A
Micro-Project Report
On
“DATABASE SECURITY, BACKUP AND RESTORE”
Submitted for the partial fulfillment of Third Semester subject
“DATABASE MANAGEMENT SYSTEM” (22319)
Submitted by Group no 9
Name of Student Enrollment No
1. PRANAV B WAGH 1912420309
2. RUPALI KATRE 1912420308
3. SWAPNIL PUSTODE 1912420310
4. PRACHI KHOBRAGADE 1912420311
Under the Guidance of
Mrs. B M MESHRAM
Lecturer
Department of Computer Engineering
Department of Computer Engineering
Government Polytechnic Gondia
Winter – 2019
1
Certificate
This is to certify that the Micro Project titled
“DATABASE SECURITY, BACKUP AND
RESTORE”
Carried out under guidance of Mrs. B M MESHRAM MAM,
Lecturer in Computer Engineering Department and submitted to
the Department of Computer Engineering.
Submitted By Group no 9
Name of Student Enrollment No.
1. PRANAV B WAGH 1912420309
2. RUPALI KATRE 1912420308
3. SWAPNIL PUSTODE 1912420310
4. PRACHI KHOBRAGADE 1912420311
As the partial fulfilment of Third semester Subject course of
“DATABASE MANAGEMENT SYSTEM” code: 22319 during
Winter-2019
Mrs. B M Meshram Mr. J M Meshram
Guide and Lecturer Head of Department
Department of Computer Engineering Department of Computer Engineering
Department of Computer Engineering
Government Polytechnic, Gondia
Winter-2019
2
INDEX
Sr
Title Page no.
No.
1 Rationale 4
2 Aim of Micro- Project 4
3 Course Outcome Achieved 4
4 Literature Review 4-10
5 Actual Methodology Followed 10-11
6 Actual Resources Used 12
7 Outputs of the Micro-Project 12
8 Skill Developed / learning out of this Micro-Project 12
9 Applications of this Micro-Project 13
3
Micro-Project Report
Title of Micro-Project: Database security, backup and restore.
1.0 Rationale
DATABASE SECURITY: Database security concerns the use of a broad range
of information security controls to protect databases against compromises of their
confidentiality, integrity and availability. It involves various types or categories of
controls, such as technical.
Database Backup: Database backup is the process of backing up the
operational state, architecture and stored data of database software. It enables the
creation of a duplicate instance or copy of a database in case the primary database
crashes, is corrupted or is lost.
Database Recovery: Data recovery is the process of restoring data that has
been lost, accidentally deleted, corrupted or made inaccessible.
2.0 Aim of Micro- Project
From this microproject we will know about the database security, backup
and restore. Various threats for database security. We will come to know
about how to protect or secure the data. Updated knowledge about the
threats of data security and how to maintain it.The ACID and CIA what
roles are played by them w will come to know in this project.
3.0 Course outcomes addressed
Surveying on Database Security , Backup and Recovery .
Understanding the Concept of Database Security , Backup and Recovery on
DBMS .
Apply security and confidentiality on database .
4.0 Literature Review
What is database security?(
https://www.tutorialspoint.com › distributed_dbms )
Database security is the technique that protects and secures the database against
intentional or accidental threats. Security concerns will be relevant not only to the
data resides in an organization's database: the breaking of security may harm other
parts of the system which may ultimately affect the database structure.
Consequently, database security includes hardware part, software part, human
resource, and data. To efficiently do the uses of security needs appropriate
controls, which are distinct in a specific mission and purpose for the system. The
requirement for getting proper security while often having been neglected or
overlooked in the past days; is now more and more thoroughly checked by the
different organizations.
4
We consider database security about the following situations:
a) Theft and fraudulent.
b) Loss of confidentiality or secrecy.
c) Loss of data privacy.
d) Loss of data integrity.
e) Loss of availability of data.
What is a threat? (
https://www.techopedia.com › definition › backup-and-recovery)
: - Any situation or event, whether intentionally or incidentally, can cause
damage which can reflect an adverse effect on the database structure and
consequently the organization. A threat may occur by a situation or event
involving a person, or the action or situations that is probably to bring harm to an
organization and its database. The degree that an organization undergoes as a
result of a threat's following which depends upon some aspects, such as the
existence of countermeasures and contingency plans. Let us take an example
where you have a hardware failure occurs corrupting secondary storage; all
processing activity must cease until the problem is resolved.
a) Confidentiality: - Confidentiality is roughly equivalent to privacy. Data in
database should be given to only authorized users.
Ex- in HR department employee’s personnel data should be accessible to that
particular employee and the HR person only.
b) Integrity: - Only authorized users should be allowed to modify data.
For ex: - only account department can change financial details of company.
c) Availability: - Authorized users can be able to accesses data any time he wants.
Ex- employee should be able to accesses own salary any time.
Why is database security important?
: - Database security is more than just important: it is essential to any company with any
online component. Sufficient database security prevents data bring lost or compromised,
which may have serious ramifications for the company both in terms of finances and
reputation. Database security helps:
a) Company’s block attacks, including ransomware and breached firewalls, which in
turn keeps sensitive information safe.
b) Prevent malware or viral infections which can corrupt data, bring down a network,
and spread to all end point devices.
c) Ensure that physical damage to the server doesn’t result in the loss of data.
d) Prevent data loss through corruption of files or programming errors.
5
As you will see, database security places an obligation on you and your business to
keep sensitive data stored correctly, and used appropriately. Complying with
regulations and the applicable law not only reduces the risk of information being
mishandled, but it protects you from both costly legal ramifications and lost customer
confidence. Investment in Database security will ensure you have done your due
diligence in terms of data protection.
Data protection
The information to be contained in personal data shall be obtained and
personal data shall be processed fairly and lawfully.
Personal data shall be held only for one or more specified and lawful purposes.
Personal data held for any purpose or purposes shall not be used or disclosed
in any manner incompatible with that purpose or those purposes.
Personal data held for any purpose or purposes shall be adequately relevant
and not excessive in relation to that purpose or those purposes.
Appropriate security measures shall be taken against unauthorised access to, or
alteration, disclosure or destruction of, personal data and against loss or
destruction of personal data.
Computer based controls
Most of the computer-based database security is listed below:
Access authorization.
Access controls.
Views.
Backup and recovery of data.
Data integrity.
Encryption of data.
RAID technology.
Database Backup
Database Backup is storage of data that means the copy of the data.
It is a safeguard against unexpected data loss and application errors.
It protects the database against data loss.
If the original data is lost, then using the backup it can reconstructed.
Types of backup:-
6
a) Normal or Full Backups
Normal backups are the fastest source to restore lost data because all the data
on a drive is saved in one location. The downside of normal backups is that they take
a very long time to run, and in some cases this is more time than a company can
allow. Drives that hold a lot of data may not be capable of a full backup, even if they
run overnight. In these cases, incremental and differential backups can be added to the
backup schedule to save time.
b) Incremental Backups
A common way to deal with the long running times required for full backups is to run
them only on weekends. Many businesses then run incremental backups throughout
the week since they take far less time. An incremental backup will grab only the files
that have been updated since the last normal backup. Once the incremental
backup has run, that file will not be backed up again unless it changes or during the
next full backup.
c) Differential Backups
An alternative to incremental database backups that has a less complicated
restore process is a differential backup. Differential backups and recovery are similar
to incremental in that these backups grab only files that have been updated since the
last normal backup. However, differential backups do not clear the archive bit. So a
file that is updated after a normal backup will be archived every time a differential
backup is run until the next normal backup runs and clears the archive bit.
Causes of Database Failures
There are some common causes of failures such as,
1. System Crash
2. Transaction Failure
3. Network Failure
4. Disk Failure
5. Media Failure
What is recovery? (
https://www.techopedia.com › definition › backup-and-recovery )
: - It is the method of restoring the database to its correct state in the event of a failure
at the time of the transaction or after the end of a process. Earlier you have been given
the concept of database recovery as a service which should be provided by all the
DBMS for ensuring that the database is dependable and remains in a consistent state
in the presence of failures. In this context, dependability refers to both the flexibility
of the DBMS to various kinds of failure and its ability to recover from those failures.
In this chapter, you will gather a brief knowledge of how this service can be provided.
To gain a better understanding of the possible problems you may encounter in
providing a consistent system, you will first learn about the need for recovery and its
types of failure which usually occurs in a database environment.
7
What is need for recovery of data?
: - The storage of data usually includes four types of media with an increasing amount
of reliability: the main memory, the magnetic disk, the magnetic tape, and the optical
disk. There are many different forms of failure that can have an effect on database
processing and/or transaction and each of them has to be dealt with differently. Some
data failures can affect main memory only, while others involve non-volatile or
secondary storage also. Among the sources of failure are:
Due to hardware or software errors, the system crashes which ultimately resulting in
loss of main memory.
Failures of media, such as head crashes or unreadable media that results in the loss of
portions of secondary storage.
There can be application software errors, such as logical errors which are accessing
the database that can cause one or more transactions to abort or fail.
Natural physical disasters can also occur such as fires, floods, earthquakes, or power
failures.
Carelessness or unintentional destruction of data or directories by operators or users.
Damage or intentional corruption or hampering of data (using malicious software or
files) hardware or software facilities.
Methods of database recovery
There are two methods that are primarily used for database recovery. These are:
1. Log based recovery - In log-based recovery, logs of all database transactions are
stored in a secure area so that in case of a system failure, the database can recover
the data. All log information, such as the time of the transaction, its data etc.
should be stored before the transaction is executed.
2. Shadow paging - In shadow paging, after the transaction is completed its data is
automatically stored for safekeeping. So, if the system crashes in the middle of a
transaction, changes made by it will not be reflected in the database.
Transaction (
https://www.tutorialspoint.com › dbms › dbms_transaction)
A transaction, in the context of a database, is a logical unit that is independently
executed for data retrieval or updates. In relational databases, database transactions
must be atomic, consistent, isolated and durable--summarized as the ACID acronym.
Transactions are completed by COMMIT or ROLLBACK SQL statements, which
indicate a transaction’s beginning or end. The ACID acronym defines the properties
of a database transaction, as follows:
Atomicity: A transaction must be fully complete, saved (committed) or
completely undone (rolled back). A sale in a retail store database illustrates a
scenario which explains atomicity, e.g., the sale consists of an inventory reduction
8
and a record of incoming cash. Both either happen together or do not happen - it's
all or nothing.
Consistency: The transaction must be fully compliant with the state of the
database as it was prior to the transaction. In other words, the transaction cannot
break the database’s constraints. For example, if a database table’s Phone Number
column can only contain numerals, then consistency dictates that any transaction
attempting to enter an alphabetical letter may not commit.
Isolation: Transaction data must not be available to other transactions until the
original transaction is committed or rolled back.
Durability: Transaction data changes must be available, even in the event of
database failure.
ORACLE:
Oracle Database (commonly referred to as Oracle RDBMS or simply as Oracle) is a
proprietary multi-model database management system produced and marketed
by Oracle Corporation. It is a database commonly used for running online
transaction processing (OLTP), data warehousing (DW) and mixed (OLTP & DW)
database workloads.
COMPUTER SYSTEM:
We have used HP, i7 9th generation WITH INBUILT WINDOWS 10 Operating
system of 3.20 GHz INTEL Pentium Core processor (Laptop).
Dell Inspiron desktops and all-in-one PCs are designed with innovative technology and
latest features.
9
OFFICE SOFTWARE PACKAGES:
We have used MS word 2013 for creating our report to show about how we
created this website. For performing of this project we have used MICROSOFT
WORD OFFICE OF 2013 version. Microsoft Office 2013 is a version
of Microsoft Office, a productivity suite for Microsoft Windows.
5.0 Actual Methodology Followed
First, we have discussed with each group member for what work should done by
which group member.
Then we have collected required information’s from many of websites, Books and
from internet about database security, backup and restore.
Studied the database security, backup and restore.
After understanding of some code, we have created a report to present our code and
data about database security, backup and restore.
After completing this report, we have submitted it to our mentor “MS. B M Meshram”
SQL DCL COMMANDS EXAMPLE
Data Control Language(DCL) is used to control privileges in Database. To perform
any operation in the database, such as for creating tables, sequences or views, a user
needs privileges. Privileges are of two types,
System: This includes permissions for creating session, table, etc and all types of
other system privileges.
Object: This includes permissions for any command or query to perform any
operation on the database tables.
In DCL we have two commands,
GRANT :It provides the user's access privileges to the database. In the MySQL
database offers both the administrator and user a great extent of the control options.
By the administration side of the process includes the possibility for the
administrators to control certain user privileges over the MySQL server by restricting
their access to an entire the database or ust limiting permissions for a specific table.It
Creates an entry in the security system that
allows a user in the current database to work with data in the current database or
execute specific statements.
10
Syntax:
GRANT privileges ON object TO user;
Example : GRANT Command
GRANT SELECT, INSERT, UPDATE, DELETE ON employees TO smithj;
GRANT ALL ON employees TO smithj;
GRANT SELECT ON employees TO public;
REVOKE : The REVOKE statement enables system administrators and to revoke the
privileges from MySQL accounts.
Syntax:
REVOKE privileges ON object FROM user;
Example : REVOKE Command
REVOKE DELETE ON employees FROM anderson;
REVOKE ALL ON employees FROM anderson;
REVOKE SELECT ON employees FROM public;
6.0 Actual Resources Used
S. No. Name of Resource/material Specifications Qty Remarks
1 WEBSITES https://www.c-sharpcorner.com/ -
UploadFile/65fc13/ddldml-and-dcl-in-
mysql/
https://www.c-sharpcorner.com/
UploadFile/65fc13/ddldml-and-dcl-in-
mysql/
11
https://www.tutorialspoint.com ›
Database-Backup-and-Recovery
1.
2 SOFTWARES Oracle,GOOGLE CHROME BROWSER 01/0
1
3 Computer system HP, core-i7processor with windows 01
10 operating system.
4 Office software packages MS WORD office 2010 -
7.0 Outputs of the Micro-Project
Learning about the database security.
About backup and restore.
Need of data security, backup & restore.
Grant
Revoke
12
8.0 Skill Developed / learning out of this Micro-Project
Skill developed from this micro-project is that to understanding the concept of
database security.
We have learnt how to protect data against irrelevant forms.
Learnt about the backup and restore.
9.0 Applications of this Micro-Project
Database security is more than just important: it is essential to any company with any
online component. Sufficient database security prevents data bring lost or
compromised, which may have serious ramifications for the company both in terms of
finances and reputation. Database security helps:
Company’s block attacks, including ransomware and breached firewalls, which
in turn keeps sensitive information safe.
Prevent malware or viral infections which can corrupt data, bring down a
network, and spread to all end point devices.
Ensure that physical damage to the server doesn’t result in the loss of data.
Prevent data loss through corruption of files or programming errors.
13
**************
14