Download
lecture 14 midterm review security n.
Skip this Video
Loading SlideShow in 5 Seconds..
Lecture 14: Midterm Review Security PowerPoint Presentation
Download Presentation
Lecture 14: Midterm Review Security

Lecture 14: Midterm Review Security

1056 Views Download Presentation
Download Presentation

Lecture 14: Midterm Review Security

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Lecture 14:Midterm ReviewSecurity Friday, February 4, 2005

  2. Outline Midterm review SQL Security – 8.7 SQL Injection

  3. Midterm • Monday, 11:30, this room (in class) • 50’ • Open book • Notes, notebooks, anything • No computers

  4. Midterm • SQL • E/R Diagrams • Functional Dependencies • Recovery from crashes

  5. Midterm How to prepare: • Read lecture notes • Read from the textbook • Review the homeworks • Make sure you understand

  6. Discretionary Access Control in SQL GRANT privileges ON object TO users [WITH GRANT OPTIONS] privileges = SELECT | INSERT(column-name) | UPDATE(column-name) | DELETE | REFERENCES(column-name)object = table | attribute

  7. Examples GRANT INSERT, DELETE ON Customers TO Yuppy WITH GRANT OPTIONS Queries allowed to Yuppy: INSERT INTO Customers(cid, name, address) VALUES(32940, ‘Joe Blow’, ‘Seattle’) DELETE Customers WHERE LastPurchaseDate < 1995 Queries denied to Yuppy: SELECT Customer.address FROM Customer WHERE name = ‘Joe Blow’

  8. Examples GRANT SELECT ON Customers TO Michael Now Michael can SELECT, but not INSERT or DELETE

  9. Examples GRANT SELECT ON Customers TO Michael WITH GRANT OPTIONS Michael can say this: GRANT SELECT ON Customers TO Yuppi Now Yuppi can SELECT on Customers

  10. Examples GRANT UPDATE (price) ON Product TO Leah Leah can update, but only Product.price, but not (say) Product.name

  11. Examples Customer(cid, name, address, …..)Orders(. . ., cid, …) cid=foreign key Bill has INSERT/UPDATE rights to Orders. BUT HE CAN’T INSERT ! (why ?) GRANT REFERENCES (cid) ON Customer TO Bill Now Bill can INSERT tuples into Orders

  12. Views and Security • David has SELECT rights on table Customers • John is a debt collector: should see the delinquent customers only: David says: CREATE VIEW DelinquentCustomers SELECT * FROM Customers WHERE balance < -1000 GRANT SELECT ON DelinquentCustomers TO John Views are an important security mechanism

  13. Revokation REVOKE [GRANT OPTION FOR] privileges ON object FROM users { RESTRICT | CASCADE } Administrator says: REVOKE SELECT ON Customers FROM David CASCADE John loses SELECT privileges on DelinquentCustomers

  14. Revocation Same privilege,same object,GRANT OPTION Joe: GRANT [….] TO Art …Art: GRANT [….] TO Bob …Bob: GRANT [….] TO Art …Joe: GRANT [….] TO Cal …Cal: GRANT [….] TO Bob …Joe: REVOKE [….] FROM Art CASCADE What happens ??

  15. Revocation Admin Revoke 0 1 Joe Art 2 4 3 Cal Bob 5 According to SQL everyone keeps the privilege

  16. User: Password: fred ******** Search claims by: [Chris Anley, Advanced SQL Injection In SQL] SQL Injection Your health insurance company lets you see the claims online: First login: Now search through the claims : Dr. Lee SELECT…FROM…WHERE doctor=‘Dr. Lee’ and patientID=‘fred’

  17. Better: Search claims by: Dr. Lee’ OR 1 = 1; -- SQL Injection Now try this: Search claims by: Dr. Lee’ OR patientID = ‘suciu’; -- …..WHERE doctor=‘Dr. Lee’ OR patientID=‘suciu’; --’ and patientID=‘fred’

  18. SQL Injection When you’re done, do this: Search claims by: Dr. Lee’; DROP TABLE Patients; --

  19. SQL Injection • The DBMS works perfectly. So why is SQL injection possible so often ? • Quick answer: • Poor programming: use stored procedures ! • Deeper answer: • Move policy implementation from apps to DB