CH 5.

DATABASE SECURITY & TRANSACTION PROCESSING

What is database security?

Database security refers to the range of tools, controls, and measures
designed to establish and preserve database confidentiality, integrity, and
availability.

Database security must address and protect the following:

The data in the database
The database management system (DBMS)
Any associated applications
The physical database server and/or the virtual database server and the
underlying hardware
The computing and/or network infrastructure used to access the database
Database Security can be given by following ways-
1) Physical Considerations:
Actual Physical location of computer system must be secured against
unauthorized access.
2) Human Considerations:
Users of databases must be authorized & Authenticated users should be given
full access to databases.
3) Operating System issues:
Weakness in part of OS security may lead to unauthorized access to databases, so
proper Antiviruses must be installed & Firewall must be configured.
4) Network level issues:
A data can be accessed remotely via network links, so private data which is
valuable to organizations must be protected. It can be secured by following some
protocols (rules & regulations).
5) Database System issues:
A database system must ensure that there are no violations against security. It also
must satisfy that data is in integrated form & certain consistency constraints
are applied on it.
Types of Database users

A) Actors
Database Administrator (DBA): responsible for access to the database, for
coordinating and monitoring its use, acquiring software/hardware
resources, controlling its use and monitoring run-time performance.

B) End-users:
Use the data for queries, reports and some even update database content.
Users are differentiated by the way they expect to interact with the system.
1) Application programmers:
These are computer professionals who interact with system through DML
calls.
2) Specialized users:
write specialized database applications that do not fit into the traditional
data processing framework ex. Expert system, CAD system etc.
3) Sophisticated users:
form requests in a database query language.
4) Naive users:
these are unsophisticated users invoke one of the permanent application
programs that have been written previously. They not having any technical
knowledge & provides simple commands provided in user interface. Ex.
Data entry operator
5) Database Designers
responsible for to define the content, structure, constraints, and functions
or transactions against the database. Develops DB oriented softwares like
MySQL, Server2003 etc.
CREATING USER
Creating External Database Users:
The following example creates an external user, who must be identified by an
external source before accessing the database:
CREATE USER <USR-NM> IDENTIFIED BY PASSWORD;
Ex. SQL> Create user Anil identified by root;

Altering User
ALTER USER myuser IDENTIFIED BY new_password;
Ex. SQL> Alter user Anil identified by system;
Locking and unlocking User
SQL> ALTER USER myuser ACCOUNT LOCK;
SQL> ALTER USER myuser ACCOUNT UNLOCK;
SQL> ALTER USER myuser PASSWORD EXPIRE;

Deleting User
If we are going to create users, we better be able to remove them
SQL> DROP USER myuser CASCADE;
PROTECTING DATA WITHIN DATABASE
Database privileges-:
Privileges specify the type of Data Manipulation Language (DML)
operations like SELECT, INSERT, UPDATE, DELETE, etc., which the
user can perform upon data.

Privileges:
A privilege is permission to access a named object in a prescribed manner;
For example, permission to query a table.
Database privileges:
A privilege is a right to execute a particular type of SQL statement or to access
another user's object.
Some examples of privileges include:
• The right to connect to the database (create a session)
• The right to create a table
• The right to select rows from another user's table
• The right to execute another user's stored procedure

System privileges: A system privilege is the right to perform a particular action

(Administrative Action), on a particular type of object. For example, the privileges
to create tables and to delete

Object privileges
An object privilege is a privilege or right to perform a particular action on a
specific table, view, sequence, procedure, function, or package.
For example, the privilege to delete rows from the table DEPT is an object
privilege.
1. GRANT: A DBA or user can grant access permission on owned database objects to other user
or roles using GRANT command.

Syntax:
GRANT [privilege]
ON [object]
TO {user |PUBLIC |role} [WITH ADMIN | GRANT OPTION];

Example
SQL> GRANT CREATE SESSION TO U1;
Above privilege will enable U1 to create a session in the database.
SQL> Grant Select, Delete on Emp to Anil;

2. REVOKE : The DCL command is used to revoke or deny an existing privilege from a user.
Syntax:
REVOKE [privilege]
ON [object]
FROM {USER |PUBLIC | ROLE};

Example
SQL> Revoke Select, Delete on Emp from Anil;
TRANSACTION PROCESSING:
The concept of Transaction
 The collection of operation that forms single logical unit of work is called as Transaction.
 This is a program whose execution accesses & updates contents of database.
 After every transaction database should be in a Consistent state.

Ex. Transaction has its name with End statement. Initially, A=500, B=400.
Before & after transaction values of A & B must be in Consistent state.
T1:
Read (A); ------ A=500;
A=A-50; ------ A= 500-50;
Write (A); ------ A= 450;
Read (B); ------ B=400;
B=B+50; ------ B=400+50;
Write (B); ------ B=450;
End;
Here, Before Transaction A+B= (500+400)=900;
After Transaction A+B= (450+450)=900;
Properties of Transaction: ACID Properties

1. Atomicity:
It defines that either all operation of transaction should properly get
executed or none of them.
2. Consistency:
It defines that, if database was in a consistent state before start of
transaction or on termination of transaction.
3. Isolation:
It defines that, when multiple transactions executes concurrently, each
transaction is unaware of other transaction processing in a system.
4. Durability:
It defines that when transaction completes successfully, changes made by it
to the database must be saved inspite of any system failure.
States of Transaction
1) Active: This is the initial state. The transaction stay in this state while it is executing.
2) Partially Committed: This is the state after the final statement of the transaction is
executed.
3) Failed: After the discovery that normal execution can no longer proceed.
4)Aborted: The state after the transaction has been rolled back and the database has
been restored to its state prior to the start of the transaction.
5) Committed: The state after successful completion of the transaction. We cannot
abort or rollback a committed transaction.
DATABASE BACKUP
 A data backup is the result of copying or archiving files and folders for the
purpose of being able to restore them in case of data loss.
 Data loss can be caused by many things ranging from computer viruses to
hardware failures to file corruption to fire, flood, or theft etc.

Types of failure:
1) Hardware failures: Hardware failures may include memory errors, disk
crashes, bad disk sectors, disk full errors and so on
2) Software failures: Software failures may include failures related to softwares
such as, operating system, DBMS software, application programs and so on.
3) System crashes: System crashes are due to hardware or software
4) Statement Failure: It is referred as the inability of database system to execute
given SQL statement
5) Media Failure: It occurs when proper data backup not taken on media such as
CD, HDD etc. Ex. Disk head crash.
6) Application Software errors: It occurs when any application software fails to
take input, resource limitation problem etc.
Causes of Failure

 System Crashes
 User Error
 Carelessness
 Sabotage (intentional corruption of data)
 Statement Failure
 Application software errors
 Network Failure
 Media Failure
 Natural Physical Disasters
 File Corruption
 File System damage
 Database hardware failure
Database Backup:
A backup is a copy of data from your database that can be used to reconstruct that data.
Database backup is the process of backing up the operational state, architecture and stored
data of database software.
1. Physical Backup
Physical backups are copies of physical database files.
For example, a physical backup might copy database content from a local disk drive to
another secure location.
A physical backup can be hot or cold:
a) Hot backup—
Users can modify the database during a hot backup.
b) Cold backup—
Users cannot modify the database during a cold backup, so the database and the backup copy
are always synchronized.

2. Logical Backup
A logical backup copies data, but not physical files, from one location to another.
A logical backup is used to move or archive a database, tables, or schemas and to verify
database structures.
DATABASE RECOVERY:
Data recovery is the process of restoring data that has been lost, accidentally deleted, corrupted or
made inaccessible.
The System Recovery Options menu contains several tools, such as Startup Repair, that can help
you recover Windows from a serious error.

1) Roll Forward (Forward Recovery)

Roll-forward recovery, used together with after-imaging and backup, lets you recover from media
failures.
When a database disk fails, you can restore the most recent backup, then use roll-forward
recovery to restore the database to the condition it was in before you lost the disk.

2) Rollback (Backward Recovery)

Rollback segments are used to identify and undo transactions that were never committed, yet were
either saved to the data files before the failure, or were applied to the database during the roll forward.
This process is called rolling back or transaction recovery

ROLLBACK Statement
The ROLLBACK statement is the inverse of the COMMIT statement.
It undoes some or all database changes made during the current transaction.
Syntax
ROLLBACK ;