Results 1 to 4 of 4

Thread: Database Systems with Web Access

  1. #1
    Join Date
    Jul 2010
    Posts
    118

    Database Systems with Web Access

    Introduction

    Based on the distinction between database and database management systems must first distinguish between database management systems in the narrower and wider. The former include products such as Microsoft Access, Filemaker or dBase file-based systems as well as server-based-active products such as Adabas, DB2, Firebird, Informix, Microsoft Sql Server, MySQL, PostgreSQL and Oracle. Building on one of these systems, there are numerous individual solutions advanced DBMS, the basic system to its own user masks, safety or a more far prefabricated routines for specific industries which expand. All advanced database management systems to organize the data transport between the data supplying staff and the DBMS in the strict sense and are referred to as data management systems (DMS) referred to. The spectrum for a DMS ranging from a zero-DMS, in which the raw Access tables, data entry may be used to direct, small Web-based solutions based on the Access, Filemaker or mySql to medium-sized industry-specific (libraries, university administration, hospitals) or cross-industry large systems (mySAP ERP Financial, SAP Applications by Oracle). The following text deals with the question of the safety problems at small and medium-sized systems can occur and from the perspective of a database developer to consider what the criteria are.

    An example

    An employee in a small firm is defined as an Access database with some tables, which he uses on his own computer first. The data are entered directly in the tables or in simple form, produced by Assistant masks. The data are also useful for other employees, so the database file moved to a server and used by several people. Meanwhile, the company grew and added tables more accessible to all employees should not be. However, since, even when using the internal user access configuration, each user operating her write access to file must be named by, any user can 'accidentally physically delete the database'. A backup is by copying the MDB file only. This can be forgotten, as it is from within Access can not be automated. It would also be desirable that a subset of the data involved, the company homepage in. This develops the question of whether external readers could send information to the review by a company employee, either on the homepage to read, or company activities (orders trigger). A sending the data via e-mail is technically easy, however, leads to the senseless duplication of re-entering.

    File-based solutions versus systems that are based on active database management systems

    There is write access, many individual operations which comprise: For a record to be more cells changed together, in one operation, two lines are added (eg transfer between two accounts) or it is schema of a table expands, the data contains already (adding a column, change a data type). Or, all changes are logged, so that the change of a line with a log entry occurs only or both operations fail because the logging can not be performed. Analog multiple access, the outside world to form an atomic unit on, come, if users read multiple records and change. This DBMS can still be busy codifying a change with the, already during the next read or write attempt is the. All these operations can be complex, network problems, and the like be interrupted by power failure, so that the question arises as to the consistency of the database. A loss of database consistency means in the critical case, the unprocessed cooperation of the file so that the loss of all data, so that security must be resorted to the last. This all changes between the last backup and the failure are destroyed. If the database is only used by one person, so like the changes between the last backup and the collapse can still reproduce. If the DMS, however, orders the Internet received from or to data relating to various employees within a larger organization, from different locations here entered, probably all gone, be irrevocable. This is particularly true for institutions serving the public, which the personal data of customers with employees be entered on the screen immediately, so that the body no paper version is available for.

    Dealing with the risk of data loss passive or active DBMS react differently. When using a passive system client computer CPUs to compete all the currently accessing a resource, the CPU of the server only provides ready-access file system. Cancels a connection drops out or the server, so keep the inevitable inconsistencies and the locks set of large write requests initially exist within. They can be resolved correctly - or the database remains inconsistent, then no choice but to resort to the last backup. Completely different processes an active backend this situation: Here the access needs a queue provided in and by the DBMS, ie the CPU of the database server, processed consistently. Cancels a network connection from now, we notice that the DBMS and cleaned all of this compound occupied by resources immediately. If an active system of electricity in, the work of the CPU immediately stops that, so cleanup is this the next time the DBMS are automatic.

    A properly configured system can therefore active after a power failure, all data also restore that until just before the failure have been entered. Usually it is sufficient to start the DBMS again. Additional backups are automatically create job per. The data files are hidden to all users, an accidental deletion is impossible. In total, that each data management system that claims to support only one serious multiple backends may support active. DMS is a reverse service, which both file-based backend to / server-passive and / active systems supported, so this system was a fundamental design decision in the design of this ignored. The manufacturer of this DMS produced lay against the illusion that the data in such a system 'safe enough' be in, so that the system cost savings could be active for one.

  2. #2
    Join Date
    Jul 2010
    Posts
    118

    Re: Database Systems with Web Access

    Restricted access and intrusions

    When designing a database system for multiple users it is expected that individuals with all their available funds try to unauthorized data access, be it to read it or to change them. The design of a database application is for this is not an ignorable exception, but a situation at any time with what is expected. This applies regardless of whether the database via the Web read or write access is based on. Even in systems that a closed network used in exclusively, there is competition among employees. Every major institution is in with 'black sheep' to warehouse and an employee may have been terminated, he tries to take revenge or employees to attach something else. A data management system should therefore be clear responsibilities characterized by. Finally, administrators can make mistakes, - depending on the DMS - harmless or minimally-threatening effects unfold. As a guideline for all of these requirements has become a central concept, the principle of minimal rights (Principle of least privilege) proved to be:
    • A user / client receives only those rights that he needed to carry out his duties necessarily have further information or rights does not receive anything.
    • Normally, this means that a special permission concept is developed. For only the rights within the DBMS used, they are the management of user rights is essential for strong DBMS. If user rights are managed by each of the main users, it would have these major users those rights as well as a strong DBMS access be set up outside of. This is the principle of minimum rights contradicts directly.

    This principle is the case for the assignment of user. You must be able to set sufficiently differentiated, it is necessary to distinguish between the actual read / write per table and the management of user rights itself, it corresponds bsp. so that in a larger organization, not a master key, each employee. Differentiated rights may only be enforced by the DMS if they can not be ignored. The principle of minimum rights to users is therefore only effective if it itself is the architecture of the DMS. This is, however, observed:
    • It is expected that the used basic software (operating system, software for connecting to the database / ODBC, actual database software) security bugs, which help to manipulate with, client connections accepted and the client saved passwords decrypt can or memory in the.
    • Such techniques, programs or their source code are available on the Web and can use standard software on the computer are no longer with the blockable. A non-existing floppy drive is useless if someone types in Notepad a hex code by which he has found in the Web, thereby in Access and created a buffer overflow in a memory-only administrator password get it.

    Readers may note that the author, although currently none of these techniques are known in practice. However, the trend of recent years shows that in virtually every basic software can have bugs to safety.

    Furthermore, today's operating systems to become more complex dimensions than they did five or ten years and included in the delivery of various debug tools. Critical gaps, the combination of individual, for himself considered tiny manipulations created by. The design of a DMS must therefore ensure that security bugs do not damage too great to enable such. The principle of minimum rights means applied to a data management system:
    • Each of the CPU of a client used password, which of client operating users that do not already know of, is a security risk. Defines a criterion for this DMS, if his knowledge increases one's rights allows, not 'mere decoration' is. This applies regardless of whether the password in clear text or encrypted or if it is present only during a connection in memory of the client is located.
    • Relationship between client and server should be as weak, so the connection capers and a separate run commands via this connection no further action allows. The question is always: What damage can occur if a knowledgeable one who can develop such systems, such a link uses interactive.
    • Safety-critical decisions are away from the client to make far as possible, other barriers that lie between them. The attempt to pass a safety-critical decisions that would be successful crossing other barriers presuppose that.

  3. #3
    Join Date
    Jul 2010
    Posts
    118

    Re: Database Systems with Web Access

    Two-tier versus three-and multi-level architectures

    Under a two-DMS system architecture is an understanding, in which the client directly with the database management system connects. In a three-stage system combines the client (Client-I) with another computer, which acts as a server to this client and himself client (Client-II) on the database management system logs in as. The latter usually runs on a third computer. For a two-level system the following features are characteristic:
    • Each user must DBMS DBMS-user entered are the inside and replaced by an interactive link. The purpose of the database server, open TCP port must be accessible to the client for. This connection can be both with the 'official client program' as well as with other operating system type tools to use it, such as ODBC within Excel, a VBScript, ADO connects with the one or the mail merge function of a word processor. DBMS bugs are discovered in an interactive user increase its own rights which allow, so such exploits this connection to be used on.
    • If a user own concept implemented before saving a record further review the conditions on which client has no direct access, so must the rights of the connection will be upgraded. Or is it second, then opened a stronger connection. The password needed for this requires the client to register. Either it is encrypted on the client or it was saved by his own client application passed the. In both cases, there is the password on the client before. If this gap is used, then the database can perform all operations for which permission has a stronger connection. Is this an account - based on the database - the maximum rights, it can be manipulated at will.
    • Creates the client after changing a record one additional logging, chopped client may skip this fuse or, for strong rights, then delete one sufficiently. A logging or a security that requires a cooperative client is worthless. A logging (a security) is only useful if they were also destructive of a client and can not skip the user name, account of which the action is running on, also logged.


    A three-level system allows a separation of the different access levels and should have the following characteristics:

    • Users work on the client and there I give a user name and password. The program used for this report with these data to the client-II, that examines the information via a dedicated connection to the DBMS by comparison with self-defined lines in tables. The password for this connection is the client-II announced that he is a firewall from the client-I separated. This means that access attempts on other TCP ports on the client-II is not possible. Users are not assigned to users within the DBMS. Bugs in the DBMS, an upgrade of their rights and allow the application require a valid set so that no longer pose too much risk because users are no longer in the vicinity of the situation in which they could test such a Bug.
    • On the client software is very diverse-I. Both a browser and access to bsp. an Internet server as a client-II port 80 communicate with the data as HTML pages or Web services makes available as a. It is crucial that the client I own does not do any security checks, but all the information through the firewall to the client II-forwards and be responsible only for the optical processing of results.
    • The entire business logic of the application (business rules), the bsp. a mask entered the data in multiple tables distributed to stores and they may not be the client I run on. It is true that on the client-I single, read-only fields bsp. are represented inactive. But this must merely a visual aid only. The business logic on the client-II and the stored procedures on the database server must ensure that any passed value fields are ignored for read-only.
    • According to the principle of minimum rights, the connection must be from the client to the DBMS-II minimal. This concerns the question of what rights the account within the DBMS is equipped with with which the client-II at the DBMS logs. Within a DBMS, there are different levels of rights:
      1. Actions as a system administrator with access to all databases, creating new databases and users
      2. Actions as a database owner: The user is allowed within its database tables and objects, create, modify and delete users, manage, but can new databases or other system users do not create.
      3. Actions as an admin DDL (Data Definition Language-Admin): This user may perform all the Sql commands, views, stored procedures) in the current database can be created and modified objects (tables with what. It is thus an owner of these objects. However, it can not delete the database objects to manage much of the security, which he does not possess.
      4. Actions as a Data Reader / Writer Data within a database: such users can not delete or create objects and tables, however, he has read and write access to all tables
      5. Actions with Select / Insert / Update / Delete rights to each table. This limits read or write access to the selected tables one. This allows a user records within a table with a command to change all that all persons 'Horst Maier' called that all salaries or € set to be 12:00. The database is not physically destroyed, their content has become useless.
      6. Exclusive execution of stored procedures with clearly defined actions. A stored procedure is a piece of code, the admin has been created by the DDL, multiple actions, own security checks before changing data, may include among other things, and what the client-II, only the execute permission to receive. If the owner of the DDL-Admin for additional inspections necessary tables, so the client can perform this procedure in full-II, although he right of access to each table does not.

    A small example of the structure of such procedures:
    Code:
    Create Procedure _insert_Artikel
    
    	 @ ProductName nvarchar (50)
    	 @ Item price money,
    	 - Is replaced with a correct user name / PWD
    	 - A random string, with which he
    	 - Identifies with all of the following actions
    	 @ Str_lToken nvarchar (50)
    	 - Output parameters are returned
    	 @ I_errDetail int output,
    	 @ I_Result int output
    
     Ace
    
     Declare @ int i_tranc
    
     - Security
     - Hat @ str_lToken the right to include in item data?
     - If not, it returns -1
     - Real number codes are used here for table / law
    
     Set @ i_Result check_ExecuteRight = ('article',
    	 'Insert', @ str_lToken)
    
     If (@ i_Result = -1)
     - Demolition
     Begin
    	 - Information that right was denied, is derived
    	 - Later produced the error text
    	 Set @ i_errDetail = 833
    	 Return
     End
    
     - Start a transaction if it is not working yet
     If (@ @ TRANCOUNT = 0)
     Begin
    	 Set @ i_tranc = 1
    	 Begin Transaction
     End
    
     - Run the appropriate command sequence
    
     Insert Into Article
    	 (Article name, article price)
     VALUES (@ ProductName, @ item price)
    
     - Get the new ID
     Set @ i_Result Scope_Identity = ()
    
     If (@ i_Result> 0)
    	 - Insertion was successful, so is logged:
    	 - Table, line, user and date
    	 Write_protocol_Row Execute ('article',
    		 @ I_Result, str_lToken @, getDate ())
    
     If (@ i_tranc = 1)
    	 Commit Transaction
    
     Return @ i_Result
    In terms of system security systems are acceptable, where the client-II allow access only via stored procedures. II was hacked client, so that the hacker connect to the DBMS is open, he can only perform these procedures. Normally, a procedure by different users on the same connection will be started in as she checked herself in the beginning, if the exporting user action is entitled to this. Does the hacker, the stored procedure without a valid @ of str_lToken, they will destroy this already own examination after. However, where the hacker is an internal staff that is a valid concern @ str_lToken has, it can perform actions than those which he can do on the interactive screens already, it succeeds in upgrading its own no rights. However, it must do so nor the names of all stored procedures to find out first what the data changes cause. Logs all changes to the stored procedure, so this logging even created if the procedure under such an attack is executed, a client can not skip this.

    Systems such as mySql, stored procedures do not support those who require that the entire Sql code generated on the client-II and each request will be sent to the DBMS to. It is a connection with Select/Insert/Update- and Delete rights to the tables necessary, so that under (5) above actions chopped client at a feasible II. A recording can only be made by her client-II, so it is now over the bar. From the point of missing stored procedures architectures, these systems are unsuitable for reasonable. If the risk of a hacked client-II appears negligible and if the code against sql injections, their use is justifiable.

  4. #4
    Join Date
    Jul 2010
    Posts
    118

    Re: Database Systems with Web Access

    The last examples illustrate how different can be the result of a successful burglary. If the client-II, a DBMS connection with system administrator permission, it belongs to the hacker immediately after the meltdown of the entire Client-II database management system. If, however, a weak connection used, the database stored procedures can run in only, so no immediate damage to be generated, as the next barrier follows. Commissioned an external company to develop a database link to a website, so pay attention to that false comfort or to save time, an unnecessarily strong link between Web and database server is not used.

    CONCLUSION

    From a security point of each two-layer system is unacceptable. Either the recording with the password of the user performed, this will also be deleted also. Or the connection is upgraded you must ask the client a stronger password. This can cut short the latest debug or hacking techniques. For the Microsoft world, each two-step approach, since the release of ADO and references to three-layer for about architectures obsolete.

Similar Threads

  1. Where is World’s biggest database storage systems
    By TheRuler in forum Off Topic Chat
    Replies: 3
    Last Post: 15-02-2012, 05:33 PM
  2. Replies: 3
    Last Post: 11-12-2010, 11:45 PM
  3. Open and print Access Database without access?
    By Boagrius in forum Software Development
    Replies: 6
    Last Post: 28-08-2010, 11:28 PM
  4. Access : Mobile Operating Systems ALP 3.0 and Mini ALP
    By blindsleeper in forum Portable Devices
    Replies: 1
    Last Post: 27-10-2008, 12:01 PM
  5. convert filemaker pro database to access database
    By Czack in forum MS Office Support
    Replies: 3
    Last Post: 15-04-2007, 01:06 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,650,730.73199 seconds with 17 queries