Database security is concerned with authorization rules, user-defined procedures, data encryption and authentication schemes etc. Let's have a detailed overview of these concepts:
Authentication Rules
Authentication rules are restriction on users, applied through DBMS for controlling data access and limiting actions on data. For example, a user can access a database table after giving a valid username and password. Another user can change records in the table but cannot add new records. Senior users are given full authority to take any action with the table. This authorization is applied by DBA according to the sensitivity of data and organizational rules.
User-Defined Procedures
In addition to the passwords and usernames, users can define their own procedures for security. For example, a user can add some secret questions in the procedure, in order to secure his account. Now, whenever the user logs in, he has to give procedure name along with his password. The procedure will ask the answers of the given secret questions and on submission of correct answers the user is given access to the database.
Encryption
Data encryption is a technique in which highly sensitive data is encoded (converted into unreadable form) before its storage or transmission over a network. The encoding method is kept tightly protected by the DBMS. The encoded data decoded (reverse process of encoding) for authenticated users only. Thus unauthorized users cannot read data and sensitive data is automatically encoded by DBMS. For example, in ATM system the pin code provided by the customer is encoded (encrypted) before its submission to the database server. A DBA can also manually encrypt data when needed.
Authentication schemes
Illegal access to computer resources is becoming a serious problem in the modern world. Passwords and usernames cannot identify the actual person who is logging on the computer system. Password can be leaked out or stolen therefore; it is not a secure method to block illegal access. Alternatively, some systems are using other authentication schemes for this purpose. These authentication schemes include signature dynamics, fingerprints and retina prints etc. Smart cards are normally used for the implementation of these schemes. For example, fingerprints are permanently stored on the smart card and whenever user wants to log in, he is required to insert his card into a card reader. He is also required to scan his fingerprints. Now if saved fingerprints on card and his actual fingerprints match with each other he is given access otherwise access is denied.