
First, create a html page with the username, password and gender fields. Once the details
are given as input and submit button is pressed, the javascript program in the background
will hash the password, gender and store it in the database along with the username and
original value of gender.
Create a table called ‘dbusers3’ to store the credentials.
Sol)
4
4

4
4

9. Validation of hashes of Data in Transit
Learning Outcomes:
 To understand and implement the concept of validating data in transit in Oracle.
Pre-Lab:
Q1. What is hashing (in relation to security)?
Sol)
Q2. What is data in transit?
Sol)
4
Q3. What is ResultSet?
Sol)
Q4. What method of java can you use to check if two strings are equal?
Sol)
4
In-Lab:
task of creating a login page which takes username and password as inputs and hashes
the password and compares it with the previously stored hash value (from previous lab)in
the database table and validates it. The hashing is done using MD5. You are to implement
this using Javascript.
First, create a html page with the username and password fields. Once the credentials are
given as input and submit button is pressed, the javascript program in the background will
hash the password and compare it with the previously stored value in the database.
Sol)
4
4
4
Post-Lab:
Q1.Toggle Between Roles
You can see the effects of running SET ROLE by observing your current session roles as you
toggle back and forth between create_session_role and secadm_role. As secadm user, do
this and observe the list of roles when you do each SELECT query:
i) SELECT * FROM sys.session_roles;
ii) SET ROLE create_session_role;
iii) SELECT * FROM sys.session_roles;
iv) EXECUTE sys.p_check_secadm_access;
v) SELECT * FROM sys.session_roles;
Sol)
4

4
4

10. Encrypting Data in Transit
Learning Outcomes:
 To understand and implement the concept of encryption using Oracle.
 To understand and implement the concept of encrypting data in transit in Oracle.
Pre-Lab:
Q1. Which API of java is used for cryptography?
Sol)
Q2. What are the different packages available in Java Cryptography API?
Sol)
4
In-Lab:
Q1. You are a database security consultant. You want to store some confidential
information in your database. Do this using AES encryption.
First, create a html page with the username and secret message fields. Once the inputs are
given and submit button is pressed, the javascript program in the background will encrypt
the message using AES and store it in the database along with the username.
Create a table called ‘dbusers2’ to store the output.
AES Java Code – (use this to create a package)
------------------------------------------------------------------------
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
public class AdvancedEncryption

{
private byte[] key;
private static final String ALGORITHM = "AES";
public AdvancedEncryption(byte[] key)

{
this.key = key;
}
/**
* Encrypts the given plain text
*
4
* @paramplainTextThe plain text to encrypt

*/
public byte[] encrypt(byte[] plainText) throws Exception
{
SecretKeySpecsecretKey = new SecretKeySpec(key, ALGORITHM);
Cipher cipher = Cipher.getInstance(ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
return cipher.doFinal(plainText);
}
/**
* Decrypts the given byte array
*
* @paramcipherTextThe data to decrypt
*/
public byte[] decrypt(byte[] cipherText) throws Exception
{
cipher.init(Cipher.DECRYPT_MODE, secretKey);
return cipher.doFinal(cipherText);
}
}
------------------------------------------------------------------------
Usage example:
byte[] encryptionKey = "MyKeyValue16char".getBytes(StandardCharsets.UTF_8);

byte[] plainText = "(MySecretMessage)".getBytes(StandardCharsets.UTF_8);
4
AdvancedEncryptionStandardadvancedEncryptionStandard =
newAdvancedEncryptionStandard(encryptionKey);
byte[] cipherText = advancedEncryptionStandard.encrypt(plainText);
byte[] decryptedCipherText = advancedEncryptionStandard.decrypt(cipherText);
------------------------------------------------------------------------
Sol)
4
4
4
Post-Lab:
Q1.Create an Application Security User
Sol)
Q2.Our application security user needs to create procedures, functions, Java stored
procedures, tables, and views. When creating those items, appsec requires the CREATE
PROCEDURE, CREATE TABLE, and CREATE VIEW system privileges. We will grant those
privileges to a role named appsec_role, and grant that role to the appsec user.
Sol)
4
Q3. Write a query to specify how much space appsec may use, a quota. We’ll start out
permitting two megabytes of space
Sol)
4
Q4.Write a query to Create a table in the appsec schema for logging errors and create a
trigger associated with that table.
Sol)
4
Q5.Create a trigger, to grant the privilege of non-default role

Sol)

4
4

11. Validating Data after Encryption
Learning Outcomes:
 To understand and implement the concept of encrypting using Oracle.
 To understand and implement the concept of encrypting data in transit in Oracle.
 To understand and implement the concept of validating data after encryption in
Oracle.
Pre-Lab:
Q1. Name the cryptographic algorithms present in DBMS_CRYPTO.
Sol)
Q2. What is DBMS_CRYPTO.ENCRYPT used for?
Sol)
Q3. How many bits of data do the data and keys have in AES?
Sol)
4
Q4. What is the key length of DES?
Sol)
Q5. Write a short note on Cipher Block Chaining and draw its diagram.
Sol)
Q6. What is PKCS#5?
Sol)
4
Q7. Write the syntax of DBMS_CRYPTO.ENCRYPT and DBMS_CRYPTO.DECRYPT for RAW

return type.
Hint - https://www.enterprisedb.com/edb-docs/d/edb-postgres-advanced-server/user-
guides/database-compatibility-for-oracle-developers-guide/9.4/
Database_Compatibility_for_Oracle_Developers_Guide.1.178.html
Sol)
4
In-Lab:
Q1. You are a database security consultant. You stored some confidential information
previously in your database using AES encryption.
First, create a html page with the username and secret message fields. Once the inputs are
given and submit button is pressed, the javascript program in the background will encrypt
the message using AES.Thencheck it with the data (stored in the previous lab) of the
secret message in the database table using a function. If both of them match then print
“Secret Verified Successfully”, else print “Invalid Secret”.
Create a function to check if both the values in the table are matching.
NOTE – There can only be two values in the table. One, the values entered in the previous
lab and two, the values entered in this lab.
AES Java Code –
------------------------------------------------------------------------
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
public class AdvancedEncryption

{
private byte[] key;
private static final String ALGORITHM = "AES";
public AdvancedEncryption(byte[] key)

{
this.key = key;
}
4
/**
* Encrypts the given plain text
*
* @paramplainTextThe plain text to encrypt
*/
public byte[] encrypt(byte[] plainText) throws Exception
{
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
return cipher.doFinal(plainText);
}
/**
* Decrypts the given byte array
*
* @paramcipherTextThe data to decrypt
*/
public byte[] decrypt(byte[] cipherText) throws Exception
{
cipher.init(Cipher.DECRYPT_MODE, secretKey);
return cipher.doFinal(cipherText);
}
}
Usage example:
4
byte[] encryptionKey = "MyKeyValue16char".getBytes(StandardCharsets.UTF_8);

byte[] plainText = "(MySecretMessage)".getBytes(StandardCharsets.UTF_8);
AdvancedEncryptionStandardadvancedEncryptionStandard = new
AdvancedEncryptionStandard(
encryptionKey);
byte[] cipherText = advancedEncryptionStandard.encrypt(plainText);
byte[] decryptedCipherText = advancedEncryptionStandard.decrypt(cipherText);
Sol)
4
4
4
4
Post-Lab:
Q1.We want HR to execute the appsec security structures. We’d like to create a role to
which we might grant execute on a package, and then grant that role to whomever needs
it.
Sol)
4
Q2.Write a query to grant access to HR Security Package, hr_sec_pkg, to a role that appusr
has, the hrview_role
Sol)
4
Q3.Connect to Oracle database as appsec user, and set your role to the non-default role,
appsec_role:
Sol)
4
Q4.Create the Application Security Error Log Table, t_appsec_errors

Sol)
4
Q5.Create Index for the Application Security Error Log Table, t_appsec_errors
Sol)

4
4

12. Hashing Data in Transit 2
Learning Outcomes:
Pre-Lab:
Q1.What are temporal data types in Oracle?
Sol)
Q2. What is VArray?
Sol)
4
Q3. What is the difference between rename and alias?
Sol)
Q4. Can we store pictures in the database and if so, how it can be done?
Sol)
Q5.What is hash cluster?
Sol)
4
In-Lab:
task of creating a page which takes username, message, gender and place as inputs and
stores the hashed value of the message, gender, place in a database table. You plan to
store the hash values of the message, gender, place in the database. The hashing is done
using MD5. You are to implement this using Javascript.
First, create a html page with the username, message, genderand place fields. Once the
details are given as input and submit button is pressed, the javascript program in the
background will hash the message, gender, place and store it in the database along with
the username and original value of message, gender, place.
Sol)
4
4
4
4
Post-Lab:
task of creating a registration page which takes username, password, gender and place as
inputs and stores the hashed value of the password, gender, placein a database table. You
plan to store the hash values of the password, gender, place in the database. The hashing
is done using MD5. You are to implement this using Javascript.
First, create a html page with the username, password, genderand place fields. Once the
details are given as input and submit button is pressed, the javascript program in the
background will hash the password, gender, place and store it in the database along with
the username and original value of gender, place.
Sol)
4
4
4

4
4
ROUGH
4
ROUGH

Database System Security Workbook

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Database System Security Workbook

Uploaded by

Copyright:

Available Formats

K L UNIVERSITY | DATABASE & SYSTEMS SECURITY 21CS3260R

21CS3260R DATABASE & SYSTEMS SECURITY

1. Fundamentals of Database Security.................................6

2. Backing up, recovering and restoring database..............14

3. Triggers for Database Security 1....................................24

4. Triggers for Database Security 2....................................35

5. Digital Signature Generation..........................................47

7. Validate using Hashing...................................................64

8. Hashing Data in Transit..................................................76

9. Validation of hashes of Data in Transit...........................84

10. Encrypting Data in Transit............................................91

11. Validating Data after Encryption................................101

12. Hashing Data in Transit 2...........................................115

Organization of the STUDENT LAB WORKBOOK

2023-24 EVEN SEMESTER LAB CONTINUOUS EVALUATION

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

1. Fundamentals of Database Security

Date of the Session: ___/___/___ Time of the Session: _____to______

NOTE – Here, ‘dbs’ is the alias name.

You can now login in to sqlplus with ‘connect KL17003XXXX/KL17003XXXX@dbs’.

Q1.What is a role and user in

Q2. Write a query to create a

Q3. What is the default role a user gets when it is created.

Q4.What privilege does CONNECT role provide.

Q5.List different types of priviliges and explain each of

Q6. Write a query to grant permissions to a role or a user.

Q7.Write a query to grant password protected role to a user.

Sol)NOTE – You have to connect to system account first.

Sol) NOTE – You have to connect to system account first.

Q3. Display the count of employees.

Sol) NOTE – We accessed the tables from system account.

Sol) NOTE – You have to connect to system account first.

Sol) NOTE – You have to connect to system account first.

Sol)NOTE – You have to connect to system account first.

Sol) Connect to the user account you created.

Q8. Remove the earlier granted privilege from the user.

Sol) NOTE – You have to connect to system account first.

Q5.Write a query that adds to existing roles

(For Evaluator’s use only)

Marks Secured: __________ out of ___________

Full Name of the Evaluator:

Signature of the Evaluator Date of Evaluation:

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

2. Backing up, recovering and restoring database

Date of the Session: ___/___/___ Time of the Session: _____to______

Q1. What is a backup in SQL?

Q2. What is archivelog mode?

Q3. What is noarchivelog mode in SQL?

Q4. What is the command to shutdown the database?

Q2. Backup the database

Q3. Restore the database

Q4. Recover a deleted row in employee table using flashback query

Q1. What are the advantages and disadvantages of ARCHIVELOG mode?

Q2. What are the advantages and disadvantages of NOARCHIVELOG mode?

Q4.Write a query to connect to the security administrator role to validate by a procedure,

Q5. Write a query to connect as secadm and run sys.p_check_secadm_access from

(For Evaluator’s use only)

Marks Secured: __________ out of ___________

Full Name of the Evaluator:

Signature of the Evaluator Date of Evaluation:

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

3. Triggers for Database Security 1

Date of the Session: ___/___/___ Time of the Session: _____to______

Q2. Write the syntax of a trigger.

Date of the Session: _/_/_ Time of the Session: _to____

Marks Secured: out of _

Date of the Session: _/_/_ Time of the Session: _to____

Marks Secured: out of _

Date of the Session: _/_/_ Time of the Session: _to____

Marks Secured: out of _

Date of the Session: _/_/_ Time of the Session: _to____

Marks Secured: out of _

Date of the Session: _/_/_ Time of the Session: _to____

Marks Secured: out of _

Date of the Session: _/_/_ Time of the Session: _to____