The database security community has developed multiple techniquesand approaches to ensure that there is data confidentiality, availability andintegrity. The principal database security concepts include authentication,encryption, authorization and change trackingAuthentication:It is the process of identifying or confirming theidentity of a person. The method of confirming the identity of an individualcan be capitalized through validating their documents and through verifying theauthenticity of the digital certificate. Authentication involves testing thevalidity of at least a specific identification. There are different types of identification, which includessingle-factor verification, multi-factor validation, two- factor authenticationand secure authentication. .
Most of the applications use two-factor authentication, in which twoindependent factors are used to identify a user and at the same time twofactors should not share a common vulnerability. In most of the two-factorauthentication schemes passwords are used as the first factor and smart cardsor other encryption devices are used as the second factor. Apart from thetwo-factor authentication there are many types of authentication methods likebiometric authentication, Token-Based authentication and certificate basedauthentication. All these kinds of authentication play asimilar role of confirming the identity of a person. Authentication has helpedin confirming the identity of people and authenticity of products. Authorization:It is the progression of permitting or rejectingadmission to a secure system. Mostly, the computer safety schemes are based onverification and authorization. It is the purpose of stipulating admits torights to assets interrelated to data safety.
Authorization determineswhat a user can do on the database. By authorization one can control to accessthe data from unwanted users. Byusing the GRANT, DENY and REVOKE we can give authorization on database objects.
Authorization is vital in ensuring that security systems are kept secure and freefrom interruption from intruders (Johnson& Smith, 2006). Encryption:Encryption is the progression ofindoctrinating posts and data in such a way that only the accreditedindividuals can have access to the information or messages. The scheme ofencryption employs pseudo-random key generated by algorithms to preventintruders from assessing unauthorized data and messages.
There are twocategories of encryption including symmetric key and public key. The differencebetween symmetric key and the public key is that public key is free while thesymmetric key is private and it is purchasable. Authentication is alsoperformed using encryption. Decrypted key is required by to perform decryptionon the encryption data. Change tracking:The trivial clarification provides mechanisms forapplications.
To ensure that implementation of the query for changes of dataand access to information is related to changes, it is essential forapplication developers to implement custom change tracking. Applicationscapitalize change tracking in determining the type of rows that have beenchanged for a user table. To configure change tracking, there is the usage ofSQL Server management studio. To track changes, there is the need of enablingchange tracking and then would allow tables to be tracked within the database.