The Security Risks Associated with online access to database. The Article

The Security Risks Associated with online access to database. The common mistakes made by database administrators, security personal, and the application developers - Article Example This leads to only minimal security if any, despite regulations requiring organizations to secure their data (Chickowski, 2009-8). Further complicating factors are the complexity of large databases, and the heterogeneity of the modern database environment (Chickowski, 2009-6). Thus, Chickowski (2009-9) also recommends an education program to teach users about database security, and highlights the importance of good password management. Patches are infrequently applied because of the concept that if something is not broken, it doesn’t need to be fixed. Other areas of neglect are poor configuration management such as taking shortcuts, using test databases on production servers, etc. The latter especially leads to even further risks (Chickowski, 2009-8). These and other security lapses make databases vulnerable from worms, automated scanners, etc. Online databases can suffer from buffer overruns and the URLs â€Å"allow attacker code to be executed, and generally wreak havoc† (Chickowski, 2009-6). As for the application design itself, experts have even identified the most risky packages such as DBMS_SQL, UTL_TCP and DBMS_XMLGEN within Oracle, and third party applications can also undermine databases (Chickowski, 2009-8). Simple and expected measures for security are authentication, authorization, and access control. Apart from configuration and patches, more advanced measures are encryption, auditing, monitoring, and data masking essential for enterprise databases. Besides these, other technological solutions are ‘hardening’ the database using features provided by the database vendor, and keeping out non-essential items from the server, including documentation, sample configurations, code files and if possible built-in stored procedures that are unused. Anything else that cannot be deleted should be disabled instead. The relationship between databases and web applications are based on trust but