Databases Reference
In-Depth Information
How do these two features work in combination? First, using the CREATE
VIEW statement, a view of a database table, consisting of a subset of the rows
and/or columns, is created and named. This is done with an embedded SELECT
statement! (Isn't that clever?) The desired rows and/or columns are identified just
as if they were being retrieved, but instead of being retrieved they are given a view
name. Then, through the GRANT command, a user or a group of users is given
access to
the view
, not to the entire table. In fact, they may not even be aware that
there is more to the table than their subset. They simply use the view name in a
SELECT statement for data retrieval as if it were a table name.
But how is a user given the authority to access data through the use of a view
(or directly using a table name?) That's where the GRANT command comes in. The
general form of the GRANT command is:
GRANT privileges ON (view or table) TO users [WITH GRANT OPTION].
Thus, the database administrator grants the ability to read, update, insert, or delete
(the ''privileges'') on a view or a table to a person or group of people (the ''users'').
If the WITH GRANT OPTION is included, this person or group can in turn grant
other people access to the same data.
So, to allow a person named Glenn to query the SALESPERSON table by
executing SELECT commands on it, you would issue the command:
GRANT SELECT ON SALESPERSON TO GLENN;
Data Encryption
So far, all of the data security techniques we've covered assume
that someone is trying to ''break into'' the company's offices, its computer, or
its DBMS. But data can be stolen in other ways, too. One is through wiretapping
or otherwise intercepting some of the huge amounts of data that is transmitted
today through telecommunications between a company and its trading partners or
customers. Another is by stealing a disk or a laptop computer outside a company's
offices, for example in an airport. A solution to this problem is
data encryption
.
When data is encrypted, it is changed, bit by bit or character by character, into a
form that looks totally garbled. It can and must be reconverted, or decrypted, back to
its original form to be of use. Data may be encrypted as it is sent from the company's
computer out onto telecommunications lines to protect against its being stolen while
in transit. Or the data may actually be stored in an encrypted form on a disk, say on
a diskette or on a laptop's hard drive, to protect against data theft if the diskette or
laptop is stolen while an employee is traveling. Of course, highly sensitive data can
also be encrypted on a company's disks within its mainframe computer systems or
servers. This adds a further level of security if someone breaks into the computer
system. Why not then simply encrypt all data wherever it may be? The downside to
encryption is that it takes time to decrypt the data when you want to use it and to
encrypt it when you want to store it, which can become a performance issue.
Data encryption techniques can range from simple to highly complex. The
simpler the scheme, the easier it is for a determined person to figure it out and
''break the code.'' The more complex it is, the longer it takes to encrypt and
decrypt the data, although this potential performance problem has been at least
partially neutralized by the introduction of high-performance hardware encryption
chips. Encryption generally involves a data conversion algorithm and a secret key.
A very simple alphabetic encryption scheme is as follows. Number the letters of the
Search WWH ::
Custom Search