Database security is concerned with authorization rules, user- defined procedures, and data encryption and authentication scheme.
These are the database security rules
Authentication rules are restriction on users, applied through DBMS for the controlling data access and limiting actions on data. For example, a user can access a database access table after giving a valid username and password. Another user can change records in the table but cannot add new records. Senior users are given full authority to take any action with the table. This authorization is applied by DBA according to the sensitivity of data and organization rules.
User Defined Procedure
In addition to the password and username, user can define their own procedures for security. For example, a user can add some secret questions in the procedure, in order to secure his account. Now, whenever the user log in, he has to give procedure name along with his password. The procedure will ask the answer of the given secret questions and on submission of correct answer; the user is given access to the database.
Data encryption is a technique in which highly sensitive data is converted into the unreadable form before its storage or transaction over a network. The encoding method is kept tightly protected by the DBMS. The encoded data is decoded for authentication user only. Thus data cannot be read by unauthorized users. Sensitive data is automatically encoded by DBMS.
For example, in ATM system the pin code provided by the customer is encoded before its submission to the database server. A DBA can also manually encrypt data when needed.
Illegal access to computer resources is becoming a serious problem in the modern world. Password and username cannot identify the actual person who is logging on the computer system. Password are leaked out or stolen, therefore it is not secure method to block illegal access.
Alternatively, some system are using other authentication scheme for this purpose. These authentication schemes include signature dynamics, finger-print and retina print etc. Smart cards are normally used for the implementation of these schemes. For example, finger-prints are permanently stored on the smart card and whenever user want to log in, he is required to insert his card into a card reader. He is also required to scan his finger-prints. Now if saved finger-print on card and his actual finger prints match with each other he is given access otherwise access is denied.