What are the techniques of database security in information security?

Information SecuritySafe & SecurityData Structure

There are various techniques of database security which are as follows −

  • Secure network connection − The mobile database and the main database have to be synchronized at definite times. The synchronization is performed in the system software of the mobile database and is implemented over the http protocol.

  • Encrypted local database − The local database on the mobile device is encrypted and every time the user opens the mobile database, it has to enter his password. In case the mobile device is taken or broken by an intruder, the data that is stored on the local database is not understandable. The encryption algorithm is an element of SQL Server Mobile Edition and unfortunately it is not able to discover documentation for the specific algorithm.

  • User authentication at the database server − The synchronization of the shortimpression database that is set up on the mobile device with the main database is implemented with database replication technology. For this goals, there is an appropriate publication at the database server. A publication is the meta-data package of data about which data is repeated.

    The mobile database need the publication of the database server for the synchronization operation. It can connect to the publication an appropriate user account on the database server has to be used. This defines that the application user has to be authenticated at the database server.

  • Authentication at the web server − The communication between the mobile database and the main database is implemented over https. At the server side the communication link is managed by a web server. Therefore, it is possible to take benefit of standard web server authentication and needed the user to authenticate at the internet interface level.

    This requirement is essential because it provides protection for the mobile database agent that is implemented at the server side inside the web server. Without web server authentication each network user would be able to connect the server-side agent by easily using the appropriate URL.

  • Server-side mobile agent account − Both endpoints of the connection link are managed by mobile database team. During a synchronization phase, the agent operations on the server-side can be implemented by the default agent account of the server’s operating system or in the context of a dedicated account of the server’s operating system. It can use a dedicated operating system account for the implementation of the agent service.

  • Independent user accounts for the authoring and the read-only application − In case a user has to use the application both as an author of announcements and as a reader of some announcements it can assign two accounts to the user, an authoring account and a read-only account, or grant both functionalities to a specific user account.
Updated on 07-Mar-2022 09:54:51