Web Database Security Session 12 & 13 Matakuliah: Web Database Tahun: 2008.

Slides:



Advertisements
Similar presentations
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Advertisements

II.I Selected Database Issues: 1 - SecuritySlide 1/23 II. Selected Database Issues Part 1: Security Lecture 3 Lecturer: Chris Clack 3C13/D6.
Database Administration and Security Transparencies 1.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.
1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Manajemen Basis Data Pertemuan 1 Matakuliah: M0264/Manajemen Basis Data Tahun: 2008.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Chapter 19 Security.
Chapter 19 Security Transparencies © Pearson Education Limited 1995, 2005.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
1 6 Chapter 6 Implementing Security for Electronic Commerce.
Chapter 19 Security Integrity Security Control –computer-based –non-computer-based PC security DBMS and Web security Risk Analysis Data protection and.
© Pearson Education Limited, Chapter 5 Database Administration and Security Transparencies.
D ATABASE A DMINISTRATION L ECTURE N O 4 Muhammad Abrar.
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Session 11: Security with ASP.NET
Chapter 5 Security Threats to Electronic Commerce
Database  A database is an organized collection of data for one or more purposes, usually in digital form. The data are typically organized to model.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1
Types of Electronic Infection
Chapter 21 Distributed System Security Copyright © 2008.
Section 3 Database Security. 3-2 CA306 Introduction Section Content 3.1 Security Overview 3.2 Security Controls 3.3 Views 3.4 Security in Oracle 3.5 Web.
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
SESSION 14 INFORMATION SYSTEMS SECURITY AND CONTROL.
CSCI 3140 Module 6 – Database Security Theodore Chiasson Dalhousie University.
11/4/2012ISC239 Isabelle Bichindaritz1 Database Security.
Database Security Tampere University of Technology, Introduction to Databases. Oleg Esin.
CSC271 Database Systems Lecture # 31. Summary: Previous Lecture  Remaining steps/activities in  Physical database design methodology  Monitoring and.
1 6 Chapter 6 Implementing Security for Electronic Commerce.
Chap1: Is there a Security Problem in Computing?.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Part V Electronic Commerce Security Online Security Issues Overview Managing Risk Computer Security Classifications. Security.
Jump to first page Internet Security in Perspective Yong Cao December 2000.
1 Data and Database Administration Data and Database Administration By Lec. Adeel Shahzad FromBook-B.
1 6 Chapter 6 Implementing Security for Electronic Commerce.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
Database Security Threats. Database An essential corporate resource Data is a valuable resource Must be strictly controlled, managed and secured May have.
Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.
SYSTEMS IMPLEMENTATION TECHNIQUES TRANSACTION PROCESSING DATABASE RECOVERY DATABASE SECURITY CONCURRENCY CONTROL.
8 – Protecting Data and Security
Chapter 40 Internet Security.
Security and Administration Transparencies
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Chapter 17 Risks, Security and Disaster Recovery
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Security in Web Applications
Pooja programmer,cse department
INFORMATION SYSTEMS SECURITY and CONTROL
Database Security &Threats
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Electronic Payment Security Technologies
Presentation transcript:

Web Database Security Session 12 & 13 Matakuliah: Web Database Tahun: 2008

2 Last Session Review: Overview Transaction Incomplete or Abandoned Transaction Problem in Transaction Locking and Deadlock Web Database Transaction

3 Agenda: Overview Security Database Security Web Security Client Security Efficiency vs Security Review of Session

4 Objectives: Student understand about Security in Database, web and client Student can choose which type of security that they want to implement in their web database application Student can analyse the balance between Efficiency and Security

5 Overview Security Why need Security? – Ensure the integrity of the database as a whole – Protect it so that it keeps working – Ensure the every who have no access to the data can not access the data Type of Security in Web Database Application? – Database Security – Web Security – Client Security

6 Database Security What is Database Security? – The mechanisms that protect the database against intentional or accidental threats Database Security secure data from: – Theft and fraud – Loss of confidentiality (secrecy) – Loss of privacy – Loss of integrity – Loss of availability

7 Database Security (cont.) What is Threats? – Any situation or event, whether intentional or accidental, that may adversely affect a system and consequently the organization Source of threats? – Hardware – DBMS and application software – Communication Networks – Internet – People: Users Programmers/operators Data/Database administrators

8 Database Security (cont.) Techniques to Database Security? – Authentication and Authorization – Access controls – View – Backup and recovery – Integrity – Encryption – RAID technology

9 Database Security (cont.) Case Study for Database Security Finance Department are really concern about their financial data. Just a few weeks ago there has been a security breach. The former- employee has log in to the database server, steal and change the valuable financial data. Please explain how this situation can be prevent? And how to restore the previous data?

10 Web Security What is Web Security? – The mechanisms that protect the all transaction using web Web Security Challenges: – Ensuring it is inaccessible to anyone but the sender and receiver (privacy) – Ensuring it has not been changed during transmission (integrity) – Ensuring the receiver can be sure it come from the sender (authenticity) – Ensuring the sender can be sure the receiver is genuine (non-fabrication) – Ensuring the sender cannot deny he or she sent it (non-repudiation) Three main areas in Web Security: – Identities of those involve – No one else can access the data – No one can tamper with the data

11 Web Security (cont.) Techniques to do Web Security: – Proxy Servers – Firewalls – Message Digest Algorithms and Digital Signatures – Digital Certificates – Kerberos – Secure Sockets Layer and Secure HTTP – Secure Electronic Transaction and Secure Transaction Technology – Java Security – ActiveX Security

12 Web Security (cont.) Case Study for Web Security A web database application allows users to enter the name of a product. This text is then appended to the following SQL, select * from products where productname=“” Explain the risk of the code. Describe precautions that could be taken to avoid these.

13 Client Security Information transmitted to Client’s machine may have executable content that can perform: – Corrupt data or the execution state of programs – Reformat complete disks – Perform a total system shutdown – Collect and download confidential data – User identity and impersonate the user to attach other targets on the networks – Lock up resources – Cause non-fatal but unwelcome effects

14 Client Security (cont.) Have to sure: – Browser operate in “Sandbox”, where it cannot reach or reveal anything about the system beyond – Not disrupt the client – Strictly limited opportunity for a Web system to write to the Client’s file system  cookies

15 Efficiency VS Security Increase security may decrease efficiency Find the balance between security and efficiency – How much do you want efficiency – How much do you want to protect your data

16 Review of Session Web Database Implementation Web Database Transaction Web Database Security

17 Summary Security is very important to Web Database Security We should add security but keep our efficiency

18 End of Web Database Security Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.