(view) or modify data. • The science and study of methods of protecting data (...) from unauthorized disclosure and modification • Data Security = Confidentiality + Integrity 2 ACCESS CONTROL IN SQL
GRANT privileges ON object TO users
[WITH GRANT OPTIONS]
privileges = SELECT | INSERT | DELETE | . . .
object = table | attribute
REVOKE privileges ON object FROM users
[CASCADE ] ACCESS CONTROL IN MYSQL • http://dev.mysql.com/doc/refman/5.0/en/privilege-system.html • The primary function of the MySQL privilege system is to authenticate a user who connects from a given host and to associate that user with privileges on a database such as SELECT, INSERT, UPDATE, and DELETE • There are some things that you cannot do with the MySQL privilege system: • You cannot explicitly specify that a given user should be denied access. That is, you cannot explicitly match a user and then refuse the connection. • You cannot specify that a user has privileges to create or drop tables in a database but not to create or drop the database itself. • A password applies globally to an account. You cannot associate a password with a specific object such as a database, table, or routine. 4 VIEWS IN SQL
A SQL View = (almost) any SQL query
• Typically used as:
CREATE VIEW pmpStudents AS
SELECT * FROM Students WHERE…
GRANT SELECT ON pmpStudents TO DavidRispoli
5 SUMMARY OF SQL SECURITY Limitations: • Often no row level access control • Note: DB specific – fine-grained access control is an active area of improvement • Table creator owns the data (not always fair) Access control = great success story of the DB community... … or spectacular failure:
• Only ~30% assign privileges to users/roles
• And then to protect entire tables, not columns MYSQL SECURITY • Access control and security within the database system itself, including the users and databases granted with access to the databases, views and stored programs in use within the database. For more information, see Section 6.2, “The MySQL Access Privilege System”, and Section 6.3, “MySQL User Account Management”. • Network security of MySQL and your system. The security is related to the grants for individual users, but you may also wish to restrict MySQL so that it is available only locally on the MySQL server host, or to a limited set of other hosts. • Ensure that you have adequate and appropriate backups of your database files, configuration and log files. Also be sure that you have a recovery solution in place and test that you are able to successfully recover the information from your backups. See Chapter 7, Backup and Recovery. WHAT IS A SQL INJECTION • ManyATTACK? web applications take user input from a form • Often this user input is used literally in the construction of a SQL query submitted to a database. For example: • SELECT productdata FROM table WHERE productname = ‘user input product name’; • A SQL injection attack involves placing SQL statements in the user input 2012 NEWS OF SQL ATTACKS • http://www.mysqlperformanceblog.com/2012/07/18/sql-injection-still-a-proble m/ • An SQL injection vulnerability resulted in an urgent June bugfix release of Ruby on Rails 3.x. • Yahoo! Voices was hacked in July. The attack acquired 453,000 user email addresses and passwords. The perpetrators claimed to have used union-based SQL injection to break in. • LinkedIn.com leaked 6.5 million user credentials in June. A class action lawsuit alleges that the attack was accomplished with SQL injection. • SQL injection was documented as a security threat in 1998, but new incidents still occur every month. Making honest mistakes, developers fail to defend against this means of attack, and the security of online data is at risk for all of us because of it. AN EXAMPLE SQL INJECTION ATTACK Product Search: blah‘ OR ‘x’ = ‘x
• This input is put directly into the SQL statement within the Web application: • $query = “SELECT prodinfo FROM prodtable WHERE prodname = ‘” . $_POST[‘prod_search’] . “’”;
• Creates the following SQL:
• SELECT prodinfo FROM prodtable WHERE prodname = ‘blah‘ OR ‘x’ = ‘x’
• Attacker has now successfully caused the entire database to be returned.
OTHER INJECTION • UsingPOSSIBILITIES SQL injections, attackers can: • Add new data to the database • Could be embarrassing to find yourself selling politically incorrect items on an eCommerce site • Perform an INSERT in the injected SQL • Modify data currently in the database • Could be very costly to have an expensive item suddenly be deeply ‘discounted’ • Perform an UPDATE in the injected SQL • Often can gain access to other user’s system capabilities by obtaining their password