Databases Reference
In-Depth Information
or secure the application from denial-of-service attacks, most of the topics
addressed by application security involve the data, which almost always
resides in databases. If you look at application security white papers or
data sheets, you will find elaborate discussions of SQL injection attacks
and the protection required for data. All of these topics fall within the
intersection of application security and database security because the vul-
nerability is within the application, but the asset (the data) is within the
database. Chapter 5 includes a detailed discussion of SQL injection and
other security issues that involve this intersection between the application
and the database.
2.6
Public key infrastructure (PKI)
Cryptography is perhaps one of the most well-known techniques within the
security landscape and is often viewed by many as synonymous with secu-
rity. If someone were to ask you how they can protect data (regardless of
whether the data resides in a database table, in an e-mail, or in a Word doc-
ument), your first reaction might be to tell them to encrypt it. Encryption
using cryptographic functions is the most obvious method for addressing
data confidentiality needs. Because these needs are so prevalent anywhere
you turn and in every application type, a large branch of the security indus-
try is focused on this issue. Whether you need to encrypt sensitive docu-
ments, confidential e-mail, private data, or Web transactions, you need a
crypto solution.
In addition to encryption, cryptography plays an important role in
ensuring data integrity, including ways of alerting you when data has been
tampered with. This is possible because cryptographic routines can be used
to generate a unique and tamper-proof hash value based on the original
data that can be validated to prove that the data or message has not been
altered. This is related to the notion of digital signatures—the second main
use for cryptography.
Cryptography became practical for everyday worldwide usage with the
invention of public key cryptography algorithms (rather than symmetric
key algorithms). This is perhaps the single most important breakthrough in
the world of security, which owes a lot to three researchers named Rivest,
Shamir, and Adelman (from which emerged the name of the RSA algo-
rithm and the name for the main vendor for PKI—RSA Security). With
symmetric algorithms, the same key that is used to encrypt data is also used
to decrypt the data. With public key algorithms, a pair of keys is used: a
public key that is normally known to everybody is used to encrypt the data,
Search WWH ::
Custom Search