Chapter 12. SQL and RDBMS Security
Security became a huge issue for businesses around the world, demanding that companies protect their data both from external and internal treats. The Sarbanes-Oxley act of 2002 mandated that companies establish strict standards for their IT operations; this created a rush among database vendors to implement new security features that would include reporting, accounting, and auditing data access. As a language, SQL provides only limited security mechanisms, relying on the actual RDBMS software to implement a more robust security framework. Recognizing this, we've decided to give you a comprehensive overview of the RDBMS security, in addition to detailed coverage of SQL-specific security statements (both mandated by the SQL standard and the vendor-specific implementations).
Basic security mechanisms
Database security is an enormous topic, and exploring the ways in which leading database vendors implemented its various aspects is even larger. Security was not invented with the relational database; password authentication, locks, audit, and other security concepts are as ancient as human history, and SQL just added a new twist. Following SQL:2003's lead, all databases essentially comply in establishing the security procedures. Three levels of security are common to all RDBMS:
Authentication: User connects to the RDBMS to perform certain actions.
Authorization: User gets access to the database or database schema objects to perform certain actions, based ...
Get SQL Bible, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
