As the world is heading towards the future and the application of the Web expands on both Intranets and the public Internet, the subject of information security is getting vital to organizations. The Web presents a suitable, economical, and immediate way of putting out the data. As now it is very easy to broadcast information, it is just as essential to ensure that the information is no more than available to those who have the authority to exercise it.
We will write a custom Annotated Bibliography on Web and SQL Database Security specifically for you
807 certified writers online
With numerous systems applying dynamic construction of Web pages from a database, commercial information security is still more critical. Formerly, firm database authority or dedicated client software was obligatory to view the data. Nowadays anyone with access to a Web browser can inspect data in a database that is not appropriately guarded. In no way before has information security had so scores of weak points (Kelly et al, 2000). As the information technology industry shifts from the mainframe era to the client/server era to the Internet era, a largely growing number of points of infiltration have found ways in.
For a great deal of Internet security, database experts have had to depend on network administrators executing safety measures like firewalls to safeguard local data. As for the character of Intranet/ Internet information authority, still, a lot of security purposes fall into a dull area of accountability. (Zwicky et al, 2000)
Latest security measures and technology are initiated every day, and this article clarifies the Web and SQL Database security systems concerned with resolving the present troubles (Vaas et al, 2002).
The use of Microsoft’s SQL Server database has grown dramatically over the past few years. Improvements in the application have made it a viable option for many organizations, providing much of the same functionality as Oracle on mid-range applications and costing quite a bit less. Microsoft has also developed MSDE, a desktop edition of SQL server that is free to use. Many products use this as their database. MSDE is just a stripped-down version of SQL Server; it limits the number of allowed connections and the size of the database (2GB). Microsoft’s SQL Server uses the SA account for administration, which has superuser access to the server and no password by default. If you do not delete this account or give it a strong password, your data is available to anyone with a little SQL Server knowledge.SQL Server also supports its own authentication scheme or Windows login account. Many applications require the server to run in mixed mode-that is, allowing either authentication scheme to be used. For security purposes, you should ideally use only Windows authentication, enabling you to centrally manage all of your accounts.SQL Server contains a number of stored procedures. These are macros and programs that are installed by default. Some stored procedures allow users to execute code on the system. If your database is compromised, an attacker could use these stored procedures to gain full control of the system and as a launching point against other systems on your network. Be sure to remove or disable any stored procedures you do not require. (Songini, 2003)
Securing data for transmission over the Internet or Intranet is no simple job. The unsurpassed way to assess your security requirements is to consider the drawbacks of unofficial users viewing the data. The more confidentiality your data needs, the more security should be in place. Security is time and again far simpler to put into practice than to keep up. Make certain that the required procedures in your association keep your system up to date. Security is often ignored or avoided by everyday users for ease. By the time damaging of data or security breaks have been revealed, much spoil may have already been done. SQL Database and Web server merchants are regularly improving their systems, so keeping on up to date on the specific architectures is a necessity (Nichols and Lekkas, 2001).
- Kelly, Van E.; Thomas, Catharine P.; Wang, Huiyu. 2000, Managing Data-Based Systems Across Releases Using Historical Data Dictionaries. Bell Labs Technical Journal, Vol. 5 Issue 2, p121-133
- Nichols, R. and Lekkas, P., 2001, Wireless Security: Models, Threats, and Solutions, McGraw-Hill Professional.
- Songini, Marc L. 2003, SQL Server Users Focus On Database’s Security. Computerworld, Vol. 37 Issue 46, p6
- Vaas, Lisa; McCright, John S. 2002, Database battle heats up. eWeek, Vol. 19 Issue 45, p9
- Zwicky, E., Chapman, B., and Cooper, S. 2000, Building Internet Firewalls, O’Reilly & Associates.