Database security entails theutilization of a broad range of security information instruments to protectdatabases which, according to Elmasri and Navathe (2015), include databaseservers, network links and stored functions. Ideally, databases are protectedagainst compromises of confidentiality, availability, and ultimately,integrity. Breaking down the four database security concepts and the differencesbetween Transact-SQL statements further aids in ascertaining database security,especially in a contemporary technological world where attacks are imminent.AuthenticationAuthentication is ensuring that everyuser attempting to log in to any database has permission guaranteed and all therequisite rights accorded. A computer authenticates a password that correspondsto a username whereas a phone performs the latter by requesting for a PINnumber (Elmasri and Navathe, 2015). In the database concept, authentication adoptsa different dimension as it applies to different levels.
Authentication on adatabase also allows a setup change to allow external methods or operatingsystems for user authentication. For example, in the creation of an SQL Server,the user defines the type of authentication as either database authenticationor mixed mode authentication.Database AuthorizationAuthorization is the process throughwhich a server determines if a user is permitted to access or use a file.
Thesecurity concept involves the server authenticating the client trying to accessthe file. Authorization consists of different types of authentication in caseswhere passwords may be used or not. Most web pages on the internet do notrequire passwords, which implies they require neither authorization norauthenticationDatabase EncryptionEncryption is the process oftransforming data to unreadable form so that no one can access it without adecryption key. The process uses both Socket Layer (SSL) and Secure Shell (SSH)protocols. SSL drives the ‘https://’ in Amazon and E-Bay (Jueneman et al.,2015). Ideally, SSL data is encrypted between a web server and a client before itstransfer between the two whereas SSH data engrosses both the server and theclient during communication (Jueneman et al.
, 2015). Sensitive information,like credit card numbers, home addresses, and security numbers, sent over theinternet face fewer risks of interception.Database Change TrackingChange tracking as a databasesecurity concept enables applications to access changes on user tables togetherwith information about the changes.
According to Oluwatimi and Bertino (2016), theintegration of change tracking into an SQL server is no longer required. Thelatter, however, is an essential block for applications with no answer to end-to-endreplications when a custom solution is needed; this challenge is common duringsynchronization and data replication. An example is a scenario that requires differentSQL server databases in synchronizing data.
GRANTFor a user to do anything on an SQLServer, he or she must have permission. Such permission is accorded via a GRANTcommand. Additionally, such permission is granted after the creation of tablesthrough a catalog view.REVOKERevoke remove or undo permissionundoes any prior permission, whether a GRANT or a DENY. For example, whenREVOKE is issued, and a GRANT test rerun, the user fails to see the previousquery. Revoke is never meant to block or cancel a GRANT; it just removes thepermission issues to a specific user at a specific level.DENYDENY blocks access.
DENY affects allother access. For instance, when a user has both DENY and GRANT to an object,DENY takes effect.DENY locks access while Revoking aDENY re-forms the access.
Consequently, issuing a REVOKE to an object withoutpermission at the user level causes no error. The GRANT command succeeds at theSQL Server level.