Authentication and Password Security
As previously learned, it is advisable for the database user to understand the fundamentals of the build-in database mechanisms. These mechanisms help in authorizing and enforcing various activities in the database. However, the party, which requests the action, must be identified first. This process of identification is closely related to the process of authentication. Authentication is the process of the correctness identity confirmation. The owner must provide proof that the identity is his/hers. However, identity is different from authentication in that it is identified through various methods. These include: password and username, a smart card, a badge and biometrics such as fingerprints. Password and usernames are the most used identities.
According to (Natan, 2005), every database user must choose a suitable authentication option. In this procedure, the user must provide some credentials, which the database can verify as belonging to the user. Once the database authenticates and verifies that indeed the credentials belong to the person, it assigns some privileges to that user. In a bid to secure database password and authentication, most databases allow the user to control the authentication process. For instance, DB2 UDB allows the user to choose options during authentication. CLIENT is such an option, in DB2 UDB it means that the database cannot authenticate on the server (Natan, 2005). In DB2, this option has an assumption that people should protect client workstations.
In giving database privileges to the user, one must pay attention to an effect the operating system can have. This might pose a danger especially on user domains and accounts of the administrator group. To secure such databases, users must select strong passwords, which cannot be easily guessed and cracked. This vulnerability attacks the SQL server by a worm, which copies Windows OS and gives guests a privilege to access the administrator domain. It also disables account of the guests and attempts sending local password copy and other configurations to a fixed mail address (Natan, 2005).
As far as database security is concerned, integrity in the database systems is crucial. As confirmed by Raj, database integrity involves the use of information systems in accounting for and controlling the organizational assets. This prevents improper modification. This means that even the authorized users have no permission to do a data modification in expense of the company assets. The principles of integrity imply that the system does not allow data manipulation but only in controlled ways, that ensures the integrity. The principle of authenticated user allows modification only to users with their identities verified to be suitable to undertake the task. The integrity principles also delegate authority where it assigns privileges, which reflect structure flexibility and bypassing prevention. It should also allow ease of use, which is safe with operation continuity on recovery and redundancy.
In preserving the integrity of a database system, trusted approaches of the DBMS are crucial. According to Raj, this involves systems of high Database Management Systems (DBMS) and multi-level DBMS security. In high DBMS, data is highly protected. Persons who are not cleared by the high system level cannot readily access it. In multi-level DBMS security, information is stored with different sensitivities. The users use different clearance securities and authorizations. This aims at overcoming constraints, which are imposed by high systems. High DBMS system is at great risk since many people must be cleared at high levels. This procedure of clearance is also expensive. There are architectures used to secure DBMS. These include: trusted subject, kernelized, replicated or distributed and integrity lock.