Shengke Ye,Kaiye Dai,Guoli Fan,Ling Zhang,Zhihao Liang

DOI: https://doi.org/10.62051/pzqebt34

2024-04-10

Abstract:In this study, the network security of PostgreSQL database using Socket connection is deeply analyzed. By exploring Socket connections established by PostgreSQL over TCP, we find potential security threats and vulnerabilities during data transmission, which may expose database systems to network attacks such as unauthorized access and data leakage. In order to assess these security risks, this study simulated a variety of network attack scenarios, especially the implantation and detection of Webshell, to reveal the vulnerability of PostgreSQL to such network threats. Especially in defending against complex and changeable cyber threats such as Webshell attacks, this research also uses machine learning and artificial intelligence techniques to improve the automation level of security threat detection and response. These technologies can help identify complex attack patterns and improve resilience to emerging threats, thereby enhancing the overall security of PostgreSQL databases.

Ramyar Abdulrahman Teimoor

DOI: https://doi.org/10.21928/uhdjst.v5n2y2021.pp38-46

2021-10-10

UHD Journal of Science and Technology

Abstract:Currently, data production is as quick as possible; however, databases are collections of well-organized data that can be accessed, maintained, and updated quickly. Database systems are critical to your company because they convey data about sales transactions, product inventories, customer profiles, and marketing activities. To accomplish data manipulation and maintenance activities the Database Management System considered. Databases differ because their conclusions based on countless rules about what an invulnerable database constitutes. As a result, database protection seekers encounter difficulties in terms of a fantastic figure selection to maintain their database security. The main goal of this study is to identify the risk and how we can secure databases, encrypt sensitive data, modify system databases, and update database systems, as well as to evaluate some of the methods to handle these problems in security databases. However, because information plays such an important role in any organization, understanding the security risk and preventing it from occurring in any database system require a high level of knowledge. As a result, through this paper, all necessary information for any organization has been explained; in addition, also a new technological tool that plays an essential role in database security was discussed.

Paul Lesov

DOI: https://doi.org/10.48550/arXiv.1004.4022

2010-04-22

Databases

Abstract:The importance of security in database research has greatly increased over the years as most of critical functionality of the business and military enterprises became digitized. Database is an integral part of any information system and they often hold sensitive data. The security of the data depends on physical security, OS security and DBMS security. Database security can be compromised by obtaining sensitive data, changing data or degrading availability of the database. Over the last 30 years the information technology environment have gone through many changes of evolution and the database research community have tried to stay a step ahead of the upcoming threats to the database security. The database research community has thoughts about these issues long before they were address by the implementations. This paper will examine the different topics pertaining to database security and see the adaption of the research to the changing environment. Some short term database research trends will be ascertained at the conclusion.

Abdullah Hamidi,Abdul Razzaq Hamraz,Khadija Rahmani

DOI: https://doi.org/10.70648/naturalscience.v4i1.66

2024-05-13

Abstract:MySQL security is a concept that originates from database security and mainly comprises attacks that exploit database systems vulnerabilities. SQL injection, inference attack, passive attack, active attack, and other database side attacks are general security issues in many modern database systems. Those methods are used by hackers to retrieve, manipulate, misuse, make or delete information in organizations’ relational databases through application layer or backend layer. Different techniques to prevent MySQL against these attacks investigated and discussed in this article. Besides, different ways to secure or database were introduced. In this article, different ways to protect the data in relational databases including database backups, database and table locking, database encryption, user control, MySQL Enterprise Firewall, and use of views are discussed. Furthermore, each protection method explained with their usages and advantages. Database designers have to be aware of these methods to increase data protection on their designed information management systems. The goals of this research are to cover all security problems that occur in MySQL backend, declaring the security vulnerabilities and providing suggestions to improve MySQL security and preventing an attacker from attacking these systems.

WANG Jun

DOI: https://doi.org/10.3969/j.issn.1009-3044.2012.23.013

2012-01-01

Abstract:Along with the social informatization is getting higher and higher,the data stored in the DBMS to security requirements are also gradually improve.Systems generally will require the user to input the password,that is,by setting a password to protect the security of the database.It’s talking about commonly used methods of password analysis about database encryption.It’s obvious that encryption algorithm has been greatly enhanced in the new version through to the contrast analysis between an encrypted database of Access 2003 and an encrypt ed database of Access 2010,improved the password security of Access 2010.

Alex Zhu,Wei Qi Yan

DOI: https://doi.org/10.4018/ijdcf.2017100106

2017-01-01

International Journal of Digital Crime and Forensics

Abstract:SQLIA is adopted to attack websites with and without confidential information. Hackers utilized the compromised website as intermediate proxy to attack others for avoiding being committed of cyber-criminal and also enlarging the scale of Distributed Denial of Service Attack DDoS. The DDoS is that hackers maliciously turn down a website and make network resources unavailable to web users. It is extremely difficult to effectively detect and prevent SQLIA because hackers adopt various evading SQLIA Intrusion Detection System techniques. Victims may not be even aware of that their confidential data has been compromised for a long time. In this paper, our contribution is that we evaluate several most popular open source SQLIA tools and SQLIA prevention tools with both qualitative and quantitative assessments.

George S. Oreku

DOI: https://doi.org/10.9734/ajrcos/2022/v14i4304

2022-12-17

Asian Journal of Research in Computer Science

Abstract:SQL injection attack is one of the most serious security vulnerabilities in many Databases Managements systems. Most of these vulnerabilities are caused by lack of input validation and SQL parameters used particularity at this time of technology revolution. The results of a SQL injection attack (SQLIA) are unpleasant because the attacker could wipe the entire contents of the victim's database or shut it down. As such, SQLIA can be used as important weapons in cyber warfare. As an attempt of breaching of number of application data bases systems two SQL injection techniques were used to successful locating vulnerable points during this research which are Blind Text Injection Differential and Error based Exploitation. The motivations behind were to find out where the databases systems are most likely to face an attack and proactively shore up those weaknesses before exploitation by hackers. The success of both techniques is a result of poor web server (online database server) design especially in the selection of error messages (or answers) they display to website users if something goes wrong. The approach through examination of error messages (error codes) did enable to precisely know the backend Database Management System (DBMS) type and version and what exactly are parameters (variables) which can allow “illegally” injecting codes (a SQL query). Additionally, the paper presents SQLIA cases and their impact in Tanzania cyber space as well as it suggests the possible mitigation ways while reflecting the collected data with what currently existing in cyberworld as far as SQL injection attack is concern to present the reality.

Karuturi S R V Satish

DOI: https://doi.org/10.17762/ijritcc.v11i11.10396

2024-04-05

International Journal on Recent and Innovation Trends in Computing and Communication

Abstract:The majority of enterprises have recently enthusiastically embraced cloud computing, and at the same time, the database has moved to the cloud. This cloud database paradigm can lower data administration expenses and free up new business to concentrate on the product that is being delivered. Furthermore, issues with scalability, flexibility, performance, availability, and affordability can be resolved with cloud computing. Security, however, has been noted as posing a serious risk to cloud databases and has been essential in fostering public acceptance of cloud computing. Several security factors should be taken into account before implementing any cloud database management system. These features comprise, but are not restricted to, data privacy, data isolation, data availability, data integrity, confidentiality, and defense against insider threats. In this paper, we discuss the most recent research that took into account the security risks and problems associated with adopting cloud databases. In order to better comprehend these problems and how they affect cloud databases, we also provide a conceptual model. Additionally, we look into these problems to the extent that they are relevant and provide two instances of vendors and security features that were used for cloud-based databases. Finally, we provide an overview of the security risks associated with open cloud databases and suggest possible future paths.

Tanvi S. Patel,Srinivasakranthikiran Kolachina,Daxesh P. Patel,Pranav S. Shrivastav

DOI: https://doi.org/10.48550/arXiv.2211.10028

2022-11-18

Cryptography and Security

Abstract:A database is a prime target for cyber-attacks as it contains confidential, sensitive, or protected information. With the increasing sophistication of the internet and dependencies on internet data transmission, it has become vital to be aware of various encryption technologies and trends. It can assist in safeguarding private information and sensitive data, as well as improve the security of client-server communication. Database encryption is a procedure that employs an algorithm to convert data contained in a database into "cipher text," which is incomprehensible until decoded. Homomorphic encryption technology, which works with encrypted data, can be utilized in both symmetric and asymmetric systems. In this paper, we evaluated homomorphic encryption techniques based on recent highly cited articles, as well as compared all database encryption problems and developments since 2018. The benefits and drawbacks of homomorphic approaches were examined over classic encryption methods including Transparent Database Encryption, Column Level Encryption, Field Level Encryption, File System Level Encryption, and Encrypting File System Encryption in this review. Additionally, popular databases that provide encryption services to their customers to protect their data are also examined.

Andrew Figueroa,Steven Rollo,Sean Murthy

DOI: https://doi.org/10.48550/arXiv.1710.08023

2017-10-22

Databases

Abstract:This paper is an extended version of a report from a student-developed study to compare Microsoft SQL Server and PostgreSQL, two widely-used enterprise-class relational database management systems (RDBMSs). The study followed an introductory undergraduate course in relational systems and was designed to help gain practical understanding of specific DBMSs. During this study, we implemented three non-trivial schemas in each system, identified 26 common database design, development, and administration activities while implementing the schemas, and compared the support each system offers to carry out the identified activities. Where relevant, we also compared each system against the SQL standard. In this report, we present a summary of the similarities and differences we found between the two systems, and we provide a quantitative measure ranking both systems' implementations of the 26 activities. We also briefly discuss the "technical suitability" of PostgreSQL to enterprise applications. Although this report is not comprehensive and is too general to comment on the suitability of either system to a specific enterprise application, it can nevertheless provide an initial set of considerations and criteria to choose a system for most enterprise applications.

王德强,张锐,谢立,宋娇

DOI: https://doi.org/10.3969/j.issn.1002-137X.2002.12.004

2002-01-01

Computer Science

Abstract:Being an important part of Information System, Database Security has absorbed much attention fordecades. First, we bring forth the Database Security's contents, properties of data: sensitivity, integrity and availabil-ity. Several access control models to guarantee these properties are described in this paper. Due to the challengesbrought by advanced DBMSs such as OODBMS and ADBMS, we also discuss some security topics in these fields. Atthe end of this paper, the encryption control and inference control are reviewed together with some trend of thedatabase security technology in the future.

Alois Paulin

DOI: https://doi.org/10.48550/arXiv.1201.1081

2012-01-05

Computers and Society

Abstract:The Secure SQL Server - SecSS, is a technology primarily developed to enable self-service governance of states, as described in (Paulin 2012). Self-service governance is a novel model of governance that rejects service-based public administration and instead proposes that governed subjects manage their legal relations in a self-service manner, based on ad-hoc determination of eligibilities. In this article we describe the prototype SecSS and its evaluation in a complex governmental scenario.

Bo Sun,Sen Zhao,Guohua Tian

DOI: https://doi.org/10.1080/09540091.2024.2323059

2024-03-07

Connection Science

Abstract:Limited by the local storage resource, data users have to encrypt their data and outsource the encrypted databases to cloud servers to enjoy low-cost, professional data management services, which promotes the rapid development of outsourcing database technology. Despite this, the complex underlying setting and loosely coupled database architecture lead to various security risks and performance bottlenecks, while there is currently no work to achieve a comprehensive evaluation of existing encrypted database solutions from the aspects of underlying settings, security levels, functions, etc. In this work, we first propose an evaluation model to assess SQL functionalities and security from multiple dimensions. Secondly, we categorise the existing SQL query schemes into three categories: software-based construction, hardware-based construction, and hybrid-based construction, that is, a combination of software and hardware components. On this basis, we analyse the framework, advantages, and limitations of classic and state-of-the-art schemes. Finally, we summarise the software-based and hardware-based approaches from dimensions of SQL functionality, security, and efficiency, thus clarifying their ideal application scenarios. Notably, SQL query schemes that exhibit minimal equality of pair leakage and support strong obliviousness can achieve higher levels of security. In addition, hardware-based solutions can achieve more complex SQL queries and superior performance without designing complex and functionally-limited cryptographic tools.

computer science, artificial intelligence, theory & methods

P.K. Paul,P. S. Aithal

DOI: https://doi.org/10.47992/ijmts.2581.6012.0070

2019-10-18

Abstract:Information is the core and most vital asset these days. The subject which deals with Information is called Information Science. Information Science is responsible for different information related affairs from collection, selection, organization, processing, management and dissemination of information and contents. And for this information related purpose Information Technology plays a leading role. Information Technology has different components viz. Database Technology, Web Technology, Networking Technology, Multimedia Technology and traditional Software Technology. All these technologies are responsible for creating and advancing society. Database Technology is concerned with the Database. It is worthy to note that, Database is concerned with the repository of related data in a container or base. The data, in Database normally stored in different forms and Database Technology play a lead role for dealing with the affairs related to database. The Database is very important in the recent past due to wider applications in different organizations and institutions; not only profit making but also non-profit making. Today most organizations and sectors which deal with sensitive and important data keep them into the database and thus its security becomes an important concern. Large scale database and its security truly depend on different defensive methods. This paper talks about the basics of database including its meaning, characteristics, role etc. with special focus on different security challenges in the database. Moreover, this paper highlights the basics of security management, tools in this regard. Hence different areas of database security have mentioned in this paper in a simple sense.

Harshavardhan Kayarkar

DOI: https://doi.org/10.48550/arXiv.1206.4124

2012-06-19

Abstract:Data security is one of the most crucial and a major challenge in the digital world. Security, privacy and integrity of data are demanded in every operation performed on internet. Whenever security of data is discussed, it is mostly in the context of secure transfer of data over the unreliable communication networks. But the security of the data in databases is also as important. In this paper we will be presenting some of the common security techniques for the data that can be implemented in fortifying and strengthening the databases.

Cryptography and Security

Muhammad Saidu Aliero,Kashif Naseer Qureshi,Muhammad Fermi Pasha,Awais Ahmad,Gwanggil Jeon

DOI: https://doi.org/10.1002/cpe.5936

2020-07-22

Concurrency and Computation: Practice and Experience

Abstract:<p>Structure Query Language Injection Attack is among the top 10‐security threats that can be used on the web application to cause severe damage or gain unauthorized data access to the application server. Many reports have indicated an average of 64% of global websites are at risk of being attack by SQL injection, and many of the top companies have experienced thousands of attacks attempts through SQL injection. The current trend shows the increasing number of attacks factor as a result of the daily deployment of these applications without security detection and prevention mechanism is placed. To overcome this challenge, researches in academia and industry presented a proposal that automates SQL injection vulnerabilities assessment on the tested application. Current studies show the need to enhance techniques of these proposals to reduce the false alarms. In this study, we propose a component‐based technique to minimize the incidence of inaccurate results, as well as enable the ease of improving the proposed solution. The study uses three costumed applications as tested to evaluate the accuracy of the proposed solution. Each of these testbed consists of several vulnerabilities where the experimental evaluation performs to test the proposed tool. An empirical evaluation is carried out on three vulnerable custom websites to evaluate the effectiveness of the proposed study. The experiment results indicated significant results in terms of high accuracy. On the other hand, the proposed solution also has better capabilities to analyze page response based on four different techniques. Moreover, the proposed solution is the only solution that performs stored procedure attacks SQL and bypass login authentication even if the returned records are limited restriction is applied.</p>

Federico De Meo,Marco Rocchetto,Luca Viganò

DOI: https://doi.org/10.48550/arXiv.1605.00358

2016-08-10

Abstract:We present a formal approach that exploits attacks related to SQL Injection (SQLi) searching for security flaws in a web application. We give a formal representation of web applications and databases, and show that our formalization effectively exploits SQLi attacks. We implemented our approach in a prototype tool called SQLfast and we show its efficiency on real-world case studies, including the discovery of an attack on Joomla! that no other tool can find.

Cryptography and Security

Joseph Owuondo

DOI: https://doi.org/10.2139/ssrn.4548519

2023-01-01

SSRN Electronic Journal

Abstract:The advancement in data storage systems and novel data types has made organizations stop relying on the use of simple client/server I.T infrastructure and leverage more on multiple categories of database systems to keep heterogeneous data. The study exploits the benefits of deploying hybrid relational database management systems and NoSQL systems while developing better electronic health records (EHR) systems within health facilities alongside the facility decision support system (FDSS). More particularly, GIS, MySQL, and Mongo DB databases were integrated to enhance EHR systems alongside offering improve clinical decision support. The study adopted an experimental design to develop the Electronic Health Records System using GIS, MySQL, and Mongo DB software to create the database. Findings revealed that the atomicity, consistency, isolation, and durability feature typical of relational database management systems guaranteed data security, integrity, ease of access, and efficient transaction processing. Mongo database offered the system a more precise internal data structure and solid scalability along with simplified mapping of application objects to the underlying database design. The GIS database enabled clear visualization of patients’ geographical locations, medical facilities, and the physical location of the physicians. Integrating these database systems within the healthcare arena was instrumental in compelling application systems to adhere to the HIPAA EHR standards without compromising performance and scalability.

Madhavi Karnam,Srinu Banothu,Janardhan G,Balaram Allam,Sirisha G,Srinivasulu Shepuri

DOI: https://doi.org/10.12694/scpe.v25i5.3113

2024-08-01

Abstract:For the time being, many government or private organizations for recruitment of staff or educational institutions moving towards online based tests. The online examination system is a software application used for conducting examination using computer systems. It helps to the recruitment agency or any govt. or private organizations for conducting any job recruitment examinations transparently. Due to this system results are processed without delay and efficiently evaluated to assess the candidate’s abilities. But the biggest challenge for online examination system is data integrity, security and privacy. The current system is resolving the privacy issue by providing authentication credentials such as user name, password to the candidates. So that only authorized users with proper credentials can login to the system and attempt the exam. But the data confidentiality and integrity are biggest challenges for the system. As the data stored in system database is in plain text format, hence it may be modified or misused by the internal staff of the organization. This paper presents the frame work for secure storage and management of candidate’s data using encryption scheme, distributed databases in cloud database system. The proposed framework enhances the data confidentiality, integrity and avoids any cheating by internal staff or third party institutions. This paper conducts experimental work on proposed framework and analyses the results of the system.

Computer Science