Roles in Database Security Separation of duties state that no user should be given enough privileges to misuse a system on their own. Roles establish separation of duties by breaking down user privilege to job duty requirements. A Role is a group of individual privileges that correlate to a users job responsibilities. Example, a role is created named… Read More »
Database Threats and Security Measures to Protect Against them The following are a few well-known threats to database and Database Management Systems (DBMS), and mitigating strategies used to help protect against them. Excessive privileges. When users or applications granted database access privileges that exceed what is needed to complete tasks opens the opportunity to abuse privileges for malicious… Read More »
Database Transactional Based Fraud, Transaction Security, and the “Halloween Problem.” Many database attacks are directed at external interfaces and intended to cause delays in accessing or using data which includes malicious transactions. The main concern with malicious transactions is danger to data integrity and availability. Currently, there is no practical mechanism that identifies attackers executing malicious transactions. Ayushi,… Read More »
Schema-Based Access Control for SQL Server Databases Database access controls are based on the principle that the users of databases should have permissions to view, modify or delete only the data in databases relevant to their job. This is also known as the principle of least privilege. No users including Database Administrators (DBA) should be exempt from this… Read More »
NoSQL Databases vs Relational Databases With relational database management systems (RDBMS), data is stored in tables and uses structured query language (SQL) for database access. You pre-define your database schema based on your requirements and set up rules to govern the relationships between fields in your tables. This model has scaling problems when it comes to expanding tables.… Read More »