week 8
Teaching and Learning Methods to be Employed
1. Lecture on security mechanisms with live SQL demonstrations
2. SQL injection attack demonstration and prevention
3. Lab: Creating users, granting/revoking privileges in MySQL
4. Discussion: NDPR compliance for Nigerian database systems
Learning Outcomes / Objectives
By the end of this week, students should be able to:
1. Describe the major threats to database security.
2. Explain authentication, authorisation, and access control in DBMS.
3. Use SQL DCL commands (GRANT, REVOKE) to manage user privileges.
4. Explain how database views provide security through data abstraction.
5. Describe SQL injection and how to prevent it.
6. Explain encryption and audit trails as security mechanisms.
7. Describe the requirements of NDPR for database-driven applications.
8.2 Authentication and Authorisation
AUTHENTICATION verifies WHO the user is (identity verification). AUTHORISATION determines WHAT the authenticated user can do (access control).
1. Authentication methods: Username/Password, Multi-Factor Authentication (MFA — widely required by CBN for banking apps), biometrics, digital certificates
2. Authorisation implements the principle of LEAST PRIVILEGE — users are given only the minimum permissions needed for their role