Database and database Learning

Database and database Learning
Computer System Security

Various Security Measures Established and taken for computer systems to protect hardware, software, and data in computer systems and prevent accidental or malicious damage to the system, data has been changed or leaked.

A major feature of the database is that data sharing will inevitably lead to database security issues. Data Sharing in the database system cannot be an unconditional sharing example: military secrets, state secrets, new product experimental data, market demand analysis, marketing strategies, sales plans, customer archives, medical records, and bank savings data

EC/TDI security level Division

Systems above B2
Still in the theoretical research stage
Applications are mostly limited to some special departments, such as the military.
The United States is vigorously developing security products, trying to put the B2 security level currently limited to a few fields of applications into commercial applications, and gradually become a new business standard

CC

CC
Put forward internationally recognized structure for expressing Information Technology Security
Divide the security requirements of information products
Security functional requirements
Security assurance requirements

Database Security Control Overview

Illegal database use
Write a legal program to bypass DBMS and its authorization mechanism
Directly or write applications for unauthorized operations
Export some confidential data from the database through multiple legal queries

User Identification and Identification

(Identification & Authentication)
Outermost security measures provided by the system
User ID
Password
The system checks the password to identify the user.
Usernames and passwords are easily stolen.
Each user requires a computing process or function in advance.

Access Control Mechanism

Composition
Define User Permissions
Check valid Permissions
The user permission definition and legal right Check Mechanism constitute the DBMS security subsystem.
Common Access Control Methods
Independent Access Control (DAC)
Level C2
Flexible
Mandatory Access Control (MAC)
B1 level
Strict

Independent Access Control Method

Implemented through the GRANT statement and REVOKE Statement of SQL
User permission Composition
Data Object
Operation Type
Define User Access Permissions: Define the database objects on which users can perform operations
Define access permission as authorization

Authorization and Revocation

1. General Format of the GRANTGRANT statement: GRANT <permission> [, <permission>]... [ON <object type> <Object Name>] TO <user> [, <user>]... [with grant option];

Meaning: grant the specified operation permission of the specified operation object to the specified user.

GRANT

Send GRANT:
DBA
Database Object Creator (Owner)
Users with this permission

By authorized users
One or more specific users
PUBLIC (All Users)
With grant option clause:
Specify: You can grant
Not specified: cannot be propagated

[Example 1] GRANT the Student TABLE query permission TO U1 grant select on table Student TO U1;

[Example 2] grant all permissions ON Student and Course tables TO users U2 and U3 grant all priviliges on table Student, Course TO U2, U3;

[Example 3] GRANT the query permission ON the table SC to all users GRANT the select on table SC TO PUBLIC;

[Example 4] GRANT the user the permission TO query the Student TABLE and modify the Student id to U4 grant update (Sno) and select on table Student TO U4; when authorizing an attribute column, you must specify the corresponding attribute column name.

[Example 5] GRANT the INSERT permission ON the table SC to the U5 user, and allow the user to grant this permission TO other users GRANT the insert on table SC TO U5 WITH GRANT OPTION;

After example 5 is executed, U5 not only has the INSERT permission ON the table SC, but also can spread this permission: [Example 6] grant insert on table SC TO U6 WITH GRANT OPTION; similarly, u6 can also GRANT this permission TO U7: [Example 7] grant insert on table SC TO U7; however, U7 cannot spread this permission.

Ii. REVOKE
The granted permissions can be revoked by the DBA or another Authorizer using the REVOKE statement.

The general format of the REVOKE statement is: REVOKE <permission> [, <permission>]... [ON <object type> <Object Name>] FROM <user> [, <user>]...;

[Example 8] REVOKE the user's U4 Student ID modification permission revoke update (Sno) on table Student FROM U4;

[Example 9] REVOKE the query permission of all users to the table SC revoke select on table SC FROM PUBLIC;