Обсуждение: Secure DB design ?

Поиск
Список
Период
Сортировка

Secure DB design ?

От
Jan Vaartjes
Дата:
Hello,

Im a dutch student, working on a project where security of user 
information stored in a database is priority 1. So the database 
must be designed with high security in mind. I've searched the 
net very intesive, but did'nt find a good recource which can help 
me with "secure database design". I hope someone can help me on 
such a recource, a good book may help too.
Thanx in advange.

Re: Secure DB design ?

От
Bruno Wolff III
Дата:
On Fri, Sep 13, 2002 at 20:47:03 +0200, Jan Vaartjes <j.vaartjes@quicknet.nl> wrote:
> Hello,
> 
> Im a dutch student, working on a project where security of user 
> information stored in a database is priority 1. So the database 
> must be designed with high security in mind. I've searched the 
> net very intesive, but did'nt find a good recource which can help 
> me with "secure database design". I hope someone can help me on 
> such a recource, a good book may help too.
> Thanx in advange.

Translucent Databases by Peter Wayner describes using encryption and hashing
to secure data in databases. There are limits on what you can do with this,
but the methods used can be helpful in some cases.

Re: Secure DB design ?

От
Michael Poole
Дата:
Jan Vaartjes writes:

> Im a dutch student, working on a project where security of user
> information stored in a database is priority 1. So the database must
> be designed with high security in mind. I've searched the net very
> intesive, but did'nt find a good recource which can help me with
> "secure database design". I hope someone can help me on such a
> recource, a good book may help too.

The first thing you will need to decide is: What do you mean by security?

There is the integrity of the data: Does the database system preserve
the data accurately, or does it have bugs that corrupt data?

There is identification: How sure are you (or your database system)
that a user of the system is who they say they are?

There is authorization: Does the database system (or layers you put on
top of it) provide good enough access control for your application,
both in what they can read and change?  Bugs or design errors in the
system can sometimes circumvent the access controls.

There is transport privacy: Is the user's traffic secure enough
against eavesdropping?

Depending on your application, you may have to address other types of
security.  Unfortunately, "security" by itself is so vague as to not
be a useful metric of databaes design.

-- Michael