week 8
8.1 Database Security Threats
Database security aims to protect data against accidental or intentional disclosure to unauthorised persons, and data modification or destruction. Major threats include:
|
Threat |
Description and Nigerian Example |
|
Unauthorised Access |
Users accessing data they have no permission to see. E.g., a bank teller accessing the CEO's salary record. |
|
SQL Injection |
Attackers injecting malicious SQL code through application inputs to manipulate the database. Caused major breaches at Nigerian financial institutions. |
|
Insider Threat |
Authorised employees misusing their access. E.g., a bank employee stealing customer BVN and account details. |
|
Data Interception |
Data stolen in transit between client and server. E.g., unencrypted bank transactions on public WiFi. |
|
Privilege Escalation |
Obtaining higher access rights than authorised. E.g., a regular user accessing DBA functions. |
|
Denial of Service (DoS) |
Overwhelming the database server to make it unavailable. E.g., the JAMB portal crash during registration. |
|
Physical Theft |
Stealing physical storage media containing database files. |