week 8
Teaching and Learning Methods to be Employed
1. Lecture on security mechanisms with live SQL demonstrations
2. SQL injection attack demonstration and prevention
3. Lab: Creating users, granting/revoking privileges in MySQL
4. Discussion: NDPR compliance for Nigerian database systems
Learning Outcomes / Objectives
By the end of this week, students should be able to:
1. Describe the major threats to database security.
2. Explain authentication, authorisation, and access control in DBMS.
3. Use SQL DCL commands (GRANT, REVOKE) to manage user privileges.
4. Explain how database views provide security through data abstraction.
5. Describe SQL injection and how to prevent it.
6. Explain encryption and audit trails as security mechanisms.
7. Describe the requirements of NDPR for database-driven applications.
8.1 Database Security Threats
Database security aims to protect data against accidental or intentional disclosure to unauthorised persons, and data modification or destruction. Major threats include:
|
Threat |
Description and Nigerian Example |
|
Unauthorised Access |
Users accessing data they have no permission to see. E.g., a bank teller accessing the CEO's salary record. |
|
SQL Injection |
Attackers injecting malicious SQL code through application inputs to manipulate the database. Caused major breaches at Nigerian financial institutions. |
|
Insider Threat |
Authorised employees misusing their access. E.g., a bank employee stealing customer BVN and account details. |
|
Data Interception |
Data stolen in transit between client and server. E.g., unencrypted bank transactions on public WiFi. |
|
Privilege Escalation |
Obtaining higher access rights than authorised. E.g., a regular user accessing DBA functions. |
|
Denial of Service (DoS) |
Overwhelming the database server to make it unavailable. E.g., the JAMB portal crash during registration. |
|
Physical Theft |
Stealing physical storage media containing database files. |