Vous êtes sur la page 1sur 7

International Journal of Computational Intelligence and Information Security, December 2012 Vol. 3, No.

10 ISSN: 1837-7823

DataBase Trigger and Integrity


Yaya Itai (PHD student of Babcock University) Computer Science & Math Department Babcock University, Nigeria AWODELEOLUDELE PhD Computer Science & Math Department Babcock University, Nigeria

NICOLAE GOGA PhD Computer Science & Math Department Babcock University, Nigeria

Abstract
Database integrity ensures data entered into the database is accurate, valid, and consistent. The need to continuously audit database modifications and current challenges faced by financial institutions in-terms of insufficient audit trail log being captured as a result of using the Data Manipulation Language (DML) commands, by privileged users, on a large number of databases, has not been adequately addressed by the traditional database audit set up currently in place. This paper explains the need for database trigger and it role in data integrity.

Keywords: DML, Data integrity, Trigger and Database 1.Introduction


In todays competitive world, organizations that leverage on customers data to improve business execution can quickly adjust their strategies to enhance performance and outpace the competition. Data integrity is a fundamental component of information security. In its broadest use, data integrity refers to the accuracy and consistency of data stored in a database, data warehouse, data mart or other construct. The term Data Integrity can be used to describe a state, a process or a function and is often used as a proxy for data quality [9]. Data with integrity is said to have a complete or whole structure. Data values are standardized according to a data model and/or data type. All characteristics of the data must be correct; including business rules, relations, dates, definitions and lineage for the data to be complete. Data integrity is imposed within a database when it is designed and is authenticated through the ongoing use of error checking and validation routines. Integrity, in database terms, is the quality of trustworthiness that the data in a database is imbued with; high levels of integrity reassure all users of a database system that they can rely on the information they retrieve from the system. Database technologies are a core component of many computing systems. They allow data to be retained and shared electronically and the amount of data contained in these systems continues to grow at an exponential rate. So does the need to ensure the integrity of the data and secure the data from unintended access. Data modeling in termsof integrity is one of the most critical tasks in building an information system. Pair a welldeveloped and solid database design with extensive but appropriate integrated database triggers; the end result will be a database implementation that consistently yields accurate andtimely information. Additionally, the database and its underlying data will realize greater data integrity with the reliance on external and sometimes faulty applications minimized, which will in turn contribute to higher audit quality and decreased business costs[8]. The default database Audit trail that captures the DML activities entries (Update, Delete and Insert), does not capture the details of what were modified. It merely shows that entries were modified on database tables[5].

2. The need for data integrity


Data integrity is the assurance that data is consistent, correct, and accessible, as we move into the database world, data integrity comes in many different types: null rules, unique column values, primary key values, referential integrity rules and complex integrity checking[13].

23

International Journal of Computational Intelligence and Information Security, December 2012 Vol. 3, No. 10 ISSN: 1837-7823

Without data integrity, we cannot even begin to be concerned with data quality since it assumes that we might not have all the data, or that we cannot access it either physically or logically, or that we can have no certitude of its condition. It becomes important to track logical data integrity as applications are implemented on architectures where data movement, operations or migrations might altar, truncate, delete or corrupt the data. This is particularly important in the context of systems of record. These are information storage systems that are considered the authoritative data source for a given piece of data or information. As a process, Data integrity verifies that data has remained unaltered in transit from creation to reception. As a state or condition, Data Integrity is a measure of the validity and fidelity of a data object. As a function related to security, a data integrity service maintains information exactly as it was inputted, and is auditable to affirm its reliability. Data undergoes any number of operations in support of decision-making, such as capture, storage, retrieval, update and transfer. Data integrity can also be a performance measure during these operations based on the detected error rate. Data must be kept free from corruption, modification or unauthorized disclosure to drive any number of missioncritical business processes with accuracy. Inaccuracies can occur either accidentally (e.g.through programming errors), or maliciously (e.g. through breaches or hacks)[9].

3. Database Triggers Operations


A trigger defines a set of actions that are executed or triggered by an update, insert, or delete on a specified table. Triggers can be created so that they execute either before a specified event (before triggers) or after a specified event (after triggers). The events that fire a trigger include DML statements that modify data in a table (INSERT, UPDATE, or DELETE) as shown in Figures 1-3, [15] DDL statements, system events such as startup, shutdown, and error messages, user events such as logon and logoff. Triggers supplement the standard capabilities of databases to provide a highly customized database management system that can restrict DML operations against a table to those issued during regular business hours. Triggers can be used for: Data validation. Ensures that a new data value is within the acceptable range. This is similar to a check constraint. Data integrity. Ensures that cross-table dependencies are maintained by updating associated data records in related tables.

Notification. Alerts administrators to potential table problems by generating electronic mail notices. Triggers are stored in the database. This allows for easier application development, as the actions that triggers perform do not have to be coded in each application. The maintenance of applications and databases is easier because if a table's rules change, only the corresponding trigger needs to be modified instead of each application program. The trigger is mostly used for maintaining the integrity of the information on the database. For example, when a new record (representing a new Customer) is added to the Customers table, new records should also be created in the tables of the Customer Information, accounts details and customers interest.
3.1 DML(update, insert and delete Operations)
DML update operations on a table, inserts an updated new records in the inserted tables. The old record that is records before updating are entered into the delete table.

24

International Journal of Computational Intelligence and Information Security, December 2012 Vol. 3, No. 10 ISSN: 1837-7823

Update new record Update Table

Inserted I

Old records before updating

deleted

Figure 1
DML (Insert Operations) on a table inserts new record into the inserted table

Insert

Table

Inserted New record Inserted

Figure2

DML Delete Operations on a table inserts the deleted records in the deleted table

Delete Deleted records Figure3

Table

Deleted Deleted records

3.1 Database triggers Application in Data integrity 3.2 Enforcement of Business Rules
Triggers can be used to maintain complex data validation and integrity. A trigger can be used to rollback SQL transactions performed with invalid or incomplete data, before being applied to the database. Triggers can be used to maintain security at a higher level by restricting access to privileged users. Triggers can be used to maintain complex check constraints. Relationship managementsystem can use triggers to generate logs of their best customers when they make big purchases, or frequent travelers, or buyers of high-profit items. Referential integrity on a child table requires the referenced parent key column to be unique. Triggers can be used as an alternative where business applications cannot guarantee that the referenced Parent key column is unique. The number of business rules that can be implemented using triggers is truly limited only by imagination or, more appropriately and business needs.

3.3 Provide sophisticated auditing


Triggers are commonly used to supplement the built-in auditing features of databases, especially when more detailed audit information is required. AFTER triggers are therefore, normally used when triggers are required to provide sophisticated auditing. By using AFTER triggers, auditing information is recorded after the triggering statement is subjected to any applicable integrity constraints, preventing cases where the audit processing is carried out unnecessarily for statements that generate exceptions to integrity constraints. The concepts of using AFTER row and

25

International Journal of Computational Intelligence and Information Security, December 2012 Vol. 3, No. 10 ISSN: 1837-7823

AFTER statement triggers dependson the information being audited. For example, row triggers provide value-based auditing on a per-row basis for tables. Triggers can also require the user to supply a "reason number" for issuing the audited SQL statement, which can be useful in both row and statement-level auditsituations.[11] The example below demonstrates a trigger that audits data modifications to the ChequeSecurityNumber table on a per-row basis. It requires that a "reason number" be stored in a global package variable before the update operations. This trigger tracks changes being made to the ChequeSecurityNumber table, and stores this information in AUDIT_TABLE and AUDIT_TABLE_VALUES. CREATE OR REPLACE TRIGGER audit_ChequeSecurityNumber AFTER INSERT OR UPDATE OR DELETE ON ChequeSecurityNumber FOR EACH ROW --WHEN ( --USER IN ( 'SYS','SYSTEM','CUSTOM','PERFSTAT','INFOPOOL','BPIAUTO','FINCONUSER','EFCC','RECONSELECTOR' ,'ITSELECTOR','MICAUDIT','AUTOUPLOAD','OSI3708','ASSET','EODUSERS','OUTLN','DBSNMP','SELECT OR') -- ) DECLARE time_now DATE; terminal CHAR(10); BEGIN -- get current time, and the terminal of the user time_now := SYSDATE; terminal := USERENV('TERMINAL'); -- record new customer cheque Security Number primary key IF INSERTING THEN INSERT INTO audit_table VALUES (audit_seq.NEXTVAL, user, time_now, terminal, 'ChequeSecurityNumber ', 'INSERT', :new.Custacctnum); -- record primary key of the deleted row ELSIF DELETING THEN INSERT INTO audit_table VALUES (audit_seq.NEXTVAL, user, time_now, terminal, 'ChequeSecurityNumber ', 'DELETE', :old.Custacctnum); -- for updates, record the primary key -- of the row being updated ELSE INSERT INTO audit_table VALUES (audit_seq.NEXTVAL, user, time_now, terminal, 'ChequeSecurityNumber ', 'UPDATE', :old.Custacctnum); -- and for CHQNUM and ACCTNO, record old and new values IF UPDATING ('CHQNUM') THEN INSERT INTO audit_table_values VALUES (audit_seq.CURRVAL, 'CHQNUM', :old.chqnum, :new.chqnum); ELSIF UPDATING ('ACCTNO') THEN INSERT INTO audit_table_values VALUES (audit_seq.CURRVAL, 'ACCTNO',

26

International Journal of Computational Intelligence and Information Security, December 2012 Vol. 3, No. 10 ISSN: 1837-7823

:old.acctno, :new.acctno); END IF; END IF; END; /

3.4 Automatic generation of derived column values


Triggers can derive column values automatically based upon a value provided by an INSERT or UPDATE statement. This type of trigger is useful to force values in specific columns that depend on the values of other columns in the same row. BEFORE row triggers are necessary to complete this type of operation because [11] The dependent values must be derived before the insert or update occurs so that the triggering statement can use the derived values. The trigger must fire for each row affected by the triggering INSERT or UPDATE statement.

The following illustrates how a trigger can be used to derive new column values for a table whenever a row is inserted or updated. BEFORE INSERT OR UPDATE OF cname ON coustomer /* before updating the CNAME field, derive the values for the UPPERNAME and SOUNDEXNAME fields. Users should be restricted from updating these fields directly. */ FOR EACH ROW BEGIN :new.uppername := UPPER(:new.cname); :new.soundexname := SOUNDEX(:new.cname END;

3.5Prevention of Invalid Transactions


Database triggers provides the functionality to validate and cancel invalid INSERT, UPDATE, or DELETE transactions or to prevent changes to your database schema. This can be accomplished by incorporating validation logic into the trigger and then rolling back the current transaction if the action does not meet the validation criteria. The trigger below performs simple validation of INSERT statements on a table. If the inserted integer value is equal to one, the transaction is rolled back and the value is not inserted into the table. The Transact-SQL script below creates a test table, assembly, and managed stored procedure. Note that the two INSERT statements are wrapped in a try/catch block so that the exception thrown when the trigger finishes execution is caught.[11] -- Create the test table, assembly, and trigger. CREATE TABLE Table1(c1 int); go CREATE ASSEMBLY ValidationTriggers from '||:\\ ValidationTriggers.dll'; go CREATE TRIGGER trig_InsertValidator ON Table1 FOR INSERT

27

International Journal of Computational Intelligence and Information Security, December 2012 Vol. 3, No. 10 ISSN: 1837-7823

AS EXTERNAL NAME ValidationTriggers.Triggers.trig_InsertValidator; go BEGIN TRY INSERT INTO Table1 VALUES(42) INSERT INTO Table1 VALUES (1) END TRY BEGIN CATCH SELECT ERROR_NUMBER () AS ErrorNum, ERROR_MESSAGE() AS ErrorMessage END CATCH; -- Clean up. DROP TRIGGER trig_InsertValidator; DROP ASSEMBLY ValidationTriggers; DROP TABLE Table1

4. Conclusion
Data integrity is an important part of an organization daily operations and technology has a vital part to play in ensuring adequacyof data integrity. With the rising complexity of data integrity challenges, database triggers techniques go a long way to improving the effectiveness of data integrity issues. The use of the various database trigger techniques such as prevention of invalid transactions, financial business rule enforcement, sophisticated auditing and automatic column values derivation. Database trigger therefore has an important role to play in the enforcement of data integrity that would be capable of standing up to data integrity challenges we face in our operating environment today.

28

International Journal of Computational Intelligence and Information Security, December 2012 Vol. 3, No. 10 ISSN: 1837-7823

References
[1] Baker,W. H., Hutton, A., Hylender, C. D., Novak, C., Porter, C., Sartin, B., Tippett, P., & Valentine, J. A. (2009). The 2009 data breach investigations report.[1] Dr. Ramon Barquin (2007). Data Integrity and Business Intelligence. [2] Caruso, F., M. Cochinwala, U. Ganapathy, G. Lalk, and P. Missier. "Telcordias Database Reconciliation and Data Quality Analysis Tool." VLDB, 2000: 615-618. [3] Ceri, S. ; Cochrane, R. J. & Widom, J. (2000). Practical Applications of Constraints Triggers: Successes and Lingering Issues. Proceedings of 26th.VLDB Conference, CairoEgypt, September 2000. [4] Chandrasekaran, S. & Kehoe, B. (2003). Technical comparison of Oracle real application clusters vs. IBM DB2 UDB ESE. [5] Craig Mullins and Steve Callan (2004). Collaborative computing. [6] Craig Buckler, 2011 database triggers operations and constraints. Crossman, P. (2007). The LessThan-Obvious Costs of Ignoring Data Architectures .Wall Street & Technology. [7] David H. Olsen, Olga Yatsenko and Nicole Forsgren Meek ,ENHANCING DATABASE INTEGRITY AND PROCESS AUTOMATION THROUGH SMART TRIGGERS ( IACI 2002): 490-496 [8]Eric N. Hanson(2010). integrity constraints in a transaction database using triggers [9] Fergal Glynn (2012). Ensuring database integrity checks. [10] Steven H. Blackwell (2007). The importance maintaining data integrity and availability. [11] Trigger Functions, SQL Server 2012 http://msdn.microsoft.com/en-us/library/ff848758.aspx [12] Y Jin (2009). A framework of fuzzy triggers for XML database systems. [13] Juff Ash(2006). Using triggers to maintain database integrity . [14] Sapna (2010). Enforcing data integrity through triggers [15] Shivprasad koirala, Implementing Audit Trail using Trigger 2009 [16] Jorge H. Doom & Laura C. Rivero (2002).Database integrity challenges& solutions. [17] Md. Marufuzzamn (2009). Overview of database triggers

29

Vous aimerez peut-être aussi