Database Reference
In-Depth Information
DATABASE
DBMS
Application
Network
Physical
Administrative
Legal/societal
Figure 16-3
Database security: layers of control.
be granted? Of course, the company does this because it is deemed that the company
owns the data in the database. In the same way, data privacy may be thought of as
protecting information about employees, customers, suppliers, and distributors from
unauthorized access. Who decides on this authorization? Naturally, the owners must
make the decision. Who are the owners—the company or those about whom infor-
mation is collected and stored?
Privacy issues are becoming more and more sensitive in North America, as they
have been in Europe for some time. Legislation about privacy and confidentiality
of information varies from region to region. Some basic rights are available to those
about whom data is retained in corporate databases. Individuals and institutions
may inquire about what information about them is stored and may demand to
correct any information about them. Privacy concerns escalate with the widespread
use of the Internet. Although formal regulations may not be adequate, organiza-
tions are ethically obliged to prevent misuse of the information they collect about
individuals and third-party institutions.
Web Security
While discussing database security, it is important to mention security mechanisms
as they relate to the DBMS and the Web. We will discuss these security options in
Chapter 19, which is dedicated to the topic of the database and the Web. Security
options include firewalls, proxy servers, digital signatures, and so on.
ACCESS CONTROL
Essentially, database security rests on controlling access to the database system.
Controlling physical access forms one part of database security. The other major
part consists of controlling access through the DBMS.
Let us consider two primary dimensions of access control. One dimension of
access control deals with levels of data access. A single user or a category of users
Search WWH ::
Custom Search