DATABASE SYSTEMS AND THE WEB - Database Design and Development: An Essential Guide for IT Professionals

Database Reference

In-Depth Information

PHP

http://www.php.net/

W3-mSQL

http://www.hughes.com.au/software/w3-msql.htm

MsqlPerl

ftp://Bond.edu.au/pub/Minerva/msql/Contrib/

MsqlJava

http://mama.minmet.uq.oz.au/msqljava/

WDB

http://arch-http.hq.eso.org/wdb/html/wdb.html

Web/Genera

http://gdbdoc.gdb.org/letovsky/genera/

MORE

http://rbse.jsc.nasa.gov:81/DEMO/

DBI

http://www.hermetica.com/technologia/DBI/

DBGateway

http://fcim1.csdc.com/

SECURITY OPTIONS

In Chapter 16, we discussed database security in detail. We covered security admin-

istration. You are aware of the security risks and the general methods of protecting

the organization's database system. Now, when your database is integrated with the

Web, the security concerns intensify. The Internet is traditionally an open network.

The underlying protocols, TCP/IP and HTTP, are not designed for security. Any

packet-sniffing software can easily retrieve sensitive data from the open network.

First, we will explore the types of security vulnerabilities and the challenges. After

that, we will broadly examine a few significant security options.

Significance of Protection

Several times so far we have reviewed examples from electronic shopping. After

filling the virtual shopping cart, let us say, the user is ready to pay with a credit card.

When the user enters the credit card data and finishes the transaction, data trans-

mission to the server begins. The credit card details are part of the transmission. Any

ordinary packet-sniffing software can detect the details and siphon out the infor-

mation. In the Web environment, protection must be addressed at different levels.

At Each Tier Information transmitted over the public network moves around and

halts at each of the tiers in a three-tier architecture. Protection of information must

be addressed at the client, at the Web server, and also at the database server. This

requires the use of suitable techniques and security products.

Special Concerns at Client Machine As you have seen, in the Web environ-

ment, information transmitted to the client may contain executable code. An HTML

page transmitted to the browser may have embedded JavaScript or VBScript or one

or more Java applets. These are coming from, perhaps, an unknown server and are

likely to cause damages including the following on the client machine:

• Corrupt data.

• Delete or reformat entire disks.

• Steal user identification and password, and impersonate user in other computer

systems on the client machine.

Database Design and Development: An Essential Guide for IT Professionals

Search WWH ::

Custom Search

Home