P1L7 Flashcards
importance of database security
- database stores sensitive data
- its structure influences how it’s accessed
- writen in language like SQL
- transactional nature (action done or not)
database main threat is from hacker or insider?
insider
database relations or tables is defined by
schema
database relations or tables consists of
tuples
what’s a key
value that uniquely define a tuple or a row
SQL operations on relations
select, insert, update, join, and delete
database access control
GRANT and REVOKE
GRANT syntax
GRANT {privilege} [ON TABLE] TO {user} [password] [WITH GRANT OPTION]
REVOKE syntax
REVOKE {privilege} [ON TABLE] FROM {user}
SQL privilege
SELECT, INSERT, UPDATE, DELETE
SQL injection can impact
confidentiality (extract data) and integrity (corrupt data)
Can sql injection be craft by using web application vulnerability?
True
inference attack
certain aggregate/stat queries can be allowed by all user, and hacker abuse that
defense against attacks
- do not allow aggregate
- transform data by de-identification or anonymization