week 8
Teaching and Learning Methods to be Employed
1. Lecture on security mechanisms with live SQL demonstrations
2. SQL injection attack demonstration and prevention
3. Lab: Creating users, granting/revoking privileges in MySQL
4. Discussion: NDPR compliance for Nigerian database systems
Learning Outcomes / Objectives
By the end of this week, students should be able to:
1. Describe the major threats to database security.
2. Explain authentication, authorisation, and access control in DBMS.
3. Use SQL DCL commands (GRANT, REVOKE) to manage user privileges.
4. Explain how database views provide security through data abstraction.
5. Describe SQL injection and how to prevent it.
6. Explain encryption and audit trails as security mechanisms.
7. Describe the requirements of NDPR for database-driven applications.
8.6 Encryption
Encryption converts data into an unreadable format that can only be decoded with the correct key.
|
Encryption Type |
Description and Example |
|
Data at Rest |
Encrypting database files on disk. E.g., MySQL Transparent Data Encryption (TDE) — if the server's hard disk is stolen, data remains unreadable. |
|
Data in Transit |
Encrypting data as it moves between client and server. E.g., SSL/TLS encryption for bank API connections. |
|
Column-Level Encryption |
Encrypting specific sensitive columns. E.g., encrypting BVN, credit card numbers, passwords using AES-256. |
|
Password Hashing |
Passwords are never stored in plain text. A one-way hash (bcrypt, SHA-256) is stored instead. Even if the DB is stolen, passwords cannot be reversed. |