As the use of the Web grows on both Intranets and the public
Internet, information security is becoming crucial to organizations. The Web
provides a convenient, cheap, and instantaneous way of publishing data. Now
that it is extremely easy to disseminate information, it is equally important
to ensure that the information is only accessible to those who have the rights
to use it.
With many systems implementing dynamic creation of Web pages from a database,
corporate information security is even more vital. Previously, strict database
access or specialized client software was required to view the data. Now anyone
with a Web browser can view data in a database that is not properly protected.
Never before has information security had so many vulnerable points. As the
computing industry moves from the mainframe era to the client/server era to
the Internet era, a substantially increasing number of points of penetration
have opened up.
For much of Internet security, database specialists have had to rely on network
administrators implementing precautions such as firewalls to protect local data.
Because of the nature of Intranet/ Internet information access, however, many
security functions fall into a gray area of responsibility. This article describes
the primary areas where security falls within the domain of the DBA, who must
create the information solutions.
New security procedures and technology are pioneered daily, and this article
explains the various security systems involved with solving the current problems.
This article should provide a primer for further study of Web security and a
framework for understanding current security methodology. For Web security,
you must address three primary areas:
1. Server security -- ensuring security relating to the actual data or private
HTML files stored on the server
2. User-authentication security -- ensuring login security that prevents unauthorized
access to information
3. Session security -- ensuring that data is not intercepted as it is broadcast
over the Internet or Intranet
You can view these layers as layers of protection. For each layer of security
added, the system becomes more protected. Like a chain, however, the entire
shield may be broken if there is a weak link.
