Databases Reference
In-Depth Information
Although this approach does simplify the recovery process for the users of the system, it also causes some
problems. First, each of the programs in the system becomes more complicated because of the extra logic
involved in adding records to the special log file. Second, you must write a separate program to update the data-
base with the information in this log file. Finally, every time a user completes an update, the system has extra
work to do; and this additional processing may slow down the system to an unacceptable level. Thus, in any
application, you must determine whether the ease of recovery provided by the approach is worth the price you
might have to pay for it. The answer will vary from one system to another.
242
As discussed in Chapter 4, a DBMS must provide ways to ensure that only authorized users can access the
database. Security is the prevention of unauthorized access, either intentional or accidental, to a database. The
most common security features used by DBMSs are encryption, authentication, authorizations, and views.
Encryption
converts the data in a database to a format that's indecipherable to a word processor or another
program and stores it in an encrypted format. When unauthorized users attempt to bypass the DBMS and get
to the data directly, they see only the encrypted version of the data. However, authorized users accessing the
data using the DBMS have no problem viewing and working with the data.
When a user updates data in the database, the DBMS encrypts the data before updating the database. Before
a legitimate user retrieves the data via the DBMS, the data is decrypted, or decoded, and presented to the user
in the normal format. The entire encryption process is transparent to a legitimate user; that is, he or she
is not even aware it is happening.
Access lets you encrypt a database with a password; and after you've encrypted the database, you can use
Access to decrypt it.
Decrypting
a database reverses the encryption. If your encrypted database takes longer
to respond to user requests as it gets larger, you might consider decrypting it to improve its responsiveness.
Using Access to encrypt or decrypt a database is a four-step process:
1. Start Access, but don't open the database you want to encrypt or decrypt.
2. Click More in the Open Recent Database pane on the Getting Started with Microsoft Office Access
page, navigate to the drive and folder that contains the database in the Open dialog box, click the
database name, click the Open arrow, and then click Open Exclusive.
3. On the Ribbon, click the Database Tools tab; then in the Database Tools group, click the Encrypt
with Password button. (To decrypt a database, click the Decrypt Database button.)
4.
In the Set Database Password dialog box, type the password for the database in the Password text
box, type the same password a second time in the Verify text box, and then click the OK button.
(If you are decrypting the database, type the password for the database in the Password text box
in the User Database Password dialog box, and then click the OK button.)
Authentication
refers to techniques for identifying the person who is attempting to access the DBMS. The use
of passwords is the most common authentication technique. A
password
is a string of characters assigned by
the DBA to a user that the user must enter to access the database. Users also use passwords to access many
operating systems, networks, and other computer and Internet resources. Biometric identification tech-
niques and the use of smart cards are increasing in use as an alternative to passwords for authentication.
Biometrics
identify users by physical characteristics such as fingerprints, voiceprints, handwritten signa-
tures, and facial characteristics.
Smart cards
are small plastic cards about the size of a driver's license that have
built-in circuits containing processing logic to identify the cardholder.
Unlike individual passwords, a
database password
is a string of characters that the DBA assigns to a data-
base and that users must enter before they can access the database. As long as the database password is known
only to authorized database users, unauthorized access to the database is prevented. The DBA should use
a database password that is easy for the authorized users to remember but that is not so obvious that others
can easily guess the password. If a DBA encrypts an Access database, the DBA must assign a database pass-
word, as shown in Figure 7-14. To create the database password, the DBA enters the same password twice to
verify that the initial entry is the one that the DBA wants.
