Databases Reference
In-Depth Information
In general, new database application should be designed to make effec-
tive use of the database system's security features. The design should be
carefully planned and executed. Each database component should be
reviewed to ensure that the appropriate security controls have been incor-
porated in the design for that component.
The following sections describe the process of designing and building
new database application. It should be emphasized that the first step
involves development of a sound security policy that defines how the orga-
nization manages, distributes, and protects sensitive information. A com-
prehensive security policy provides useful guidelines for designing the
database and related controls and results in a cleaner, more simplified set
of controls.
CASE Tools
Computer-aided systems engineering (CASE) tools can be used to design
and build database applications. These tools can be used to model data
flows and Entity Relationship and to build a unified repository of system
data. Some CASE tools generate database application code from the repos-
itory data. CASE tools can also be useful in analyzing the design to ensure
that the database conforms with the organization's policy objectives.
The Data Dictionary
The data dictionary can be used to store such information as the user
names of database users, user privileges, the names of database objects,
integrity constraints, and audit-related data. The data dictionary can serve
as a reference guide during database development. It is also a useful tool
for auditing database operations after implementation.
Because of the importance of the information stored in the data dictio-
nary, access to it should be carefully controlled. In general, end users
should be granted read-only privileges; write privileges should be
restricted to database administrators.
APPLICATION DEVELOPMENT
The standard approach in building Oracle Relational Database Manage-
ment System applications requires that the data be normalized, as needed,
and tables created according to design specifications. referential integrity
and value constraints should be included in table definitions Upon loading
tables, the Oracle database system automatically checks that the data con-
forms to the rules. Triggers can be written after the tables have been devel-
oped or at a later date.
Views should be created to provide controlled access to portion of mul-
tiple tables rather than to the table themselves. Views can be used to grant
Search WWH ::
Custom Search