DBMS Security

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/16

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

17 Terms

1
New cards

What are the 3 issues of DBMS Security?

  1. Availability (to authorized users)

  2. Confidentiality(data only seen by allowed)

  3. Integrity (prevent data corruption)

2
New cards

2 Goals of Availability

  1. Making access easy for authorized users

  2. Making unauthorized access hard

3
New cards

What is DAC?

Discretionary Access Control- users set rules on who can access their data

4
New cards

What is MAC?

Mandatory Access Control- Access controlled by pre defined rules like in the military

5
New cards

DAC features in SQl are implemented with what and what is the idea behind DAC

views, they give users necessary information without revealing the origin of the data. Form of security by obscurity.

6
New cards

What is the syntax for create user , grant, and revoke?

Create user Mandy identified by 1233423

Grant select on table to public with grant option

Revoke all privileges on table from public.

7
New cards

How is MAC implemented.

Usually as a hierarchy of security classes

8
New cards

What are the two groups in the Bella-LaPadula Model and what does each group have?

  1. Subject has clearance

  2. Object has classification

9
New cards

What is Bella LaPadula 2 restrictions?

  1. Simple Security property (S can only read Y if S(clearance)>= Y(classification)

  2. Star property S can only write to Y if S(clearance)<= Y(classification)

10
New cards

What is required to keep confidentiality?

  1. Quality Passwords

  2. Data encryptions (dig signatures , encrypted keys)

11
New cards

What is the idea of integrity?

Being able to recover DBs after accidents or disasters

12
New cards

What are the 3 approaches to integrity in DBMS security?

  1. Maintain offsite backups

  2. log DBMS actions

  3. use a non zero RAID level

13
New cards

list 2 oracle security features

user auth, DB auditing

14
New cards

What is SQL injection

When a user tries to add SQL into an incomplete query in hopes of getting the DBMS to reveal more info

15
New cards

How to prevent SQL injections, 3 ways

  1. Check all user inputs

  2. Trim excess characters

  3. Only accept Raw input when needed.

16
New cards

How does DAC protect against DoS?

user storage limits and CPU limits

17
New cards

What are some ways SQL limits what a user can do under DAC?

user privileges, roles. views