Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Database Security Session 12 & 13 Matakuliah: Web Database Tahun: 2008.

Published byStewart Nichols Modified over 8 years ago

Similar presentations

Presentation on theme: "Web Database Security Session 12 & 13 Matakuliah: Web Database Tahun: 2008."— Presentation transcript:

1 Web Database Security Session 12 & 13 Matakuliah: Web Database Tahun: 2008

2 2 Last Session Review: Overview Transaction Incomplete or Abandoned Transaction Problem in Transaction Locking and Deadlock Web Database Transaction

3 3 Agenda: Overview Security Database Security Web Security Client Security Efficiency vs Security Review of Session 8 - 13

4 4 Objectives: Student understand about Security in Database, web and client Student can choose which type of security that they want to implement in their web database application Student can analyse the balance between Efficiency and Security

5 5 Overview Security Why need Security? – Ensure the integrity of the database as a whole – Protect it so that it keeps working – Ensure the every who have no access to the data can not access the data Type of Security in Web Database Application? – Database Security – Web Security – Client Security

6 6 Database Security What is Database Security? – The mechanisms that protect the database against intentional or accidental threats Database Security secure data from: – Theft and fraud – Loss of confidentiality (secrecy) – Loss of privacy – Loss of integrity – Loss of availability

7 7 Database Security (cont.) What is Threats? – Any situation or event, whether intentional or accidental, that may adversely affect a system and consequently the organization Source of threats? – Hardware – DBMS and application software – Communication Networks – Internet – People: Users Programmers/operators Data/Database administrators

8 8 Database Security (cont.) Techniques to Database Security? – Authentication and Authorization – Access controls – View – Backup and recovery – Integrity – Encryption – RAID technology

9 9 Database Security (cont.) Case Study for Database Security Finance Department are really concern about their financial data. Just a few weeks ago there has been a security breach. The former- employee has log in to the database server, steal and change the valuable financial data. Please explain how this situation can be prevent? And how to restore the previous data?

10 10 Web Security What is Web Security? – The mechanisms that protect the all transaction using web Web Security Challenges: – Ensuring it is inaccessible to anyone but the sender and receiver (privacy) – Ensuring it has not been changed during transmission (integrity) – Ensuring the receiver can be sure it come from the sender (authenticity) – Ensuring the sender can be sure the receiver is genuine (non-fabrication) – Ensuring the sender cannot deny he or she sent it (non-repudiation) Three main areas in Web Security: – Identities of those involve – No one else can access the data – No one can tamper with the data

11 11 Web Security (cont.) Techniques to do Web Security: – Proxy Servers – Firewalls – Message Digest Algorithms and Digital Signatures – Digital Certificates – Kerberos – Secure Sockets Layer and Secure HTTP – Secure Electronic Transaction and Secure Transaction Technology – Java Security – ActiveX Security

12 12 Web Security (cont.) Case Study for Web Security A web database application allows users to enter the name of a product. This text is then appended to the following SQL, select * from products where productname=“” Explain the risk of the code. Describe precautions that could be taken to avoid these.

13 13 Client Security Information transmitted to Client’s machine may have executable content that can perform: – Corrupt data or the execution state of programs – Reformat complete disks – Perform a total system shutdown – Collect and download confidential data – User identity and impersonate the user to attach other targets on the networks – Lock up resources – Cause non-fatal but unwelcome effects

14 14 Client Security (cont.) Have to sure: – Browser operate in “Sandbox”, where it cannot reach or reveal anything about the system beyond – Not disrupt the client – Strictly limited opportunity for a Web system to write to the Client’s file system  cookies

15 15 Efficiency VS Security Increase security may decrease efficiency Find the balance between security and efficiency – How much do you want efficiency – How much do you want to protect your data

16 16 Review of Session 8 - 13 Web Database Implementation Web Database Transaction Web Database Security

17 17 Summary Security is very important to Web Database Security We should add security but keep our efficiency

18 18 End of Web Database Security Thank you

Download ppt "Web Database Security Session 12 & 13 Matakuliah: Web Database Tahun: 2008."

Similar presentations

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
II.I Selected Database Issues: 1 - SecuritySlide 1/23 II. Selected Database Issues Part 1: Security Lecture 3 Lecturer: Chris Clack 3C13/D6.

II.I Selected Database Issues: 1 - SecuritySlide 1/23 II. Selected Database Issues Part 1: Security Lecture 3 Lecturer: Chris Clack 3C13/D6.
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.

Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.
1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.

1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Manajemen Basis Data Pertemuan 1 Matakuliah: M0264/Manajemen Basis Data Tahun: 2008.

Manajemen Basis Data Pertemuan 1 Matakuliah: M0264/Manajemen Basis Data Tahun: 2008.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Chapter 19 Security.

Chapter 19 Security.
Chapter 19 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 19 Security Transparencies © Pearson Education Limited 1995, 2005.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.

DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.

Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.

1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.

1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Similar presentations

Ads by Google