P1L7: Database Security Flashcards
Importance of DB security
–Databases store massive amounts of sensitive data–Data has structure that influences how it is accessed–Accessed via queries or programs written in languages like SQL–Transactional nature of queries (done completely or not done at all)–Derived data or database views
Who are the biggest threats to DB?
Insiders and unauthorized users
Databases are attractive to users because
–they store info that is easily monetized–they store info about a lot of users–query languages used to access data can be abused
Relational Databases
–Consists of relations or tables
RDBS table
A table is defined by a schema and consists of tuples
Tuples
Store attribute values as defined by schema
Keys
Used to access data in tuples
Primary Key
A unique key for each tuple in the table
Foreign Key
A primary key from another table
T/F: A database view enhances data security.
True. It can exclude sensitive attributes that should not be accessible to certain users
DB Access Control
GRANT or REVOKE
Privileges
SELECT, INSERT, UPDATE, or DELETE
SQL injections
Malicious SQL commands sent to a database
SQL Injection Defenses
–Input checking (all input is evil)Top 10 Defenses1. Parameterize Queries2. Encode data3. Validate all inputs4. Implement appropriate access controls5. Establish identity and authentication controls6. Protect Data and Privacy7. Implement logging, error handling, and intrusion detection8. Leverage security features of frameworks and security libraries9. Include securityspecific requirements10. Design and architect security libraries
Inference attacks
Using the data to make an inference about the results returned. Sometimes requires additional outside info.
