Like database maintenance, database security is an important topic with details that vary from database to database. This chapter doesn't try to cover everything there is to know about database security. Instead, it explains some of the general concepts that you should understand.

In this chapter, you learn how to:

• Pick a reasonable level of security for the database.
• Choose good passwords.
• Give users necessary privileges.
• Promote a database's physical security.

THE RIGHT LEVEL OF SECURITY

Database security can range from nonexistent to tighter than Fort Knox. You can allow any user or application to connect to the database, or you can use encryption to prevent even the database itself from looking at data that it shouldn't see.

Though many people think more security is better, that's not always the case. Some databases can encrypt the data they contain, so it's very hard for bad guys to peek at your data. Unfortunately, it takes extra time to encrypt and decrypt data as you read and write it in the database, and that slows things down. For most applications, that level of security is overkill.

Although you may not need as much security as the White House, Bank of America, or the Tokyo Stock Exchange, it does make sense to take advantage of whatever security features your database does provide. The following sections describe some of the security features that you should look for in a database product.

Rather than getting the most powerful security system ...