Principles of Database Systems (Chapter 6: Database Security and Protection)

First, the database integrity

It refers to the accuracy and integrity of the database data in the database compatibility.

Role of the object integrity constraints

• Column-level constraint: Constraints include the column type, range, accuracy, etc.
• Constraint tuples: mutual constraint means between each field tuple
• Table-level constraints: constraints refers to the link between the number of tuples, relations

Definition of integrity constraints and implementation: entity integrity, referential integrity integrity, user-defined

************************** entity integrity ********************* *****

Entity integrity: In MySQL, entity integrity constraints and by the primary key is a candidate key constraint implementation.

Primary key columns must abide by the rules

• Each table can define a primary key
• Value (key) of the primary key must be able to uniquely identify each row in the table, and can not be NULL
• Composite primary key can not contain unnecessary redundant column
• A column name can only appear once in the list of composite primary key

 

 

The difference between a primary key constraint candidate key constraints 

• The primary key constraint A table can create a primary key PRIMARY KEY keyword
• Candidate key constraints can be defined several candidate keys keyword UNIQUE

*********************** referential integrity ************************ *******

REFERENCES tbl_name(index_col_name,…)
 [ON DELETE reference_option]
 [ON UPDATE reference_option]

tbl_name: Specifies the foreign key reference table name

index_col_name: Specifies the name of the referenced column

ON DELETE: Specifies the reference action related to SQL statements

reference_option: referential integrity constraints specified implementation strategies (RESTRICT- restriction policy | CASCADE- Cascade Policy | SET NULL- blank Strategy | NO ACTION- not take implementation strategy)

 

 

 

********************** user-defined integrity *********************** *****

Non-null constraints: NOT NULL

CHECK constraint: CHECK (expr)

Named integrity constraint: CONSTRAINT [Symbol] Symbol: constraints specified name

Only to specify the name of a table based on integrity constraints, unable to column-based integrity constraints specified name

The method is named integrity constraints before defining the description of the various integrity constraints with the keyword (CONSTRAINT), and the name of the constraint

Update integrity constraints

ALTER TABLE statement to update column or table various constraints related.

• 1, integrity constraints can not be modified directly. (Delete, add)
• 2, using the ALTER TABLE statement, you can delete independently integrity constraints, without deleting the table itself. (DROP TABLE statement removes a table, the table all the integrity constraints will be automatically deleted)

 

Second, the flip-flop

What is the trigger: a user-defined relational tables on a class of event-driven data objects, but also a way to ensure data integrity.

************************* create a trigger ********************** ********

Create triggers using the CREATE TRIGGER statement

CREATE TRIGGER trigger_name trigger_time trigger_event
 ON tbl_name FOR EACH ROW trigger_body

trigger_name: Specifies the name of the trigger

trigger_time: Specifies the time the trigger is triggered 

trigger_event: Specifies the trigger trigger event

tbl_name: Specifies the name of the table associated with the trigger

FOR EACH ROW: designated for each row affected by the triggering event should trigger action to activate

trigger_body: Specifies the trigger action body

For example: Create a table trigger customers_insert_trigger mysql_test customers database, the data for each time a row is inserted into table customers, the setting value of the user variable str one customer added!

 CREATE TRIGGER mysql_test.customers_insert_trigger AFTER INSERT
 -> ON mysql_test.customers FOR EACH ROW SET @str=‘one customer added!’

Use DROP statement removes a trigger

语法：DROP TRIGGER [IF EXISTS][schema_name.]trigger_name

• IF EXISTS: to avoid delete trigger in the absence of triggers
• Specifies the name of the database trigger is located: schema_name
• trigger_name: trigger name to be deleted

例如：DROP TRIGGER IF EXISTS mysql_test.customers_insert_trigger;

Use Triggers

INSERT trigger DELETE trigger UPDATE trigger

******************* INSERT trigger ***********************

In the INSERT trigger code, a reference may be called NEW (case insensitive) in the virtual table to access the rows are inserted. In BEFORE INSERT trigger, the value may be updated NEW

For example: In Table recreate trigger customers_insert_trigger mysql_test the customers database, for each time insert a row into table customers, the value of the user variable for the new insertion str customer id number.

CREATE TRIGGER mysql_test.customers_insert_trigger AFTER INSERT
 -> ON mysql_test.customers FOR EACH ROW SET @str=NEW.cust_id;

******************** DELETE trigger *************************

In the DELETE trigger code, you can refer to virtual tables named OLD (not case sensitive), and to access the deleted rows. OLD value in all is read-only, can not be updated.

******************* UPDATE trigger ***************************

In a UPDATE trigger code, you can refer to virtual tables named OLD (not case sensitive), and to access the value before the UPDATE statement is executed, it can refer to a named NEW (not case sensitive) to access a virtual table the updated value

For example: Create a table trigger customers_update_trigger mysql_test customers database, a table customers for every update, set the value table column value cust_contact cust_address column.

CREATE TRIGGER mysql_test.customers_update_trigger BEFORE UPDATE
 -> ON mysql_test.customers FOR EACH ROW
 -> SET NEW.cust_address=OLD.cust_contact;

 

Third, security and access control

Database security is the protection of the database in order to prevent the unlawful use and cause data leakage, alteration or destruction, so security for any DBMS for both essential.

Security and access control: authentication, user rights database to confirm

MySQL create an account using the CREATE USER statement

语法：CREATE USER user   [IDENTIFIED BY [PASSWORD]’password’]

• user format: Specifies the format to create a user account: 'user_name' @ 'host name'
• IDENTIFIED BY: Optional, specify the corresponding user account password
• PASSWORD: Optionally, specify a password hash

For example: MySQL server add two new users, their user name and were zhangsan lisi, they are the host name localhost, the user's password zhangsan 123, lisi user's password to use plaintext 456 PASSWORD () function It returns the encrypted hash value.

CREATE USER ‘zhangsan’@’localhost’ IDENTIFIED BY ‘123’,
 -> ‘lisi’@’localhost’ IDENTIFIED BY PASSWORD
 -> ‘*531E182E272080AB0740FE2F2D689DBE0146E04’;

Use DROP USER statement to delete user accounts

语法：DROP USER user [,user]…

For example: DROP USER lisi @ localhost

Use RENAME USER statement to modify user accounts

 

 

 例如：RENAME USER ‘zhangsan’@’localhost’ TO ‘wangwu’@’localhost’;

Use SET PASSWORD statement to modify the user's login password

SET PASSWORD [FOR user]=
 {
 PASSWORD(‘new_password’)
 |’encrypted password’
 }

例如：SET PASSWORD FOR 'username'@'localhost' = PASSWORD('pass');

Use the GRANT statement to authorize users

GRANT
 priv_type [(column_list)]
 [,priv_type [(column_list)]] …
 ON [object_type] priv_level
 TO user_specification [,user_specification] …
 [WITH GRANT OPTION]

• priv_type: Name used to specify permissions
• column_list: used to assign permissions to be granted to what specific list
• object_type: used to specify the type of object permissions granted
• priv_level: Specifies the level of permissions granted for
• TO: set a password for the user, and the user specifies the user has been granted permission
• user_specification：user[IDENTIFIED BY [PASSWORD]’password’]
• WITH: Options for transferring or limit the realization of rights

For example: SELECT privilege granted to the user zhangsan cust_id columns and columns in the table cust_name mysql_test database of customers.

 GRANT SELECT(cust_id,cust_name)
 -> ON mysql_test.customers
 -> TO’zhangsan’@’localhost’;

Grant users and user liming huang in the current system does not exist, requires the creation of two users, and set up a corresponding system login password, while they have the authority to grant SELECT and UPDATE on a table in the database mysql_test of customers.

 GRANT SELECT,UPDATE
-> ON mysql_test.customers
-> TO 'liming'@'localhost' IDENTIFIED BY '123',
-> 'huang'@'localhost' IDENTIFIED BY '789';

Grant system that already exist wangwu can perform all operations in the database permissions in the database mysql_test

 GRANT ALL
 -> ON mysql_test.*
 -> TO ‘wangwu’@’localhost’;

Grant system that already exists in wangwu have permission to create user

GRANT CREATE USER
 -> ON *.*
 -> TO ‘wangwu’@’localhost’;

Transfer of authority

Granted permission does not exist in the current system has a user zhou SELECT and UPDATE on a table in the database mysql_test customers and allow it can grant itself permissions to other users of the

 GRANT SELECT,UPDATE
 -> ON mysql_test.customers
 -> TO ‘zhou’@’localhost’ IDENTIFIED BY ‘123’
 -> WITH GRANT OPTION;

Use REVOKE statement to revoke user privileges

REVOKE
 priv_type [(column_list)]
 [,priv_type [(column_list)]] …
 ON [object_type] priv_level
 FROM user [,user] …

Recovery system user zhou SELECT privilege on the table of the customers database already exists mysql_test

 REVOKE SELECT
 -> ON mysql_test.customers
 -> FROM ‘zhou’@’localhost’;

 

Fourth, transactions and concurrency control

The so-called transaction data is a user-defined sequence of operations, these operations can be used as a complete unit of work, all either executed or not executed all, is an indivisible unit of work. Operations in the transaction data to update typically include add, delete, change.

 

 BEGIN TRANSACTION statement to begin with COMMIT statement or ROLLBACK statement ends

Characteristics of the transaction (ACID):

• Atomicity Atomicity: A transaction is the smallest indivisible unit of work
• Consistency Consistenc y:
• Isolation Isolation:
• Persistent (permanent) Durability

Example: according to the characteristics of ACID transactions, analysis and preparation of bank transfers transaction database system T: S transfer from account A to account B funding amount

BEGIN TRANSACTION
read(A);
A=A-S;
write(A);
If(A<0)ROLLBACK;
else read(B);
 B=B+S
 write(B);
 COMMIT;}

Concurrent operation issue

• • Loss of update transactions T1, T2 simultaneously read the same data, to modify them, submit the results of T1 and T2 will destroy the submitted results

• • the non-repeatable read transaction reads data T1, T2 transaction update operation, so that T1 can not be reproduced before the first reading result
• Reading "dirty" data after withdrawal transaction T1 • ​​modified data, so that the read data T2 is inconsistent with the database

The blockade is the most common concurrency control techniques basic idea: if necessary, by a request for the transaction data object it wishes to lock the system to ensure that it is not unexpected change

Lock: A lock is essentially a transaction to allow or block access privileges to a data object.

The basic block type:

• 1, an exclusive lock (X lock) for a write operation
• 2, a shared lock (S lock), for read operations

Blockade works:

• 1. If the transaction data T D plus X-lock, all other transactions to lock the requested data D must wait until the transaction T releases the lock.
• 2. If the transaction data T D plus the S lock, other transactions may request data D S of the lock, and the data D X lock request must wait until the transaction T releases the lock.
• 3. Transaction requests must first perform database operations corresponding lock, i.e. locked S read requests, to the update request X lock. This process is generally performed implicitly by the DBMS automatically while performing an operation.
• 4. Affairs has been obtained possession until the end of the lock is released

Blocked size

• We generally described particle size of the data unit blockade
• DBMS can decide the finer granularity of locks of different size, the greater concurrency, but software complexity and overhead greater.

Blocked level, also known as isolation or consistency level

• 0 Block: 0 does not override other non-transaction update data blocked uncommitted. (Practical value is low)
• Level 1 blockade: not allowed to rewrite update uncommitted data. Preventing the occurrence of lost updates
• Block Level 2: neither rewritten nor read uncommitted data updates (prevent dirty data read)
• Level 3 Block: do not read uncommitted data update, do not write any (including a read operation) did not submit data.

Deadlock and livelock

• Livelock - first come, first served
• Deadlock - Prevention (1) a one-time lock request (2) ordering the lock request (3) a sequence of process (4) Resource deprivation

Serializability

• Scheduling a transaction is a set of Ranking basic operation thereof.
• In the database system, serializability correctness criterion is executed concurrently, that is, if and when the concurrent execution of scheduling a set of transactions that can be serialized, only think they are correct.

Two French blockade

• 1. Development (Growing) or lock stages
• 2. contraction (Shrinking) or release the lock phase

Fifth, backup and recovery 

Way data loss:

1. Computer hardware failure

2. computer software malfunction

3. Virus

4. misoperation

5. Natural disasters

6. Theft

The concept of database backup and recovery

• Data backup is a copy of the database to create or copy by way of exporting data table file;
• Database recovery when the database is damaged or fails, the backup database loaded into the system, so that the database to recover from the error state to the correct state when backed up. Restore the database backup is based, it is the maintenance and management of backup operations and corresponding systems.

Use SELECT INTO ... OUTFILE statement to back up data

SELECT *INTO OUTFILE ‘file_name’ export_options
 | INTO DUMPFILE ‘file_name’

Specifies the name of the backup data file: file_name

 

Use LOAD DATA ... INFILE statement to restore the data

 

Brief recovery method of data?

All data tables in the backup database mysql_test customers to the BACKUP directory named c backupfile.txt disk file, if the field value is required character in double quotation marks, between the field values ​​separated by commas, each line question mark to the end of the flag. Then, the backup data into the same customers and a table structure in customers_copy empty table.

SELECT * FROM mysql_test.customers
INTO OUTFILE ‘C:/BACKUP/backupfile.txt’
FIELDS TERMINATED BY ’,’
OPTIONALLY ENCLOSED BY “”
LINES TERMINATED BY ‘?’;