Professional Documents
Culture Documents
Database Systems like any other computer system, are subject to failures but the data stored in
them must be available as and when required. When a database fails it must possess the facilities
for fast recovery. It must also have atomicity i.e. either transactions are completed successfully
and committed (the effect is recorded permanently in the database) or the transaction should have
no effect on the database.
The rollback/undo recovery technique is based on the principle of backing out or undoing the
effects of a transaction that has not been completed successfully due to a system failure or error.
This technique is accomplished by undoing the changes made by the transaction using the log
records stored in the transaction log. The transaction log contains a record of all the transactions
that have been performed on the database. The system uses the log records to undo the changes
made by the failed transaction and restore the database to its previous state.
The commit/redo recovery technique is based on the principle of reapplying the changes made by
a transaction that has been completed successfully to the database. This technique is accomplished
by using the log records stored in the transaction log to redo the changes made by the transaction
that was in progress at the time of the failure or error. The system uses the log records to reapply
the changes made by the transaction and restore the database to its most recent consistent state.
In addition to these two techniques, there is also a third technique called checkpoint recovery.
Checkpoint Recovery is a technique used to reduce the recovery time by periodically saving the
state of the database in a checkpoint file. In the event of a failure, the system can use the
checkpoint file to restore the database to the most recent consistent state before the failure
occurred, rather than going through the entire log to recover the database.
Overall, recovery techniques are essential to ensure data consistency and availability in Database
Management System, and each technique has its own advantages and limitations that must be
considered in the design of a recovery system.
1
Type of Database Backup – Physical and Logical
A database backup is a copy of storage that is stored on a server. Backup is used to prevent
unexpected data loss. If original data gets lost, then with the help of a backup, it is easy to gain
access to the data again.
There are two types of database backup.
Physical backup
Logical backup
Physical Backup:
Physical database backups are backups of physical files that are used to store and recover
databases. These include different data files, control files, archived redo logs, and many more.
Typically, physical backup data is kept in the cloud, offline storage, magnetic tape, or on a disc.
There are two methods to perform a physical backup :
1. Operating system utilities
2. Recovery manager
This type of backup is useful when the user needs to restore the complete database in a short
period. It is beneficial to provide details of transactions and changes made in databases. It is
considered the foundation of the recovery mechanism. This form of backup has the drawback of
slowing down database operations.
Advantages:
It is useful when the user needs to restore the complete database in a short period.
They provide details of transactions and changes made in databases.
Disadvantage:
This slows down database operations.
Logical Backup:
It contains logical data which is retrieved from the database. It contains a view, procedure,
function, and table. This is useful When users want to restore or transfer a copy of the database to
a different location. Logical backups are not as secure as physical backups in preventing data loss.
It only provides structural details. Every week, complete logical backups should be performed.
Logical backups are used as a supplement to a physical backup.
Advantages:
This is useful when the user needs to restore the complete database to the last time.
It was more complex and provides granular recovery capabilities.
Disadvantages:
Critical for recovery of special components.
less secure compared to physical backup.
It only provides structural details.
2
Physical Backup Vs Logical Backup:
Physical database backups are backups of Logical database backups are backups of
physical files that are used to store and recover logical files that are retrieved from the
databases. database.
It contains data files, control files, and archived It contains a view, a procedure, a function, and
redo logs. a table.
It copies data files when data is running or Using the EXPORT keyword Logical backup
stopped. is done
More secure than logical backup. Less secure as compared to Physical backup.
Both backup strategies are beneficial. The user can select their technology based on their
requirements and organizational demands.
3
Failure Classification in DBMS
Transaction Failure:
If a transaction is not able to execute or it comes to a point from where the transaction becomes
incapable of executing further then it is termed as a failure in a transaction.
Reason for a transaction failure in DBMS:
Logical error: A logical error occurs if a transaction is unable to execute because of some
mistakes in the code or due to the presence of some internal faults.
System error: Where the termination of an active transaction is done by the database
system itself due to some system issue or because the database management system is unable
to proceed with the transaction. For example– The system ends an operating transaction if it
reaches a deadlock condition or if there is an unavailability of resources.
System Crash:
A system crash usually occurs when there is some sort of hardware or software breakdown. Some
other problems which are external to the system and cause the system to abruptly stop or
eventually crash include failure of the transaction, operating system errors, power cuts, main
memory crash, etc.
These types of failures are often termed soft failures and are responsible for the data losses in the
volatile memory. It is assumed that a system crash does not have any effect on the data stored in
the non-volatile storage and this is known as the fail-stop assumption.
Data-transfer Failure:
When a disk failure occurs amid data-transfer operation resulting in loss of content from disk
storage then such failures are categorized as data-transfer failures. Some other reason for disk
failures includes disk head crash, disk unreachability, formation of bad sectors, read-write errors
on the disk, etc.
In order to quickly recover from a disk failure caused amid a data-transfer operation, the backup
copy of the data stored on other tapes or disks can be used. Thus it’s a good practice to backup
your data frequently.
Database Security
Security of databases refers to the array of controls, tools, and procedures designed to ensure and
safeguard confidentiality, integrity, and accessibility. This tutorial will concentrate on confidentiality
because it's a component that is most at risk in data security breaches.
Security for databases must cover and safeguard the following aspects:
4
o The infrastructure for computing or network that is used to connect to the database.
Security of databases is a complicated and challenging task that requires all aspects of security practices
and technologies. This is inherently at odds with the accessibility of databases. The more usable and
accessible the database is, the more susceptible we are to threats from security. The more vulnerable it is
to attacks and threats, the more difficult it is to access and utilize.
Insider Dangers
An insider threat can be an attack on security from any three sources having an access privilege to the
database.
5
o An insider who is negligent and makes mistakes that expose the database to attack. vulnerable to
attacks
o An infiltrator is an outsider who acquires credentials by using a method like phishing or
accessing the database of credential information in the database itself.
Insider dangers are among the most frequent sources of security breaches to databases. They often occur
as a consequence of the inability of employees to have access to privileged user credentials.
Human Error
The unintentional mistakes, weak passwords or sharing passwords, and other negligent or uninformed
behaviours of users remain the root causes of almost half (49 percent) of all data security breaches.
Malware
Malware is software designed to exploit vulnerabilities or cause harm to databases. Malware can be
accessed via any device that connects to the databases network.
Attacks on Backups
Companies that do not protect backup data using the same rigorous controls employed to protect
databases themselves are at risk of cyberattacks on backups.
6
o Data volumes are growing: Data capture, storage, and processing continue to increase
exponentially in almost all organizations. Any tools or methods must be highly flexible to meet
current as well as far-off needs.
o The infrastructure is sprawling: Network environments are becoming more complicated,
especially as companies shift their workloads into multiple clouds and hybrid cloud architectures
and make the selection of deployment, management, and administration of security solutions
more difficult.
o More stringent requirements for regulatory compliance: The worldwide regulatory
compliance landscape continues to increase by complexity. This makes the compliance of every
mandate more challenging.
In evaluating the security of databases in our workplace to determine our organization's top priorities,
look at each of these areas.
7
The relation (or table) level. At this level, the DBA can control the privilege to access
each individual relation or view in the database.
References privilege on R. This gives the account the capability to reference (or refer
to) a relation R when specifying integrity constraints. This privilege can also be restricted
to specific attributes of R.
Notice that to create a view, the account must have the SELECT privilege on all
relations involved in the view definition in order to specify the query that corresponds to
the view.
2. Specifying Privileges through the Use of Views
The mechanism of views is an important discretionary authorization mechanism in its
own right. For example, if the owner A of a relation R wants another account B to be able
to retrieve only some fields of R, then A can create a view V of R that includes only those
attributes and then grant SELECT on V to B. The same applies to limiting B to retrieving
only certain tuples of R; a view V can be created by defining the view by means of a
query that selects only those tuples from R that A wants to allow B to access. We will
illustrate this discussion with the example given in Section 24.2.5.
3. Revoking of Privileges
In some cases it is desirable to grant a privilege to a user temporarily. For example, the
owner of a relation may want to grant the SELECT privilege to a user for a specific task
and then revoke that privilege once the task is completed. Hence, a mechanism
for revoking privileges is needed. In SQL a REVOKE command is included for the
purpose of canceling privileges. We will see how the REVOKE command is used in the
example in Section 24.2.5.
It is possible for a user to receive a certain privilege from two or more sources. For
example, A4 may receive a certain UPDATE R privilege from both A2 and A3. In such a
case, if A2 revokes this privilege from A4, A4 will still continue to have the privilege by
virtue of having been granted it from A3. If A3 later revokes the privilege
from A4, A4 totally loses the privilege. Hence, a DBMS that allows propagation of privi-
8
leges must keep track of how all the privileges were granted so that revoking of priv-
ileges can be done correctly and completely.
Suppose that the DBA creates four accounts—A1, A2, A3, and A4—and wants
only A1 to be able to create base relations. To do this, the DBA must issue the
following GRANT command in SQL:
The CREATETAB (create table) privilege gives account A1 the capability to create new
database tables (base relations) and is hence an account privilege. This privilege was part
of earlier versions of SQL but is now left to each individual system imple-mentation to
define.
In SQL2 the same effect can be accomplished by having the DBA issue
a CREATE SCHEMA command, as follows:
User account A1 can now create tables under the schema called EXAMPLE. To con-
tinue our example, suppose that A1 creates the two base
relations EMPLOYEE and DEPARTMENT shown in Figure 24.1; A1 is then
the owner of these two relations and hence has all the relation privileges on each of them.
Next, suppose that account A1 wants to grant to account A2 the privilege to insert and
delete tuples in both of these relations. However, A1 does not want A2 to be able to
propagate these privileges to additional accounts. A1 can issue the following com-mand:
Notice that the owner account A1 of a relation automatically has the GRANT OPTION,
allowing it to grant privileges on the relation to other accounts.
However, account A2 cannot grant INSERT and DELETE privileges on
the EMPLOYEE and DEPARTMENT tables because A2 was not given the GRANT
OPTION in the preceding command.
9
Next, suppose that A1 wants to allow account A3 to retrieve information from either of
the two tables and also to be able to propagate the SELECT privilege to other
accounts. A1 can issue the following command:
The clause WITH GRANT OPTION means that A3 can now propagate the privilege to
other accounts by using GRANT. For example, A3 can grant the SELECT privilege on
the EMPLOYEE relation to A4 by issuing the following command:
Notice that A4 cannot propagate the SELECT privilege to other accounts because
the GRANT OPTION was not given to A4.
The DBMS must now revoke the SELECT privilege on EMPLOYEE from A3, and it
must also automatically revoke the SELECT privilege on EMPLOYEE from A4. This is
because A3 granted that privilege to A4, but A3 does not have the privilege any more.
Next, suppose that A1 wants to give back to A3 a limited capability to SELECT from
the EMPLOYEE relation and wants to allow A3 to be able to propagate the privilege.
The limitation is to retrieve only the Name, Bdate, and Address attributes and only for the
tuples with Dno = 5. A1 then can create the following view:
10
CREATE VIEW A3EMPLOYEE AS
FROM EMPLOYEE
WHERE Dno = 5;
After the view is created, A1 can grant SELECT on the view A3EMPLOYEE to A3 as
follows:
Finally, suppose that A1 wants to allow A4 to update only the Salary attribute
of EMPLOYEE; A1 can then issue the following command:
The UPDATE and INSERT privileges can specify particular attributes that may be
updated or inserted in a relation. Other privileges (SELECT, DELETE) are not attrib-ute
specific, because this specificity can easily be controlled by creating the appro-priate
views that include only the desired attributes and granting the corresponding privileges
on the views. However, because updating views is not always possible (see Chapter 5),
the UPDATE and INSERT privileges are given the option to specify the particular
attributes of a base relation that may be updated.
11