Database SecurityConceptsThedatabase security community has developed multiple techniques and approaches toensure that there is data confidentiality, availability, and integrity. Theprincipal database security concepts include authentication, encryption,authorization and change tracking. AuthenticationItis the process of identifying or confirming the identity of a person. Themethod of confirming the identity of an individual can be capitalized throughvalidating their documents and through verifying the authenticity of thedigital certificate. Authentication involves testing the validity of at least aspecific identification.
There aredifferent types of identification, which includes single-factor verification,multi-factor validation, two- factor authentication and secure authentication. . Most of theapplications use two-factor authentication, in which two independent factorsare used to identify a user and at the same time two factors should not share acommon vulnerability. In most of the two-factor authentication schemespasswords are used as the first factor and smart cards or other encryptiondevices are used as the second factor. Apart from the two-factor authenticationthere are many types of authentication methods like biometric authenticationwhich uses physical characteristic such as , fingerprint, eye iris, orhandprint to authenticate the user, Token-Bases authentication and certificate basedauthentication All these kinds of authentication play asimilar role of confirming the identity of a person.
. Therefore, authenticationhas helped in confirming the identity of people and authenticity of products(Johnson & Smith, 2006).EncryptionEncryption is the progressionof indoctrinating posts and data in such a way that only the accreditedindividuals can have access to the information or messages.
The scheme ofencryption employs pseudo-random key generated by algorithms to preventintruders from assessing unauthorized data and messages. There are two categoriesof encryption including symmetric key and public key. The difference betweensymmetric key and the public key is that public key is free while the symmetrickey is private and it is purchasable. . Encryption is widely used today forprotecting data in transit in a variety of application such as data transfer.Encryption is also used to carry out other tasks such as authentication. AuthorizationItis the progression of permitting or rejecting admission to a secure system.
Mostly, the computer safety schemes are based on verification andauthorization. It is the purpose of stipulating admits to rights to assets interrelatedto data safety. . A multiuser database system mustpermit users to selectively share data while retaining the ability to restrictdata access, there must be a mechanism to provide protection and security,permitting information to be accessed only by properly authorized users.
Further, when tables or restricted views of tables are created and destroyeddynamically, the granting, checking, and revocation of authorization to usethem must also be dynamic. Therefore,authorization is vital in ensuring that security systems are kept secure andfree from interruption from intruders (Johnson & Smith, 2006).Change trackingThetrivial clarification provides mechanisms for applications. To ensure thatimplementation of the query for changes of data and access to information isrelated to changes, it is essential for application developers to implementcustom change tracking. Applications capitalize change tracking in determiningthe type of rows that have been changed for a user table.
To configure changetracking, there is the usage of SQL Server management studio. To track changes,there is the need of enabling change tracking and then would allow tables to betracked within the database (Silberschatz, Korth & Sudarshan, 2007).
