Vous êtes sur la page 1sur 1

Encrpytion

*Protects sensitive data being transmitted via communication network


*Encode using a encoding algorithm so that an unauthorized user who accesses cannot
use it.

Database Administrator (DBA) is the central authority for managing a database


system
-Classifies users and grants privileges
-Responsibile for the overall security of the database system
*DB system must keep track of all operations on the DB
*If any tampering is suspected, a DB audit is performed
-DB log mainly used for security purposes - audit trail

Discretional Access Control can be at the Account level or at the relation(table)


level. Granting and revoking privileges on relations is traditionally
the main security mechanism for relational databse systems (all-or-nothing method)

Mandatory Access Control


*Classifies data and users based on security classes
Typical classes (with administrator unrestricted)
Top Secret
Secret
Confidential
Unclassified

Role-Based Access Control (RBAC)


Can set temporal constraints on roles, such as time and duration of role
activiations, and timed triggering of a role by an activation of another role.
Using RBAC model is higher desirable. Discretional access control(DAC) and
mandatory access controls(MAC) are more limited

SQL Injection
*Attracker injects a string input through the web application
SQL manipulation can add conditions to the WHERE clause of aquery
*Can add additional SQL statements or commands to existing SQL statement by
exploiting bugs