{"title":"数据库中的安全漏洞:Web应用程序支持的替代软件产品的比较","authors":"Afonso Araújo Neto, M. Vieira","doi":"10.4018/JSSE.2011070103","DOIUrl":null,"url":null,"abstract":"When deploying database-centric web applications, administrators should pay special attention to database security requirements. Acknowledging this, Database Management Systems DBMS implement several security mechanisms that help Database Administrators DBAs making their installations secure. However, different software products offer different sets of mechanisms, making the task of selecting the adequate package for a given installation quite hard. This paper proposes a methodology for detecting database security gaps. This methodology is based on a comprehensive list of security mechanisms derived from widely accepted security best practices, which was used to perform a gap analysis of the security features of seven software packages composed by widely used products, including four DBMS engines and two Operating Systems OS. The goal is to understand how much each software package helps developers and administrators to actually accomplish the security tasks that are expected from them. Results show that while there is a common set of security mechanisms that is implemented by most packages, there is another set of security tasks that have no support at all in any of the packages.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"61 1","pages":"42-62"},"PeriodicalIF":0.0000,"publicationDate":"2011-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Security Gaps in Databases: A Comparison of Alternative Software Products for Web Applications Support\",\"authors\":\"Afonso Araújo Neto, M. Vieira\",\"doi\":\"10.4018/JSSE.2011070103\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"When deploying database-centric web applications, administrators should pay special attention to database security requirements. Acknowledging this, Database Management Systems DBMS implement several security mechanisms that help Database Administrators DBAs making their installations secure. However, different software products offer different sets of mechanisms, making the task of selecting the adequate package for a given installation quite hard. This paper proposes a methodology for detecting database security gaps. This methodology is based on a comprehensive list of security mechanisms derived from widely accepted security best practices, which was used to perform a gap analysis of the security features of seven software packages composed by widely used products, including four DBMS engines and two Operating Systems OS. The goal is to understand how much each software package helps developers and administrators to actually accomplish the security tasks that are expected from them. Results show that while there is a common set of security mechanisms that is implemented by most packages, there is another set of security tasks that have no support at all in any of the packages.\",\"PeriodicalId\":89158,\"journal\":{\"name\":\"International journal of secure software engineering\",\"volume\":\"61 1\",\"pages\":\"42-62\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International journal of secure software engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/JSSE.2011070103\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International journal of secure software engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/JSSE.2011070103","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security Gaps in Databases: A Comparison of Alternative Software Products for Web Applications Support
When deploying database-centric web applications, administrators should pay special attention to database security requirements. Acknowledging this, Database Management Systems DBMS implement several security mechanisms that help Database Administrators DBAs making their installations secure. However, different software products offer different sets of mechanisms, making the task of selecting the adequate package for a given installation quite hard. This paper proposes a methodology for detecting database security gaps. This methodology is based on a comprehensive list of security mechanisms derived from widely accepted security best practices, which was used to perform a gap analysis of the security features of seven software packages composed by widely used products, including four DBMS engines and two Operating Systems OS. The goal is to understand how much each software package helps developers and administrators to actually accomplish the security tasks that are expected from them. Results show that while there is a common set of security mechanisms that is implemented by most packages, there is another set of security tasks that have no support at all in any of the packages.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
