Call Us: US - +1 845 478 5244 | UK - +44 20 7193 7850 | AUS - +61 2 8005 4826

Use of DBMS in System Software

Falsifying User Identities

You need to know your users. In a distributed environment, it becomes more feasible for a user to falsify an identity to gain access to sensitive and important information. How can you be sure that user Pat connecting to Server A from Client B really is user Pat?

In addition, malefactors can hijack connections. How can you be sure that Client B and Server A are what they claim to be? A transaction that should go from the Personnel system on Server A to the Payroll system on Server B could be intercepted in transit and routed instead to a terminal masquerading as Server B.

Identity theft is becoming one of the greatest threats to individuals in the Internet environment. Criminals attempt to steal users’ credit card numbers, and then make purchases against the accounts. Or they steal other personal data, such as checking account numbers and driver’s license numbers, and set up bogus credit accounts in someone else’s name.

Nonrepudiation is another identity concern: how can a person’s digital signature be protected? If hackers steal someone’s digital signature, that person may be held responsible for any actions performed using their private signing key.

Password-Related Threats

In large systems, users must remember multiple passwords for the different applications and services that they use. For example, a developer can have access to a development application on a workstation, a PC for sending e-mail, and several computers or intranet sites for testing, reporting bugs, and managing configurations.

Users typically respond to the problem of managing multiple passwords in several ways:

  • They may select easy-to-guess passwords–such as a name, fictional character, or a word found in a dictionary. All of these passwords are vulnerable to dictionary attacks.
  • They may also choose to standardize passwords so that they are the same on all machines or Web sites. This results in a potentially large exposure in the event of a compromised password. They can also use passwords with slight variations that can be easily derived from known passwords.
  • Users with complex passwords may write them down where an attacker can easily find them, or they may just forget them–requiring costly administration and support efforts.

All of these strategies compromise password secrecy and service availability. Moreover, administration of multiple user accounts and passwords is complex, time-consuming, and expensive.

Unauthorized Access to Tables and Columns

The database may contain confidential tables, or confidential columns in a table, which should not be available indiscriminately to all users authorized to access the database. It should be possible to protect data on a column level.