Design of Main Memory Database System/Database Management
Chapter 5 Database Management
Database is a collection of objects that hold and manipulate data. Every database management system will have a limit on the total number of databases supported. Most of the databases support up to 10K databases per instance. Because of the virtual address space limitation, MMDB may not be able to support 100 databases per instance. Lets assume that database size is set to 100MB, then instance shall support 4 GB/ 100 MB= 40 databases maximum.
Database is a collection of many relational objects such as tables, views, and constraints. A user owns a database; the owners shall give special access to other users.
Functions of Database Management
- Create and delete databases
- Grant/Revoke privileges to users to access
- Grow/Shrink database based on its size
- Persistency of data
- Recovery of database in case of system crash
Validation Techniques for stray pointer writes
This is one of the major concerns in MMDBs during the application development cycle. MMDB expose the actual pointer to data, which may lead the application to do stray pointer write. This will corrupt the data. MMDB should provide a mechanism to detect this and recover the database in the event of corruption.
Database VS Schema
In the ANSI SQL-92 standard, a schema is defined as a collection of database objects that are owned by single user and form a single namespace. A namespace is a set of objects that cannot have duplicate names. For example, two tables can have same name if and only if they both belong to two different schemas.
Schema VS User
There is an implicit relationship between schemas and users. This relationship is so close that, many of the database users are unaware about this. If you create a user, DBMS creates a user and a schema and grants all privileges to the user on the created schema. Some DBMS expect the user to do the above in three different steps.
Default Database, Schema and User
Every DBMS will have at least one default database, schema and user with preset password. This is done to ensure that DBMS is ready to soon after the installation.
In a multi-user database management system, DBMS should provide techniques to enable certain users to access selected portions of a database without gaining access to the rest of the database. This is very important, when a large integrated database is to be used by many different users within the same organization. For example sensitive information such as salary should be kept confidential from most of the other database system users. DBMS accomplishes this by having authorization subsystem that is responsible for ensuring security of portions of database against unauthorized access.
Another security issue with databases that work across network shall be handled though data encryption. Encryption can also be used to provide additional protection for sensitive portions of database as well. The data is encoded using some coding algorithm. An unauthorized user who accesses encoded data will have difficulty in decoding the data. Authorized users will be given the decryption algorithms using which they shall access the data.
Database Administrator is the central authority for managing a database system. The DBA’s responsibility include creating, deleting users, changing user passwords, granting privileges to user on database objects and revoking the privileges in accordance with the policy of the organization. DBA is responsible for the overall security of the database system.
Access protection , user accounts and database
1. Whenever a person or group of person s need to access a database system, the individual or group must first apply for a user account. The DBA will then create a new account number and password for the user if there is a legitimate need to access the database. 2. The user must log in to the DBMS by entering account number and password whenever database access is needed.
3. The DBMS checks that the account number and password are valid; if they are, the user is permitted to use the DBMS and to access the database. Application programs can also be considered as users and can be required to supply passwords.
4. It is straightforward to keep track of database users and their accounts and passwords by creating an encrypted table or file with the two fields account number and password. This table can easily be maintained by the DBMS. Whenever a new account is created, a new record is inserted into the table. When an account is canceled, the corresponding record must be deleted from the table. 5. The database system must also keep track of all operations on the database that are applied by a certain user throughout each login session, which consists of the sequence of the database interactions that a user performs from the time of logging in to the time of logging off. When a user logs in, the DBMS can record the user's account number and associate it with the terminal are attributed to the user's account until the user logs off. It is particularly important to keep track of update operations that are applied to the database so that, if the database is tampered with, the DBA can find out which user did the tampering. 6. To keep a record of all updates applied to the database and of the particular user who applied each update, we can modify system log, which includes an entry for each operation applied to the database that may be required for recovery from a transaction failure or system crash. We can expand the log entries so that they also include the account number of the user and the on line terminal ID that applied each operation recorded in the log. If any tampering with the database is suspected, a database audit is performed, which consists of reviewing the log to examine all accesses and operations applied to the database during a certain time period. When an illegal or unauthorized operation is found, the DBA can determine the account number used to perform this operation. Database audits are particularly important for sensitive databases that are updated by many transactions and users, such as a banking database that is updated by many bank tellers. A database log that is used mainly for security purposes is sometimes called an audit trail.
If any tampering with the database is suspected, a database audit is performed, which consists of reviewing the log to examine all accesses and operations applied to the database during a certain time period. When an illegal or unauthorized operation is found, the DBA can determine the account number used to perform this operation. Database audits are particularly important for sensitive databases that are updated by many transactions and users, such as a banking database that is updated by many bank tellers. A database log that is used mainly for security purposes is sometimes called an audit trail.
Role based Access control
Types of Databases
Control Database - one
Catalog Database - one
User database - many
Usually 8 KB. should be same as OS page size.