Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Security of DBMSs

  • Conference paper
  • First Online:
Advances in Security, Networks, and Internet of Things

Abstract

Database management systems utilize various security measures but still have some known weaknesses. A security risk of ADABAS occurs from direct calls to the database from an unauthorized third-generation language program. Adaptive Server Enterprise is weak against denial of service attacks. Advantage Database Server security issue results from dynamic-link library injections. Access security weakness is the result of the use of macros. InterBase’s built-in backdoor left databases vulnerable for full access to the system. Other security risks will be discussed for Datacom, FileMaker, Integrated Database Management System, Informix, Ingres, InterSystems Caché, and SQL Server.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 229.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 299.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 299.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. B. Johnson, [Online], Adabas-Natural Best Practices for Multi-level Security. Available: https://techcommunity.softwareag.com/techniques-blog/-/blogs/adabas-natural-best-practices-for-multi-level-security. Retrieved: February 10, 2020

  2. Anonymous [Online], Germany: Bringing the Latest Big Data Security Technology to the Mainframe, MENA Report, 2015. Available: https://library.semo.edu:2443/login?url=https://library.semo.edu:4836/docview/1662311993?accountid=38003. Retrieved: February 10, 2020

  3. Anonymous [Online], ADABAS DBMS. Available: http://support.sas.com/documentation/cdl/en/acadbas/59521/HTML/default/viewer.htm#a000606259.htm. Retrieved: February 10, 2020

  4. Anonymous [Online], ADABAS and NATURAL Security Options. Available: http://support.sas.com/documentation/cdl/en/acadbas/59521/HTML/default/viewer.htm#a000382555.htm. Retrieved: February 20, 2020

  5. Anonymous [Online], Relational Database Server: Sybase: SAP ASE. (n.d.). Available: https://www.sap.com/products/sybase-ase.html#security-compliance. Retrieved February 20, 2020

  6. M. Rouse [Online], What is Adaptive Server Enterprise (ASE)? Available: https://whatis.techtarget.com/definition/Adaptive-Server-Enterprise-ASE. Retrieved February 10, 2020

  7. Anonymous [Online], Adaptive Server Enterprise 16.1. Available: http://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.infocenter.help.ase.16.0/doc/html/title.html. Retrieved February 25, 2020

  8. V. Vardanyan [Online], SAP ASE ODATA Server 16 Denial of Service. Available: https://packetstormsecurity.com/files/140610/SAP-ASE-ODATA-Server-16-Denial-Of-Service.html. Retrieved February 20, 2020

  9. Anonymous [Online], CVE Details. (2016, November 3). Vulnerability Details: CVE-2016-7402. Available: https://www.cvedetails.com/cve/CVE-2016-7402/. Retrieved: February 25, 2020

  10. P. Dobler, [Online], SAP Sybase ASE – Keeping Private Data Private with Data Encryption. Available: https://www.doblerconsulting.com/db-tech-trends/sap-sybase-ase-keeping-private-data-private-data-encryption/. Retrieved: February 25, 2020

  11. Anonymous [Online], TrustWave SpiderLabs. TrustWave. Available: https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18846. Retrieved: February 25, 2020

  12. D.E. Denning, S.G. Akl, M. Heckman, T.F. Lunt, M. Morgenstern, P.G. Neumann, R.R. Schell [Online], Views for multilevel database security. IEEE Transactions on Software Engineering, 13(2), 129–140. Available: https://doi.org/10.1109/TSE.1987.232889. Retrieved: February 25, 2020

  13. Anonymous [Online], MITRE Corporation. Process Injection. Available: https://attack.mitre.org/techniques/T1055/

  14. Anonymous [Online], Exploit Database. Sybase Advantage Data Architect – ‘.SQL’ Format Heap Overflow. Available: https://www.exploit-db.com/exploits/15378. Retrieved: February 5, 2020

  15. Anonymous [Online]. Beach, NCS DATACOM AND AIRDEFENSE LAUNCH WLAN SECURITY SERVICE. LAN Product News, 15(3) . Available: https://library.semo.edu:2443/login?url=https://library.semo.edu:4836/docview/204364487?accountid=38003. Retrieved: February 5, 2020

  16. Anonymous [Online], Security Overview. Available: https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/database-management/ca-datacom/15-1/administrating/security-overview.html. Retrieved: February 5, 2020

  17. Anonymous [Online].FileMaker Platform Security – Overview. Available: https://support.filemaker.com/s/article/FileMaker-Platform-Security-Overview-1503693058473?language=en_US. Retrieved: February 16, 2020

  18. M. Woodfield [Online], FREAK attack: what you need to know. Available: https://www.digicert.com/blog/freak-attack-need-know/#targetText=Currently known as ‘FREAK’, can then easily be decrypted. Retrieved: March 5, 2020

  19. C. Hoelscher [Online], IDMS History. Available: http://www.manmrk.net/tutorials/database/IDMS/IDMSHistory.htm. (1999). Retrieved: February 25, 2020

  20. CA IDMS, Centralized Security Overview. Available: https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/database-management/ca-idms/19-0/administrating/administrating-security-for-idms/ca-idms-centralized-security-overview.html. Retrieved: February 5, 2020

  21. W.-J. Chen, H. Kirstein, R. Pachipala, V.S. Dantale [Online], Security and Compliance Solutions for IBM Informix Dynamic Server [First Edition]. Available: http://www.redbooks.ibm.com/redbooks/pdfs/sg247556.pdf. Retrieved: February 10, 2020

  22. Anonymous. Actian Corporation, Ingres 10.2 Security Guide. (2016). doi: ING-102-SG-04

    Google Scholar 

  23. Anonymous [Online].InterBase 2017 Operations Guide. Available: http://docs.embarcadero.com/products/interbase/IB2017/OpGuide.pdf. Retrieved: February 5, 2020

  24. S. Harris [Online], DES is not Secure. Available: https://www.freeswan.org/freeswan_trees/freeswan-1.5/doc/DES.html. Retrieved: February 8, 2020

  25. M. Kemper, B. Bandy, [Online], SQL roles: users and security in InterBase. (n.d.). Available: https://www.ibphoenix.com/resources/documents/general/doc_59. Retrieved: February 20, 2020

  26. Anonymous [Online], About Caché Security. Available: https://cedocs.intersystems.com/latest/csp/docbook/DocBook.UI.Page.cls?KEY=GCAS_intro. Retrieved: February 8, 2020

  27. Anonymous [Online], Microsoft SQL server. In F. Botto, Dictionary of e-business (2nd ed.). Hoboken, NJ: Wiley. Available:https://library.semo.edu:2443/login?url=https://search.credoreference.com/content/entry/dictebusiness/microsoft_sql_server/0?institutionId=1804. Retrieved: February 11, 2020

  28. Anonymous [Online], Overview of SQL Server Security. Available: https://docs.microsoft.com/en-us/dotnet/framework/data/adonet/sql/overview-of-sql-serversecurity. Retrieved: February 11, 2020

  29. Anonymous [Online], Introduction to Access 2010 security. Available: https://support.office.com/en-us/article/introduction-to-access-2010-security-cae6d764-0318-4622-955f-68d9f186d6ca. Retrieved: February 10, 2020

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Southeast Missouri State University, Cape Girardeau, MO, USA

    Suhair Amer

Authors
  1. Suhair Amer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Suhair Amer .

Editor information

Editors and Affiliations

  1. Electrical and Computer Engineering, and Computer Science, University of Detroit Mercy, Detroit, MI, USA

    Kevin Daimi

  2. Department of Computer Science, University of Georgia, Athens, GA, USA

    Hamid R. Arabnia

  3. School of Computing and Data Sciences, Wentworth Institute of Technology, Boston, MA, USA

    Leonidas Deligiannidis

  4. Computer Science and Information Engineering, Asian University, Taichung City, Taiwan

    Min-Shiang Hwang

  5. Facultad de Informática - CIC PBA, Universidad Nacional de La Plata, La Plata, Argentina

    Fernando G. Tinetti

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Amer, S. (2021). Security of DBMSs. In: Daimi, K., Arabnia, H.R., Deligiannidis, L., Hwang, MS., Tinetti, F.G. (eds) Advances in Security, Networks, and Internet of Things. Transactions on Computational Science and Computational Intelligence. Springer, Cham. https://doi.org/10.1007/978-3-030-71017-0_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-71017-0_32

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-71016-3

  • Online ISBN: 978-3-030-71017-0

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics