Database security entails the
utilization of a broad range of security information instruments to protect
databases which, according to Elmasri and Navathe (2015), include database
servers, network links and stored functions. Ideally, databases are protected
against compromises of confidentiality, availability, and ultimately,
integrity. Breaking down the four database security concepts and the differences
between Transact-SQL statements further aids in ascertaining database security,
especially in a contemporary technological world where attacks are imminent.
Authentication is ensuring that every
user attempting to log in to any database has permission guaranteed and all the
requisite rights accorded. A computer authenticates a password that corresponds
to a username whereas a phone performs the latter by requesting for a PIN
number (Elmasri and Navathe, 2015). In the database concept, authentication adopts
a different dimension as it applies to different levels. Authentication on a
database also allows a setup change to allow external methods or operating
systems for user authentication. For example, in the creation of an SQL Server,
the user defines the type of authentication as either database authentication
or mixed mode authentication.
Authorization is the process through
which a server determines if a user is permitted to access or use a file. The
security concept involves the server authenticating the client trying to access
the file. Authorization consists of different types of authentication in cases
where passwords may be used or not. Most web pages on the internet do not
require passwords, which implies they require neither authorization nor
Encryption is the process of
transforming data to unreadable form so that no one can access it without a
decryption key. The process uses both Socket Layer (SSL) and Secure Shell (SSH)
protocols. SSL drives the ‘https://’ in Amazon and E-Bay (Jueneman et al.,
2015). Ideally, SSL data is encrypted between a web server and a client before its
transfer between the two whereas SSH data engrosses both the server and the
client during communication (Jueneman et al., 2015). Sensitive information,
like credit card numbers, home addresses, and security numbers, sent over the
internet face fewer risks of interception.
Database Change Tracking
Change tracking as a database
security concept enables applications to access changes on user tables together
with information about the changes. According to Oluwatimi and Bertino (2016), the
integration of change tracking into an SQL server is no longer required. The
latter, however, is an essential block for applications with no answer to end-to-end
replications when a custom solution is needed; this challenge is common during
synchronization and data replication. An example is a scenario that requires different
SQL server databases in synchronizing data.
For a user to do anything on an SQL
Server, he or she must have permission. Such permission is accorded via a GRANT
command. Additionally, such permission is granted after the creation of tables
through a catalog view.
Revoke remove or undo permission
undoes any prior permission, whether a GRANT or a DENY. For example, when
REVOKE is issued, and a GRANT test rerun, the user fails to see the previous
query. Revoke is never meant to block or cancel a GRANT; it just removes the
permission issues to a specific user at a specific level.
DENY blocks access. DENY affects all
other access. For instance, when a user has both DENY and GRANT to an object,
DENY takes effect.
DENY locks access while Revoking a
DENY re-forms the access. Consequently, issuing a REVOKE to an object without
permission at the user level causes no error. The GRANT command succeeds at the
SQL Server level.