database security community has developed multiple techniques and approaches to
ensure that there is data confidentiality, availability, and integrity. The
principal database security concepts include authentication, encryption,
authorization and change tracking.
is the process of identifying or confirming the identity of a person. The
method of confirming the identity of an individual can be capitalized through
validating their documents and through verifying the authenticity of the
digital certificate. Authentication involves testing the validity of at least a
specific identification. There are
different types of identification, which includes single-factor verification,
multi-factor validation, two- factor authentication and secure authentication. . Most of the
applications use two-factor authentication, in which two independent factors
are used to identify a user and at the same time two factors should not share a
common vulnerability. In most of the two-factor authentication schemes
passwords are used as the first factor and smart cards or other encryption
devices are used as the second factor. Apart from the two-factor authentication
there are many types of authentication methods like biometric authentication
which uses physical characteristic such as , fingerprint, eye iris, or
handprint to authenticate the user, Token-Bases authentication and certificate based
authentication All these kinds of authentication play a
similar role of confirming the identity of a person.. Therefore, authentication
has helped in confirming the identity of people and authenticity of products
(Johnson & Smith, 2006).
Encryption is the progression
of indoctrinating posts and data in such a way that only the accredited
individuals can have access to the information or messages. The scheme of
encryption employs pseudo-random key generated by algorithms to prevent
intruders from assessing unauthorized data and messages. There are two categories
of encryption including symmetric key and public key. The difference between
symmetric key and the public key is that public key is free while the symmetric
key is private and it is purchasable. . Encryption is widely used today for
protecting data in transit in a variety of application such as data transfer.
Encryption is also used to carry out other tasks such as authentication.
is the progression of permitting or rejecting admission to a secure system.
Mostly, the computer safety schemes are based on verification and
authorization. It is the purpose of stipulating admits to rights to assets interrelated
to data safety. . A multiuser database system must
permit users to selectively share data while retaining the ability to restrict
data access, there must be a mechanism to provide protection and security,
permitting information to be accessed only by properly authorized users.
Further, when tables or restricted views of tables are created and destroyed
dynamically, the granting, checking, and revocation of authorization to use
them must also be dynamic. Therefore,
authorization is vital in ensuring that security systems are kept secure and
free from interruption from intruders (Johnson & Smith, 2006).
trivial clarification provides mechanisms for applications. To ensure that
implementation of the query for changes of data and access to information is
related to changes, it is essential for application developers to implement
custom change tracking. Applications capitalize change tracking in determining
the type of rows that have been changed for a user table. To configure change
tracking, there is the usage of SQL Server management studio. To track changes,
there is the need of enabling change tracking and then would allow tables to be
tracked within the database (Silberschatz, Korth & Sudarshan, 2007).