Presentation is loading. Please wait.

Presentation is loading. Please wait.

M.P. Johnson, DBMS, Stern/NYU, Spring 20081 C20.0046: Database Management Systems Lecture #19 M.P. Johnson Stern School of Business, NYU Spring, 2008.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "M.P. Johnson, DBMS, Stern/NYU, Spring 20081 C20.0046: Database Management Systems Lecture #19 M.P. Johnson Stern School of Business, NYU Spring, 2008."— Presentation transcript:

1 M.P. Johnson, DBMS, Stern/NYU, Spring 20081 C20.0046: Database Management Systems Lecture #19 M.P. Johnson Stern School of Business, NYU Spring, 2008

2 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 2 Agenda Security  Web issues Transactions RAID? Stored procedures? Implementation?

3 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 3 Review: hashes Hash tables Hash functions Secure hash functions Families of secure hash functions

4 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 4 New topic: Security on the web Authentication  If the website user wants to pay with George’s credit card, how do we know it’s George?  If the website asks George for his credit card, how does he know it’s our site? Maybe it’s a phishing site… Secrecy  When George enters his credit card, will an eavesdropper be able to see it? Protecting against user input  Is it safe to run SQL queries based on user input?

5 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 5 Security on the web Obvious soln: passwords  What’s the problem? Slightly less obvious soln: passwords + encryption Traditional encryption: “symmetric” / “private key”  DES, AES – fast – solves problem? “Newer” kind: “asymmetric” / “public key”  Public key is published somewhere  Private key is top secret  RSA – slow – solves problem?

6 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 6 Hybrid protocols (SSH,SSL/HTTPS, etc.) Neither private- nor public-key alone suffices  They each only solve half of each problem But together they solve almost everything Recurring strategy:  We do private-key crypto  Where do we get the key?  You send it (encrypted) to me

7 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 7 SSH-like authentication (intuition) sales has a public-key When you connect to sales, 1. You pick a random number 2. Encrypt it (with the cert) and send it to them 3. They decrypt it (with their private key) 4. Now, they send it back to you  Since they decrypted it, you trust they’re sales

8 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 8 HTTPS-like authentication (intuition) Amazon has a public-key certificate  Encrypted with, say, Verisign’s private key When you log in to Amazon, 1. They send you the their Verisign-encrypted cert 2. You decrypt it (with Verisign’s public key), and check that it’s a cert for amazon.com  Since the decrypt worked, the cert must have been encrypted by Verisign  So this must really be Amazon

9 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 9 Authentication on the web Now George trusts that it’s really Amazon  Assuming Amazon’s private key is secure  And excluding man-in-the-middle… But: What if, say, Dick guessed George’s password?  Another way: What if George claims Dick guessed his password? Soln: same process, but in reverse  But now you need to get your own cert…

10 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 10 Hybrid protocol for encryption Amazon just sent you their public-key cert When you log in to Amazon, 1. You pick a random number (“session key”) 2. You encrypt it (with the cert) and send it to them 3. They decrypt it (with their private key)  Now, you both share a secret key  can now encrypt passwords, credit cards, etc.

11 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 11 Query-related: Injection attacks Here’s a situation: Prompt for user/pass Do lookup: If found, user gets in  test.user table in MySQL  http://pages.stern.nyu.edu/~mjohnson/dbms/php/login.php / txt http://pages.stern.nyu.edu/~mjohnson/dbms/php/login.phptxt  http://pages.stern.nyu.edu/~mjohnson/dbms/php/users.php / txt http://pages.stern.nyu.edu/~mjohnson/dbms/php/users.phptxt Modulo the no hashing, is this a good idea? SELECT * FROM users WHERE user=u AND password=p; SELECT * FROM users WHERE user=u AND password=p;

12 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 12 Injection attacks We expect to get input of something like:  user: mjohnson  pass: topsecret  SELECT * FROM users WHERE user = u AND password = p; SELECT * FROM users WHERE user = u AND password = p; SELECT * FROM users WHERE user= 'mjohnson' AND password = 'topsecret'; SELECT * FROM users WHERE user= 'mjohnson' AND password = 'topsecret';

13 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 13 Injection attacks – MySQL/Perl/PHP Consider another input:  user: ' OR 1=1 OR user = '  pass: ' OR 1=1 OR pass = '  SELECT * FROM users WHERE user = u AND password = p; SELECT * FROM users WHERE user = u AND password = p; SELECT * FROM users WHERE user = ' ' OR 1=1 OR user = ' ' AND password = ' ' OR 1=1 OR pass = ' '; SELECT * FROM users WHERE user = ' ' OR 1=1 OR user = ' ' AND password = ' ' OR 1=1 OR pass = ' '; http://pages.stern.nyu.edu/~mjohnson/dbms/php/login.php http://pages.stern.nyu.edu/~mjohnson/dbms/eg/injection.txt SELECT * FROM users WHERE user = '' OR 1=1 OR user = '' AND password = '' OR 1=1 OR pass = ''; SELECT * FROM users WHERE user = '' OR 1=1 OR user = '' AND password = '' OR 1=1 OR pass = '';

14 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 14 Injection attacks – MySQL/Perl/PHP Consider this one:  user: your-boss ' OR 1=1 #  pass: abc  SELECT * FROM users WHERE user = u AND password = p; SELECT * FROM users WHERE user = u AND password = p; SELECT * FROM users WHERE user = 'your-boss ' OR 1=1 #' AND password = 'abc'; SELECT * FROM users WHERE user = 'your-boss ' OR 1=1 #' AND password = 'abc'; http://pages.stern.nyu.edu/~mjohnson/dbms/php/login.php SELECT * FROM users WHERE user = 'your-boss' OR 1=1 #' AND password = 'abc'; SELECT * FROM users WHERE user = 'your-boss' OR 1=1 #' AND password = 'abc';

15 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 15 Injection attacks – MySQL/Perl/PHP Consider another input:  user: your-boss  pass: ' OR 1=1 OR pass = '  SELECT * FROM users WHERE user = u AND password = p; SELECT * FROM users WHERE user = u AND password = p; SELECT * FROM users WHERE user = 'your-boss' AND password = ' ' OR 1=1 OR pass = ' '; SELECT * FROM users WHERE user = 'your-boss' AND password = ' ' OR 1=1 OR pass = ' '; http://pages.stern.nyu.edu/~mjohnson/dbms/php/login.php SELECT * FROM users WHERE user = 'your-boss' AND password = '' OR 1=1 OR pass = ''; SELECT * FROM users WHERE user = 'your-boss' AND password = '' OR 1=1 OR pass = '';

16 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 16 Multi-command inj. attacks (other DBs) Consider another input:  user: ' ; DELETE FROM users WHERE user = ' abc ' ; SELECT FROM users WHERE password = '  pass: abc  SELECT * FROM users WHERE user = u AND password = p; SELECT * FROM users WHERE user = u AND password = p; SELECT * FROM users WHERE user = ' ' ; DELETE FROM users WHERE user = 'abc'; SELECT FROM users WHERE password = ' ' AND password = 'abc'; SELECT * FROM users WHERE user = ' ' ; DELETE FROM users WHERE user = 'abc'; SELECT FROM users WHERE password = ' ' AND password = 'abc'; SELECT * FROM users WHERE user = ''; DELETE FROM users WHERE user = 'abc'; SELECT FROM users WHERE password = '' AND password = 'abc'; SELECT * FROM users WHERE user = ''; DELETE FROM users WHERE user = 'abc'; SELECT FROM users WHERE password = '' AND password = 'abc';

17 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 17 Consider another input:  user: ' ; DROP TABLE users; SELECT FROM users WHERE password = '  pass: abc  SELECT * FROM users WHERE user = u AND password = p; SELECT * FROM users WHERE user = u AND password = p; SELECT * FROM users WHERE user = ' ' ; DROP TABLE users; SELECT FROM users WHERE password = ' ' AND password = 'abc'; SELECT * FROM users WHERE user = ' ' ; DROP TABLE users; SELECT FROM users WHERE password = ' ' AND password = 'abc'; SELECT * FROM users WHERE user = ''; DROP TABLE users; SELECT FROM users WHERE password = '' AND password = 'abc'; SELECT * FROM users WHERE user = ''; DROP TABLE users; SELECT FROM users WHERE password = '' AND password = 'abc'; Multi-command inj. attacks (other DBs)

18 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 18 Consider another input:  user: ' ; SHUTDOWN WITH NOWAIT; SELECT FROM users WHERE password = '  pass: abc  SELECT * FROM users WHERE user = u AND password = p; SELECT * FROM users WHERE user = u AND password = p; SELECT * FROM users WHERE user = ' ' ; SHUTDOWN WITH NOWAIT; SELECT FROM users WHERE password = ' ' AND password = 'abc'; SELECT * FROM users WHERE user = ' ' ; SHUTDOWN WITH NOWAIT; SELECT FROM users WHERE password = ' ' AND password = 'abc'; SELECT * FROM users WHERE user = ''; SHUTDOWN WITH NOWAIT; SELECT FROM users WHERE password = '' AND password = 'abc'; SELECT * FROM users WHERE user = ''; SHUTDOWN WITH NOWAIT; SELECT FROM users WHERE password = '' AND password = 'abc'; Multi-command inj. attacks (other DBs)

19 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 19 Injection attacks – MySQL/Perl/PHP Consider another input:  user: your-boss  pass: ' OR 1=1 AND user = 'your-boss  Delete your boss! DELETE FROM users WHERE user = u AND password = p; DELETE FROM users WHERE user = u AND password = p; DELETE FROM users WHERE user = 'your-boss' AND pass = ' ' OR 1=1 AND user = ' your-boss'; DELETE FROM users WHERE user = 'your-boss' AND pass = ' ' OR 1=1 AND user = ' your-boss'; http://pages.stern.nyu.edu/~mjohnson/dbms/php/users.php DELETE FROM users WHERE user = 'your-boss' AND pass = '' OR 1=1 AND user = 'your-boss'; DELETE FROM users WHERE user = 'your-boss' AND pass = '' OR 1=1 AND user = 'your-boss';

20 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 20 http://pages.stern.nyu.edu/~mjohnson/dbms/php/users.php Injection attacks – MySQL/Perl/PHP Consider another input:  user: ' OR 1=1 OR user = '  pass: ' OR 1=1 OR user = '  Delete everyone! DELETE FROM users WHERE user = u AND pass = p; DELETE FROM users WHERE user = u AND pass = p; DELETE FROM users WHERE user = ' ' OR 1=1 OR user = ' ' AND pass = ' ' OR 1=1 OR user = ' '; DELETE FROM users WHERE user = ' ' OR 1=1 OR user = ' ' AND pass = ' ' OR 1=1 OR user = ' '; DELETE FROM users WHERE user = '' OR 1=1 OR user = '' AND pass = '' OR 1=1 OR user = ''; DELETE FROM users WHERE user = '' OR 1=1 OR user = '' AND pass = '' OR 1=1 OR user = '';

21 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 21 Preventing injection attacks Ultimate source of problem: quotes Soln 1: don’t allow quotes!  Reject any entered data containing single quotes Q: Is this satisfactory?  Does Amazon need to sell O’Reilly books? Soln 2: escape any single quotes  Replace any ' with a '' or \'  In Perl, use taint mode – won’t show  In PHP, turn on magic_quotes_gpc flag in.htaccess show both PHP versions

22 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 22 Preventing injection attacks Soln 3: use prepare parameter-based queries  Supported in JDBC, Perl DBI, PHP ext/mysqli  http://pages.stern.nyu.edu/~mjohnson/dbms/perl/loginsafe.cgi http://pages.stern.nyu.edu/~mjohnson/dbms/perl/loginsafe.cgi  http://pages.stern.nyu.edu/~mjohnson/dbms/perl/userssafe.cgi http://pages.stern.nyu.edu/~mjohnson/dbms/perl/userssafe.cgi Even more dangerous: using tainted data to run commands at the Unix command prompt  Semi-colons, prime char, etc.  Safest: define set if legal chars, not illegal ones

23 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 23 Preventing injection attacks When to do security-checking for quotes, etc.? Temping choice: in client-side data validation But not enough!  can submit GET and POST params manually  Must do security checking on server  Even if you do it on client-side too  Same with data-validation  Example of constraints

24 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 24 POST vars Because of hand-coded HTTP requests, can’t rely on post vars being either safe or “true” Actual past websites: send price by post (why?) More secure than GET  Fewer users will know how to break POST than GET  But some do! Attack: hand-code the POST request sales% telnet amazon.com 80 POST http://amazon.com/cart.cgi HTTP/1.0 Content-Type:application/x-www-form-urlencoded Content-Length: 32 title=Database+Systems&price=.01 sales% telnet amazon.com 80 POST http://amazon.com/cart.cgi HTTP/1.0 Content-Type:application/x-www-form-urlencoded Content-Length: 32 title=Database+Systems&price=.01

25 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 25 Hand-written POST example POST version of my input page:  http://pages.stern.nyu.edu/~mjohnson/dbms/php/post.php http://pages.stern.nyu.edu/~mjohnson/dbms/php/post.php  Not obvious to web user how to hand submit  And get around any client-side validation But possible:  http://pages.stern.nyu.edu/~mjohnson/dbms/eg/postbyhand.txt http://pages.stern.nyu.edu/~mjohnson/dbms/eg/postbyhand.txt sales% telnet pages.stern.nyu.edu 80 POST http://pages.stern.nyu.edu/~mjohnson/dbms/php/post.php HTTP/1.0 Content-Type: application/x-www-form-urlencoded Content-Length: 15 val=6&submit=OK sales% telnet pages.stern.nyu.edu 80 POST http://pages.stern.nyu.edu/~mjohnson/dbms/php/post.php HTTP/1.0 Content-Type: application/x-www-form-urlencoded Content-Length: 15 val=6&submit=OK

26 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 26 More info phpGB MySQL Injection Vulnerability  http://www.securiteam.com/unixfocus/6X00O1P5PY.html http://www.securiteam.com/unixfocus/6X00O1P5PY.html "How I hacked PacketStorm“  http://www.wiretrip.net/rfp/txt/rfp2k01.txt http://www.wiretrip.net/rfp/txt/rfp2k01.txt Google hacking…  inurl:"ViewerFrame?Mode="  intitle:"Live View / - AXIS" | inurl:view/view.sht  intitle:"toshiba network camera - User Login"  http://200.71.42.48/ViewerFrame?Mode=Motion&Language=0 http://200.71.42.48/ViewerFrame?Mode=Motion&Language=0  http://141.211.44.254/view/index.shtml http://141.211.44.254/view/index.shtml  http://66.186.226.189/view/index.shtml http://66.186.226.189/view/index.shtml

27 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 27 New-old topic: Transactions So far, have simply issued commands  Ignored xacts Recall, though: an xact is an operation/set of ops executed atomically  In one instant ACID test:  Xacts are atomic  Each xact (not each statement) must leave the DB consistent

28 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 28 Default xact behavior (in Oracle) An xact begins upon login By default, xact lasts until logoff  Except for DDL statements  They automatically commit Examples with two views of tbl…  But with TYPE=innodb !  mysql> set autocommit = 0

29 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 29 Direct xact instructions At any point, may explicitly COMMIT:  SQL> COMMIT;  Saves all statements entered up to now  Begins new xact Conversely, can ROLLBACK  SQL> ROLLBACK;  Cancels all statements entered since start of xact Example: delete from emp; or delete junk;

30 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 30 Direct xact instructions Remember, DDL statements are auto- committed  They cannot be rollbacked Examples: Q: Why doesn’t rollback “work”? drop table junk; rollback; drop table junk; rollback; truncate table junk; rollback; truncate table junk; rollback;

31 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 31 Savepoints (in Oracle?) Xacts are atomic Can rollback to beginning of current xact But might want to rollback only part way Make 10 changes, make one bad change Want to: roll back to before last change Don’t have Word-like multiple undo  But do have savepoints

32 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 32 Savepoints Create a savepoint: emp example: --changes SAVEPOINT sp1; --changes SAVEPOINT sp2; --changes SAVEPOINT sp3 --changes ROLLBACK TO SAVEPOINT sp2; ROLLBACK TO SAVEPOINT sp1; --changes SAVEPOINT sp1; --changes SAVEPOINT sp2; --changes SAVEPOINT sp3 --changes ROLLBACK TO SAVEPOINT sp2; ROLLBACK TO SAVEPOINT sp1; SAVEPOINT savept_name; Can skip savepoints But can ROLLBACK only backwards Can ROLLBACK only to last COMMIT

33 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 33 AUTOCOMMIT (in Oracle?) Finally, can turn AUTOCOMMIT on:  SQL> SET AUTOCOMMIT ON;  Can put this in your config file  Can specify through JDBC, etc. Then each statement is auto-committed as its own xact  Not just DDL statements

34 M.P. Johnson, DBMS, Stern/NYU, Spring 2008 34 RAID levels RAID level 1: each disk gets a mirror RAID level 4: one disk is xor of all others  Each bit is sum mod 2 of corresponding bits E.g.:  Disk 1: 10110011  Disk 2: 10101010  Disk 3: 00111000  Disk 4: How to recover? What’s the disadvantage of R4?  Various other RAID levels in text…

Download ppt "M.P. Johnson, DBMS, Stern/NYU, Spring 20081 C20.0046: Database Management Systems Lecture #19 M.P. Johnson Stern School of Business, NYU Spring, 2008."

Similar presentations

II.I Selected Database Issues: 1 - SecuritySlide 1/20 II. Selected Database Issues Part 1: Security Lecture 2 Lecturer: Chris Clack 3C13/D6.

II.I Selected Database Issues: 1 - SecuritySlide 1/20 II. Selected Database Issues Part 1: Security Lecture 2 Lecturer: Chris Clack 3C13/D6.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
Introduction The concept of “SQL Injection”

Introduction The concept of “SQL Injection”
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.

15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
ICS 421 Spring 2010 Security & Authorization Asst. Prof. Lipyeow Lim Information & Computer Science Department University of Hawaii at Manoa 4/20/20101Lipyeow.

ICS 421 Spring 2010 Security & Authorization Asst. Prof. Lipyeow Lim Information & Computer Science Department University of Hawaii at Manoa 4/20/20101Lipyeow.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
M.P. Johnson, DBMS, Stern/NYU, Spring 20081 C20.0046: Database Management Systems Lecture #18 M.P. Johnson Stern School of Business, NYU Spring, 2008.

M.P. Johnson, DBMS, Stern/NYU, Spring C : Database Management Systems Lecture #18 M.P. Johnson Stern School of Business, NYU Spring, 2008.
M.P. Johnson, DBMS, Stern/NYU, Spring 20051 C20.0046: Database Management Systems Lecture #23 M.P. Johnson Stern School of Business, NYU Spring, 2005.

M.P. Johnson, DBMS, Stern/NYU, Spring C : Database Management Systems Lecture #23 M.P. Johnson Stern School of Business, NYU Spring, 2005.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
M.P. Johnson, DBMS, Stern/NYU, Sp20041 C20.0046: Database Management Systems Lecture #23 Matthew P. Johnson Stern School of Business, NYU Spring, 2004.

M.P. Johnson, DBMS, Stern/NYU, Sp20041 C : Database Management Systems Lecture #23 Matthew P. Johnson Stern School of Business, NYU Spring, 2004.
M.P. Johnson, DBMS, Stern/NYU, Spring 20051 C20.0046: Database Management Systems Lecture #22 M.P. Johnson Stern School of Business, NYU Spring, 2005.

M.P. Johnson, DBMS, Stern/NYU, Spring C : Database Management Systems Lecture #22 M.P. Johnson Stern School of Business, NYU Spring, 2005.
M.P. Johnson, DBMS, Stern/NYU, Sp20041 C20.0046: Database Management Systems Lecture #22 Matthew P. Johnson Stern School of Business, NYU Spring, 2004.

M.P. Johnson, DBMS, Stern/NYU, Sp20041 C : Database Management Systems Lecture #22 Matthew P. Johnson Stern School of Business, NYU Spring, 2004.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
M.P. Johnson, DBMS, Stern/NYU, Spring 20081 C20.0046: Database Management Systems Lecture #21 M.P. Johnson Stern School of Business, NYU Spring, 2008.

M.P. Johnson, DBMS, Stern/NYU, Spring C : Database Management Systems Lecture #21 M.P. Johnson Stern School of Business, NYU Spring, 2008.
M.P. Johnson, DBMS, Stern/NYU, Spring 20081 C20.0046: Database Management Systems Lecture #17 M.P. Johnson Stern School of Business, NYU Spring, 2008.

M.P. Johnson, DBMS, Stern/NYU, Spring C : Database Management Systems Lecture #17 M.P. Johnson Stern School of Business, NYU Spring, 2008.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

Similar presentations

Ads by Google