Page 1432 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1432

Databases that fail to implement concurrency correctly may suffer
               from the following issues:

                    Lost updates occur when two different processes make updates

                    to a database unaware of each other’s activity. For example,
                    imagine an inventory database in a warehouse with different
                    receiving stations. The warehouse might currently have 10 copies
                    of the CISSP Study Guide in stock. If two different receiving
                    stations each receive a copy of the CISSP Study Guide at the same

                    time, they both might check the current inventory level, find that it
                    is 10, increment it by 1, and update the table to read 11, when the
                    actual value should be 12.

                    Dirty reads occur when a process reads a record from a
                    transaction that did not successfully commit. Returning to our
                    warehouse example, if a receiving station begins to write new
                    inventory records to the database but then crashes in the middle of

                    the update, it may leave partially incorrect information in the
                    database if the transaction is not completely rolled back.

               Concurrency uses a “lock” feature to allow one user to make changes
               but deny other users access to views or make changes to data elements
               at the same time. Then, after the changes have been made, an “unlock”
               feature restores the ability of other users to access the data they need.
               In some instances, administrators will use concurrency with auditing

               mechanisms to track document and/or field changes. When this
               recorded data is reviewed, concurrency becomes a detective control.


               Other Security Mechanisms

               Administrators can deploy several other security mechanisms when
               using a DBMS. These features are relatively easy to implement and are
               common in the industry. The mechanisms related to semantic
               integrity, for instance, are common security features of a DBMS.
               Semantic integrity ensures that user actions don’t violate any

               structural rules. It also checks that all stored data types are within
               valid domain ranges, ensures that only logical values exist, and
               confirms that the system complies with any and all uniqueness
               constraints.
   1427   1428   1429   1430   1431   1432   1433   1434   1435   1436   1437