Web Database Security Session 12 & 13 Matakuliah : Web Database Tahun

advertisement
Matakuliah : Web Database
Tahun
: 2008
Web Database Security
Session 12 & 13
Last Session Review:
•Overview Transaction
•Incomplete or Abandoned Transaction
•Problem in Transaction
•Locking and Deadlock
•Web Database Transaction
2
Agenda:
•Overview Security
•Database Security
•Web Security
•Client Security
•Efficiency vs Security
•Review of Session 8 - 13
3
Objectives:
•Student understand about Security in Database,
web and client
•Student can choose which type of security that
they want to implement in their web database
application
•Student can analyse the balance between
Efficiency and Security
4
Overview Security
• Why need Security?
– Ensure the integrity of the database as a whole
– Protect it so that it keeps working
– Ensure the every who have no access to the data can not access the data
• Type of Security in Web Database Application?
– Database Security
– Web Security
– Client Security
5
Database Security
• What is Database Security?
– The mechanisms that protect the database against intentional or accidental
threats
• Database Security secure data from:
–
–
–
–
–
Theft and fraud
Loss of confidentiality (secrecy)
Loss of privacy
Loss of integrity
Loss of availability
6
Database Security (cont.)
• What is Threats?
– Any situation or event, whether intentional or accidental, that may adversely
affect a system and consequently the organization
• Source of threats?
–
–
–
–
–
Hardware
DBMS and application software
Communication Networks
Internet
People:
• Users
• Programmers/operators
• Data/Database administrators
7
Database Security (cont.)
• Techniques to Database Security?
–
–
–
–
–
–
–
Authentication and Authorization
Access controls
View
Backup and recovery
Integrity
Encryption
RAID technology
8
Database Security (cont.)
• Case Study for Database Security
Finance Department are really concern about their financial data.
Just a few weeks ago there has been a security breach. The formeremployee has log in to the database server, steal and change the
valuable financial data.
Please explain how this situation can be prevent? And how to
restore the previous data?
9
Web Security
• What is Web Security?
– The mechanisms that protect the all transaction using web
• Web Security Challenges:
–
–
–
–
–
Ensuring it is inaccessible to anyone but the sender and receiver (privacy)
Ensuring it has not been changed during transmission (integrity)
Ensuring the receiver can be sure it come from the sender (authenticity)
Ensuring the sender can be sure the receiver is genuine (non-fabrication)
Ensuring the sender cannot deny he or she sent it (non-repudiation)
• Three main areas in Web Security:
– Identities of those involve
– No one else can access the data
– No one can tamper with the data
10
Web Security (cont.)
• Techniques to do Web Security:
–
–
–
–
–
–
–
–
–
Proxy Servers
Firewalls
Message Digest Algorithms and Digital Signatures
Digital Certificates
Kerberos
Secure Sockets Layer and Secure HTTP
Secure Electronic Transaction and Secure Transaction Technology
Java Security
ActiveX Security
11
Web Security (cont.)
• Case Study for Web Security
A web database application allows users to enter the name of a
product. This text is then appended to the following SQL,
select * from products where productname=“”
Explain the risk of the code. Describe precautions that could be
taken to avoid these.
12
Client Security
• Information transmitted to Client’s machine may have executable
content that can perform:
–
–
–
–
–
Corrupt data or the execution state of programs
Reformat complete disks
Perform a total system shutdown
Collect and download confidential data
User identity and impersonate the user to attach other targets on the
networks
– Lock up resources
– Cause non-fatal but unwelcome effects
13
Client Security (cont.)
• Have to sure:
– Browser operate in “Sandbox”, where it cannot reach or reveal anything
about the system beyond
– Not disrupt the client
– Strictly limited opportunity for a Web system to write to the Client’s file
system  cookies
14
Efficiency VS Security
• Increase security may decrease efficiency
• Find the balance between security and efficiency
– How much do you want efficiency
– How much do you want to protect your data
15
Review of Session 8 - 13
• Web Database Implementation
• Web Database Transaction
• Web Database Security
16
Summary
• Security is very important to Web Database Security
• We should add security but keep our efficiency
17
End of
Web Database Security
Thank you
18
Download