Table of Contents
Dedication v
Preface xi
Chapter 1 Introduction to Information Security, Data Security, and Database Security 1
1.1 Information Security 2
Confidentiality 2
Integrity 2
Availability 3
1.2 Security Threats, Controls, and Requirements 4
Security threats 4
Security controls 5
Security requirements 5
1.3 Data Security 6
1.4 Database Security 7
Data confidentiality 7
Data integrity 8
Data Availability 14
1.5 Summary 15
Chapter 2 Database Design 17
2.1 Normalization 18
2.2 Surrogate Keys and Data Integrity 24
2.3 Normalization, Access Restrictions, and Beyond 27
2.4 Summary 29
Chapter 3 Database Management and Administration 31
3.1 Backup and Recovery 32
Backup and restore of a specific database 33
Backup and restore of multiple specific databases 36
Backup and restore of specific tables 36
Backup of users, privileges, and other components 38
Deciding what to backup 39
3.2 User Account Security Configurations 40
Password expiration 40
Disabling/enabling user accounts 45
3.3 Summary 46
Chapter 4 Database User Accounts 47
4.1 Creating and Removing Database User Accounts 48
4.2 Listing User Accounts 53
4.3 Host-Restricted Accounts 54
4.4 Summary 58
Chapter 5 Database Privileges 59
5.1 Overview of Privileges and Database-Level Privileges 61
5.2 Capability to Manage Privileges 66
5.3 Listing Privileges 67
5.4 Removing Privileges 70
5.5 Working with TLS and Table-Level Privileges 73
5.6 TLS and Normalization Revisited 83
5.7 Column Level Security (CLS) 89
5.8 CLS and Evolving Data Access Requirements and Data 98
The capability for CEO and CFO to read salary data 99
The capability for employees to see address data 100
The capability for executives to keep private notes in the budget table 101
5.9 Row Level Security 104
5.10 Summary 104
Chapter 6 Roles 105
6.1 Defining Role Members and Data Access Requirements 106
6.2 Creating a Database Role, Showing Role Privileges, and Removing a Role 111
6.3 Assigning Privileges to Roles 113
6.4 Database Users and Role 118
Adding and removing a database user to a role 119
Listing, setting, and testing a user's role 121
The default role 125
Listing privileges and roles revisited 127
6.5 Roles and Evolution 131
A new employee is hired 131
An employee adds a role or moves to another role 133
An employee leaves a role or the organization 134
6.6 Summary 135
Chapter 7 Database Security Controls for Confidentiality 137
7.1 Views 137
Concept of a view 137
Creating a view 139
Showing a list of views and a view definition 141
Accessing the data of a view 142
Security considerations of a view 144
Deleting and redefining views 148
Views and multiple data access requirements 150
7.2 Encryption, Decryption, and Hashing 153
Encryption 154
Decryption 155
Hashing 156
Salting 162
7.3 Stored Routines 167
Stored functions 169
Stored procedures 173
Revisiting the password authentication implementation 175
7.4 Summary 177
Chapter 8 Transactions for Data Integrity 179
8.1 Commits, Rollbacks, and Automatic Commits 180
8.2 Beginning a Transaction with COMMIT or ROLLBACK 183
8.3 Beginning a Transaction with START TRANSACTION 190
8.4 Condition Issued COMMIT or ROLLBACK 190
8.5 Exception Issued ROLLBACK 192
8.6 A Larger Demonstration of Transactions 197
8.7 Summary 206
Chapter 9 Data Integrity with Concurrent Access 207
9.1 Concurrent Access and Backups 207
9.2 Concurrent Access with DML Statements 212
Table-level looking 217
Row-level locking 223
UPDATE locks 224
SHARE locks 227
9.3 Deadlock 231
9.4 Summary 234
Appendix 235
Index 245