Uploaded byRashidFaridChishti
PPTX, PDF13 views

DBMS: Week 15 - Database Security and Access Control

DBMS: Week 15 - Database Security and Access Control

Download to read offline
International Islamic University H-10, Islamabad, Pakistan Database Managements Systems Week 15 Database Security and Access Control Engr. Rashid Farid Chishti http://youtube.com/rfchishti http://sites.google.com/site/chisht i
 Understand the importance of database security in protecting data.  Learn about user roles and access control mechanisms.  Explore common security threats and how to mitigate them.  Understand how to implement authentication, authorization, and encryption in databases. Learning Objectives
 Protecting data from unauthorized access, misuse, or theft  Goal:  Ensuring that only authorized users can access and modify data.  Risks:  Data Breach: Unauthorized access to sensitive data.  Data Corruption: Modification of data to destroy or alter its integrity.  Denial of Service: Overloading or disabling the database system. What is Database Security?
 Authentication:  Confirming user identity  Authorization:  Granting access to resources  Access Control:  Managing who can do what  Auditing:  Monitoring database usage  Encryption:  Protecting data at rest or in transit Database Security Components
 Description:  caching_sha2_password is the default authentication plugin in MySQL 8.0 and later, replacing the older mysql_native_password.  Key Features:  Strong Hashing: Uses SHA-256 to store and verify passwords (stronger than old methods).  Default Plugin: All new MySQL users use it by default unless another plugin is specified.  Why It’s More Secure:  Hashes passwords with SHA-256 instead of SHA-1 (used in mysql_native_password).  Can use RSA encryption to send the password securely. Authentication: Caching SHA-2 Password in MySQL CREATE USER 'secure_user'@'localhost' IDENTIFIED BY 'StrongP@ssw0rd!';
 Description:  In MySQL, host-based authentication means that access control is based not only on the username but also on the host (IP address or hostname) from which the user is connecting.  mysql.user table and determines whether the user is allowed to connect from that host. Authentication: Host-based Authentication User Meaning 'root'@'localhost' User root can only connect from the local machine using localhost or a Unix socket. 'admin'@'192.168.1.10' User admin can only connect from the IP 192.168.1.10. 'appuser'@'%' User appuser can connect from any host (wildcard). 'dev'@'%.example.com' User dev can connect from any host in the example.com domain.
 Examples:  CREATE USER 'chisht'@'localhost' IDENTIFIED BY 'password';  CREATE USER 'manager'@'192.168.0.5' IDENTIFIED BY 'securepass';  To see all defined users and their host access  SELECT user, host, plugin FROM mysql.user;  Switching to caching_sha2_password  ALTER USER 'chisht'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'NewP@ssw0rd!'; Authentication: Host-based Authentication
 Description:  In MySQL, authorization refers to the process of granting or restricting access to specific database resources such as databases, tables, columns, views, stored procedures, etc., based on user privileges.  After a user is authenticated (i.e., login succeeds), MySQL checks the user's privileges to determine:  What databases they can access  What operations they can perform (e.g., SELECT, INSERT, UPDATE, DELETE)  Whether they can create or drop objects like tables or users  MySQL Authorization Mechanism:  MySQL uses GRANT and REVOKE statements to manage user privileges. Authorization: Granting Access to Resources
 Examples:  Grant SELECT Privilege on a Tables  GRANT SELECT ON mydb.customers TO 'john'@'localhost';  This allows user john to read (SELECT) from the customers table in mydb.  Grant All Privileges on a Databases  GRANT ALL PRIVILEGES ON mydb.* TO 'admin_user'@'%';  This allows admin_user to do anything (SELECT, INSERT, UPDATE, etc.) on all objects in the mydb database from any host.  Revoke Privileges  REVOKE INSERT ON mydb.orders FROM 'john'@'localhost';  Removes the ability of john to insert into the orders table Authorization: Granting Access to Resources
 Privilege Types in MySQL:  Example: GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost' WITH GRANT OPTION; Authorization: Granting Access to Resources Privilege Description SELECT Read data from a table or view INSERT Add new rows to a table UPDATE Modify existing rows DELETE Remove rows from a table CREATE Create new databases or tables DROP Delete databases or tables GRANT OPTION Allows user to grant privileges to others ALL PRIVILEGES Grants all of the above
 Access Levels: Authorization: Granting Access to Resources Level Example Description Global GRANT SELECT ON *.* All databases Database GRANT SELECT ON mydb.* One database Table GRANT SELECT ON mydb.student One table Column GRANT SELECT(name) ON mydb.student Specific Columns Routine GRANT EXECUTE ON PROCEDURE myproc TO ... StoredProcedure
 Description:  In MySQL, Access Control is the mechanism used to manage who (users) can do what (actions) on which resources (like databases, tables, or views). It is a core part of MySQL's security model, involving both authentication and authorization.  Access Control = Authentication + Authorization Access Control: Managing who can do what
 Description:  Encryption transforms readable data into an unreadable format using algorithms and keys. It has two main types:  Data at Rest (stored data)  Data in Transit (data being transmitted)  MySQL Features for Data-at-Rest Encryption  InnoDB Transparent Data Encryption (TDE)  Example:  CREATE TABLE confidential ( id INT, secret_data VARCHAR(255) ) ENCRYPTION='Y'; Encryption: Protecting Data at Rest or in Transit
 What is Data in Transit?  Data moving over a network (e.g., client-server communication)  Vulnerable to interception, man-in-the-middle attacks  MySQL SSL(Secure Sockets Layer)/TLS(Transport Layer Security) Support  MySQL encrypts communication between Clients and server. It requires SSL certificates.  Enforcing SSL for Users:  CREATE USER 'secure_user'@'%' IDENTIFIED BY 'passwd' REQUIRE SSL;  Client Connection:  mysql -u user -p --ssl-ca=ca.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem Encryption in Transit
 Definition: The process of tracking and recording database operations to detect unauthorized actions.  Audit Logs:  Record details about user actions such as logins, queries, and data modifications.  Example: Tracking which user accessed sensitive customer data and when.  Audit Requirements:  Identify who performed an action.  Identify what data was accessed or modified.  Identify when and where the action occurred. Database Auditing
 Database security is critical for protecting sensitive data from unauthorized access, corruption, or loss.  Authentication, authorization, and encryption are key components of a strong security strategy.  Auditing and access control mechanisms help ensure accountability and minimize risks.  Best practices for database security include regular updates, strong authentication methods, and prevention techniques like parameterized queries. Summary

More Related Content

PDF
Mysqlsecurityoptionsjan2021
bysepehrdamavandi2
 
PPTX
DevTalks.ro 2019 What's New in MySQL 8.0 Security
byGeorgi Kodinov
 
PDF
MySQL USER MANAGEMENT,ROUTINES & TRIGGERS.
byPrabhu Raja Singh
 
PPT
User security
bypadmaashree Arunachalem
 
PPTX
Percona Live Europe 2018: What's New in MySQL 8.0 Security
byGeorgi Kodinov
 
PPTX
MySQL Tech Tour 2015 - 5.7 Security
byMark Swarbrick
 
PPTX
Database Management System Security.pptx
byRoshni814224
 
PPTX
Pl17: MySQL 8.0: security
byGeorgi Kodinov
 
Mysqlsecurityoptionsjan2021
bysepehrdamavandi2
 
DevTalks.ro 2019 What's New in MySQL 8.0 Security
byGeorgi Kodinov
 
MySQL USER MANAGEMENT,ROUTINES & TRIGGERS.
byPrabhu Raja Singh
 
User security
bypadmaashree Arunachalem
 
Percona Live Europe 2018: What's New in MySQL 8.0 Security
byGeorgi Kodinov
 
MySQL Tech Tour 2015 - 5.7 Security
byMark Swarbrick
 
Database Management System Security.pptx
byRoshni814224
 
Pl17: MySQL 8.0: security
byGeorgi Kodinov
 

Similar to DBMS: Week 15 - Database Security and Access Control

PDF
SULTHAN's PHP, MySQL & wordpress
bySULTHAN BASHA
 
PPT
SQLSecurity.ppt
byLokeshK66
 
PPT
SQLSecurity.ppt
byCNSHacking
 
PDF
MySQL 8.0 - Security Features
byHarin Vadodaria
 
PPTX
The Spy Who Loathed Me - An Intro to SQL Server Security
byChris Bell
 
PPT
Sql security
bySafwan Hashmi
 
PPT
Security and Authorization introductory notes.ppt
bySubburamSivakumar1
 
PDF
MySQL Security
byMario Beck
 
PDF
Chapter 6 Database Security and Authorization (4).pdf
byabrehamcheru14
 
PPTX
chapter30 Database Management Lecture Slides.pptx
byBicycle Thief
 
PDF
MySQL Security
byTed Wennmark
 
PDF
Database security
bypusp220
 
PDF
Southeast Linuxfest -- MySQL User Admin Tips & Tricks
byDave Stokes
 
PPTX
7 (1) the motor was very good Lock and complete.pptx
bynabeehmohammedtaher
 
PDF
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
byOlivier DASINI
 
PDF
ch23-Database Security and Authorization.pdf
byMULE38
 
PDF
ch23-Database Security and Authorization.pdf
byMULE38
 
PPTX
Data base security and injection
byA. Shamel
 
PPTX
DB2 Security Model
byuniqueYGB
 
PDF
Modern Data Security with MySQL
byVittorio Cioe
 
SULTHAN's PHP, MySQL & wordpress
bySULTHAN BASHA
 
SQLSecurity.ppt
byLokeshK66
 
SQLSecurity.ppt
byCNSHacking
 
MySQL 8.0 - Security Features
byHarin Vadodaria
 
The Spy Who Loathed Me - An Intro to SQL Server Security
byChris Bell
 
Sql security
bySafwan Hashmi
 
Security and Authorization introductory notes.ppt
bySubburamSivakumar1
 
MySQL Security
byMario Beck
 
Chapter 6 Database Security and Authorization (4).pdf
byabrehamcheru14
 
chapter30 Database Management Lecture Slides.pptx
byBicycle Thief
 
MySQL Security
byTed Wennmark
 
Database security
bypusp220
 
Southeast Linuxfest -- MySQL User Admin Tips & Tricks
byDave Stokes
 
7 (1) the motor was very good Lock and complete.pptx
bynabeehmohammedtaher
 
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
byOlivier DASINI
 
ch23-Database Security and Authorization.pdf
byMULE38
 
ch23-Database Security and Authorization.pdf
byMULE38
 
Data base security and injection
byA. Shamel
 
DB2 Security Model
byuniqueYGB
 
Modern Data Security with MySQL
byVittorio Cioe
 

More from RashidFaridChishti

PPTX
Week 12 - Using RecyclerView and Custom Adapter in Android.pptx
byRashidFaridChishti
 
PPTX
Week 10 - Using Device Sensors in Android.pptx
byRashidFaridChishti
 
PPTX
Week 09 - Using Media Player to Play mp3 files.pptx
byRashidFaridChishti
 
PPTX
Week 08 - Using Notifications in Android.pptx
byRashidFaridChishti
 
PPTX
Week 07 - Using Implicit Intents in Android.pptx
byRashidFaridChishti
 
PPTX
Week 06 - Using Explicit Intents in Android.pptx
byRashidFaridChishti
 
PPTX
Week 05 - Using SharedPreferences in Android.pptx
byRashidFaridChishti
 
PPTX
Week 04 - Custom Fonts, Styles & Theming.pptx
byRashidFaridChishti
 
PPTX
Week 03 - Advanced UI Components & Notifications.pptx
byRashidFaridChishti
 
PPTX
Week 02 - Designing User Interfaces in Android.pptx
byRashidFaridChishti
 
PPTX
Week 01 - Introduction to Android Studio.pptx
byRashidFaridChishti
 
PPTX
DBMS: Week 14 - Backup and Recovery in MySQL
byRashidFaridChishti
 
PPTX
DBMS: Week 13 - Transactions and Concurrency Control
byRashidFaridChishti
 
PPTX
DBMS: Week 12 - Triggers in MySQL Database Server
byRashidFaridChishti
 
PPTX
DBMS: Week 11 - Stored Procedures and Functions
byRashidFaridChishti
 
PPTX
DBMS: Week 10 - Database Design and Normalization
byRashidFaridChishti
 
PPTX
DBMS: Week 09 - SQL Constraints and Indexing
byRashidFaridChishti
 
PPTX
DBMS: Week 08 - Joins and Views in MySQL
byRashidFaridChishti
 
PPTX
DBMS: Week 07 - Advanced SQL Queries in MySQL
byRashidFaridChishti
 
PPTX
DBMS: Week 06 - SQL - Data Manipulation Language (DML)
byRashidFaridChishti
 
Week 12 - Using RecyclerView and Custom Adapter in Android.pptx
byRashidFaridChishti
 
Week 10 - Using Device Sensors in Android.pptx
byRashidFaridChishti
 
Week 09 - Using Media Player to Play mp3 files.pptx
byRashidFaridChishti
 
Week 08 - Using Notifications in Android.pptx
byRashidFaridChishti
 
Week 07 - Using Implicit Intents in Android.pptx
byRashidFaridChishti
 
Week 06 - Using Explicit Intents in Android.pptx
byRashidFaridChishti
 
Week 05 - Using SharedPreferences in Android.pptx
byRashidFaridChishti
 
Week 04 - Custom Fonts, Styles & Theming.pptx
byRashidFaridChishti
 
Week 03 - Advanced UI Components & Notifications.pptx
byRashidFaridChishti
 
Week 02 - Designing User Interfaces in Android.pptx
byRashidFaridChishti
 
Week 01 - Introduction to Android Studio.pptx
byRashidFaridChishti
 
DBMS: Week 14 - Backup and Recovery in MySQL
byRashidFaridChishti
 
DBMS: Week 13 - Transactions and Concurrency Control
byRashidFaridChishti
 
DBMS: Week 12 - Triggers in MySQL Database Server
byRashidFaridChishti
 
DBMS: Week 11 - Stored Procedures and Functions
byRashidFaridChishti
 
DBMS: Week 10 - Database Design and Normalization
byRashidFaridChishti
 
DBMS: Week 09 - SQL Constraints and Indexing
byRashidFaridChishti
 
DBMS: Week 08 - Joins and Views in MySQL
byRashidFaridChishti
 
DBMS: Week 07 - Advanced SQL Queries in MySQL
byRashidFaridChishti
 
DBMS: Week 06 - SQL - Data Manipulation Language (DML)
byRashidFaridChishti
 

Recently uploaded

PPTX
Dataset Augmentation in Deep Learning with NLP Concepts
byDr. R. Senthilkumar
 
PDF
Class diagram of ATM, college management system, E commerce system, Library m...
bymonikaghodekar
 
PDF
Accident Investigations &Risk Management
byAbhishekR63
 
PDF
Industrial Chimney design as per indian standards
byabhishekpedel
 
PDF
LTI System digital signal processing.pdf
byDrAhmedMahmoud4
 
PDF
About Kiln Control Activities by MD MAHABUB HASAN
byMD MAHABUB HASAN
 
PPTX
Noise Robustness in Deep Learning Additive and Multiplicative Noise
byDr. R. Senthilkumar
 
PDF
Equipment Replacement Policy & Break Even Point Theory.pdf
byMrunali Vasava
 
PDF
Traffic Engineering Studies - Module - 2
byAbhishekR63
 
PPTX
Operators in Python and its All types.pptx
byadityakhakare2004
 
PDF
12th International Conference on Computer Science, Information Technology and...
bydannyijwest
 
PPTX
Overview of Operators in Java with all types.pptx
byadityakhakare2004
 
PPTX
Sustainable-Footpath-Power-Generation.pptx
byomkararlekar066
 
PPTX
Presentation on Digital design Circuits.pptx
byviveiksinha
 
PPTX
Cloud Computing Architecture and Management
bydrrajalingamb
 
PDF
HACKTOBERFEST 2025 - GDG ON CAMPUS NARULA
bychowdhuryarabinda100
 
PPTX
carbonfiberreinforcedplastics-160104070953.pptx
bysobujsarkermd23
 
PPTX
L2 Regularization for Deep Learning with example
byDr. R. Senthilkumar
 
PPTX
Dataset Augmentation in Natural Language Processing
byDr. R. Senthilkumar
 
PPTX
collect information/produce brochures on different types of alternators
byomkararlekar066
 
Dataset Augmentation in Deep Learning with NLP Concepts
byDr. R. Senthilkumar
 
Class diagram of ATM, college management system, E commerce system, Library m...
bymonikaghodekar
 
Accident Investigations &Risk Management
byAbhishekR63
 
Industrial Chimney design as per indian standards
byabhishekpedel
 
LTI System digital signal processing.pdf
byDrAhmedMahmoud4
 
About Kiln Control Activities by MD MAHABUB HASAN
byMD MAHABUB HASAN
 
Noise Robustness in Deep Learning Additive and Multiplicative Noise
byDr. R. Senthilkumar
 
Equipment Replacement Policy & Break Even Point Theory.pdf
byMrunali Vasava
 
Traffic Engineering Studies - Module - 2
byAbhishekR63
 
Operators in Python and its All types.pptx
byadityakhakare2004
 
12th International Conference on Computer Science, Information Technology and...
bydannyijwest
 
Overview of Operators in Java with all types.pptx
byadityakhakare2004
 
Sustainable-Footpath-Power-Generation.pptx
byomkararlekar066
 
Presentation on Digital design Circuits.pptx
byviveiksinha
 
Cloud Computing Architecture and Management
bydrrajalingamb
 
HACKTOBERFEST 2025 - GDG ON CAMPUS NARULA
bychowdhuryarabinda100
 
carbonfiberreinforcedplastics-160104070953.pptx
bysobujsarkermd23
 
L2 Regularization for Deep Learning with example
byDr. R. Senthilkumar
 
Dataset Augmentation in Natural Language Processing
byDr. R. Senthilkumar
 
collect information/produce brochures on different types of alternators
byomkararlekar066
 

DBMS: Week 15 - Database Security and Access Control

  • 1.
    International Islamic UniversityH-10, Islamabad, Pakistan Database Managements Systems Week 15 Database Security and Access Control Engr. Rashid Farid Chishti http://youtube.com/rfchishti http://sites.google.com/site/chisht i
  • 2.
     Understand theimportance of database security in protecting data.  Learn about user roles and access control mechanisms.  Explore common security threats and how to mitigate them.  Understand how to implement authentication, authorization, and encryption in databases. Learning Objectives
  • 3.
     Protecting datafrom unauthorized access, misuse, or theft  Goal:  Ensuring that only authorized users can access and modify data.  Risks:  Data Breach: Unauthorized access to sensitive data.  Data Corruption: Modification of data to destroy or alter its integrity.  Denial of Service: Overloading or disabling the database system. What is Database Security?
  • 4.
     Authentication:  Confirminguser identity  Authorization:  Granting access to resources  Access Control:  Managing who can do what  Auditing:  Monitoring database usage  Encryption:  Protecting data at rest or in transit Database Security Components
  • 5.
     Description:  caching_sha2_passwordis the default authentication plugin in MySQL 8.0 and later, replacing the older mysql_native_password.  Key Features:  Strong Hashing: Uses SHA-256 to store and verify passwords (stronger than old methods).  Default Plugin: All new MySQL users use it by default unless another plugin is specified.  Why It’s More Secure:  Hashes passwords with SHA-256 instead of SHA-1 (used in mysql_native_password).  Can use RSA encryption to send the password securely. Authentication: Caching SHA-2 Password in MySQL CREATE USER 'secure_user'@'localhost' IDENTIFIED BY 'StrongP@ssw0rd!';
  • 6.
     Description:  InMySQL, host-based authentication means that access control is based not only on the username but also on the host (IP address or hostname) from which the user is connecting.  mysql.user table and determines whether the user is allowed to connect from that host. Authentication: Host-based Authentication User Meaning 'root'@'localhost' User root can only connect from the local machine using localhost or a Unix socket. 'admin'@'192.168.1.10' User admin can only connect from the IP 192.168.1.10. 'appuser'@'%' User appuser can connect from any host (wildcard). 'dev'@'%.example.com' User dev can connect from any host in the example.com domain.
  • 7.
     Examples:  CREATEUSER 'chisht'@'localhost' IDENTIFIED BY 'password';  CREATE USER 'manager'@'192.168.0.5' IDENTIFIED BY 'securepass';  To see all defined users and their host access  SELECT user, host, plugin FROM mysql.user;  Switching to caching_sha2_password  ALTER USER 'chisht'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'NewP@ssw0rd!'; Authentication: Host-based Authentication
  • 8.
     Description:  InMySQL, authorization refers to the process of granting or restricting access to specific database resources such as databases, tables, columns, views, stored procedures, etc., based on user privileges.  After a user is authenticated (i.e., login succeeds), MySQL checks the user's privileges to determine:  What databases they can access  What operations they can perform (e.g., SELECT, INSERT, UPDATE, DELETE)  Whether they can create or drop objects like tables or users  MySQL Authorization Mechanism:  MySQL uses GRANT and REVOKE statements to manage user privileges. Authorization: Granting Access to Resources
  • 9.
     Examples:  GrantSELECT Privilege on a Tables  GRANT SELECT ON mydb.customers TO 'john'@'localhost';  This allows user john to read (SELECT) from the customers table in mydb.  Grant All Privileges on a Databases  GRANT ALL PRIVILEGES ON mydb.* TO 'admin_user'@'%';  This allows admin_user to do anything (SELECT, INSERT, UPDATE, etc.) on all objects in the mydb database from any host.  Revoke Privileges  REVOKE INSERT ON mydb.orders FROM 'john'@'localhost';  Removes the ability of john to insert into the orders table Authorization: Granting Access to Resources
  • 10.
     Privilege Typesin MySQL:  Example: GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost' WITH GRANT OPTION; Authorization: Granting Access to Resources Privilege Description SELECT Read data from a table or view INSERT Add new rows to a table UPDATE Modify existing rows DELETE Remove rows from a table CREATE Create new databases or tables DROP Delete databases or tables GRANT OPTION Allows user to grant privileges to others ALL PRIVILEGES Grants all of the above
  • 11.
     Access Levels: Authorization:Granting Access to Resources Level Example Description Global GRANT SELECT ON *.* All databases Database GRANT SELECT ON mydb.* One database Table GRANT SELECT ON mydb.student One table Column GRANT SELECT(name) ON mydb.student Specific Columns Routine GRANT EXECUTE ON PROCEDURE myproc TO ... StoredProcedure
  • 12.
     Description:  InMySQL, Access Control is the mechanism used to manage who (users) can do what (actions) on which resources (like databases, tables, or views). It is a core part of MySQL's security model, involving both authentication and authorization.  Access Control = Authentication + Authorization Access Control: Managing who can do what
  • 13.
     Description:  Encryptiontransforms readable data into an unreadable format using algorithms and keys. It has two main types:  Data at Rest (stored data)  Data in Transit (data being transmitted)  MySQL Features for Data-at-Rest Encryption  InnoDB Transparent Data Encryption (TDE)  Example:  CREATE TABLE confidential ( id INT, secret_data VARCHAR(255) ) ENCRYPTION='Y'; Encryption: Protecting Data at Rest or in Transit
  • 14.
     What isData in Transit?  Data moving over a network (e.g., client-server communication)  Vulnerable to interception, man-in-the-middle attacks  MySQL SSL(Secure Sockets Layer)/TLS(Transport Layer Security) Support  MySQL encrypts communication between Clients and server. It requires SSL certificates.  Enforcing SSL for Users:  CREATE USER 'secure_user'@'%' IDENTIFIED BY 'passwd' REQUIRE SSL;  Client Connection:  mysql -u user -p --ssl-ca=ca.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem Encryption in Transit
  • 15.
     Definition: Theprocess of tracking and recording database operations to detect unauthorized actions.  Audit Logs:  Record details about user actions such as logins, queries, and data modifications.  Example: Tracking which user accessed sensitive customer data and when.  Audit Requirements:  Identify who performed an action.  Identify what data was accessed or modified.  Identify when and where the action occurred. Database Auditing
  • 16.
     Database securityis critical for protecting sensitive data from unauthorized access, corruption, or loss.  Authentication, authorization, and encryption are key components of a strong security strategy.  Auditing and access control mechanisms help ensure accountability and minimize risks.  Best practices for database security include regular updates, strong authentication methods, and prevention techniques like parameterized queries. Summary