IT Baseline Protection Manual T 2.40 Complexity of database access
T 2.40 Complexity of database access
A database management system (DBMS) is used to access one or more databases. This access can take place directly or via an application. To ensure the integrity of a database, all access to it must be controlled from a central point of administration. The complexity of such access procedures can result in the following problems:
Incorrectly designed user environment
If access rights for database users are too restrictive, this might prevent certain tasks from being accomplished.
If access rights for users are too loosely defined, this might lead to the unauthorised manipulation or browsing of data. This will also violate the integrity and confidentiality of the database.
If users are allowed to access a database directly (instead of via an application), this might damage the integrity of the database through data manipulations whose consequences cannot be foreseen by the users.
If database objects are not protected explicitly by the accessing applications through the use of an appropriate concept of authorisation and access, this could result in the manipulation of such database objects (e.g. a modification of table fields or indices). The database could be destroyed as a result.
Remote access to databases
If a database is made accessible within a network, inadequate security safeguards for remote access procedures might allow the manipulation and unauthorised browsing of data. This will also violate the integrity and confidentiality of the database.
Database queries
The total number of possible database queries must be restricted for each user and certain queries must be prohibited explicitly. Otherwise the confidentiality of sensitive data might be violated (particularly in the case of statistical databases).
If database queries from a certain application are not implemented in accordance with the SQL standard, the DBMS might not be able to execute and may therefore reject such queries (especially if database management systems from different vendors are in use).
Database queries which have not been specified precisely may supply incorrect or unexpected results if the database objects have been modified.
Example:The query "SELECT * FROM table" returns all the attributes/fields of a tupel/data record. If a field is now added to, or deleted from this table, fatal consequences may arise for applications which make use of this query.
