Database

SOLUTIONS TO REVIEW QUESTIONS

AND EXERCISES

FOR PART 5 – SELECTED DATABASE ISSUES

(CHAPTERS 20 – 23)

此文件由本人颜彦(Kufic)取得及保存，任何他人不得阅读修改或者列印，否则一切责任后果由颜彦(Kufic)全部承担! Database Systems: Instructor’s Guide - Part III

Solutions to Review Questions and Exercises

Chapter 20 Security 3

Chapter 21 Professional, Legal, and Ethical Issues in Data Management Chapter 22 Transaction Management 1 Chapter 23 Query Processing

此文件由本人颜彦(Kufic)取得及保存，任何他人不得阅读修改或者列印，否则一切责任后果由颜彦(Kufic)全部承担!

2Database Systems: Instructor’s Guide - Part III

Chapter 20 Security and Administration

Review Questions

20.1 Explain the purpose and scope of database security.

The purpose is clearly concerned with the protection of the data. However, the scope is wider than that

of the DBMS alone, and takes into account the database environment. Consequently, it also considers the hardware, software, and users.

See also Section 20.1.

20.2 List the main types of threat that could affect a database system and for each describe the controls

that you would use to counteract each of them.

For threats see Section 20.1.1 and for computer-based countermeasures see Section 20.2.

20.3 Explain the following in terms of providing security for a database: (a) authorization See Section 20.2.1 (b) access See Section 20.2.2

(c) views See Section 20.2.3 and Section 4.4 (d) backup and recovery See Section 20.2.4 (e) integrity See Section 20.2.5 and Section 4.3 (f) encryption See Section 20.2.6 (g) RAID technology See Section 20.2.7

20.4 Describe the security measures provided by Microsoft Office Access or Oracle DBMS.

For Access, this may involve setting a password (system security) or user-level security (data security),

as described in Section 20.3.

For Oracle, again can use username and password mechanism (system security). Oracle also supports

privileges (both at the system level and at the object level) and supports roles. These mechanisms are described in Section 20.4.

20.5 Describe the approaches for securing DBMSs on the Web.

The approaches for securing DBMSs on the Web are discussed in Section 20.5 and include proxy

servers, firewalls, message digest algorithms and digital signatures, digital certificates, Kerberos, SSL and SHHTP, SET and STT.

此文件由本人颜彦(Kufic)取得及保存，任何他人不得阅读修改或者列印，否则一切责任后果由颜彦(Kufic)全部承担!

3Database Systems: Instructor’s Guide - Part III

Exercises

20.6 Examine any DBMS used by your organization and identify the security measures provided. This is a small student project. The student may need access to a Database Administrator (DBA) or a

technician who has knowledge of the DBMS. The student may also wish to investigate non-computer-based controls as well.

20.7 Identify the types of security approach that are used by your organization to secure any DBMSs

that are accessible over the Web

This is a small student project. The student may need access to a Database Administrator (DBA) or a

technician who has knowledge of the DBMS. The student may also need access to one of the networking specialists within the organization who has knowledge of security systems such as the firewall or proxy server.

20.8 Consider the DreamHome case study described in Chapter 11. List the potential threats that could

occur and propose countermeasures to overcome them.

This should be tackled in a similar manner to Exercise 20.7 in determining the potential threats and any

countermeasures.

20.9 Consider the Wellmeadows Hospital case study described in Appendix B.3. List the potential

threats that could occur and propose countermeasures to overcome them.

This should be tackled in a similar manner to Exercise 19.7 in determining the potential threats and any

countermeasures.

20.10 Investigate whether data administration and database administration exist as distinct functional

areas within your organization. If identified, describe the organization, responsibilities, and tasks associated with each functional area.

In investigating this question students will find it helpful to review Table 20.5 which lists the main task differences betten data administration and database administration.

此文件由本人颜彦(Kufic)取得及保存，任何他人不得阅读修改或者列印，否则一切责任后果由颜彦(Kufic)全部承担! 4此文件由本人颜彦(Kufic)取得及保存，任何他人不得阅读修改或者列印，否则一切责任后果由颜彦(Kufic)全部承担！

Chapter 22 Transaction Management

Review Questions

22.1 Explain what is meant by a transaction. Why are transactions important units of operation in a

DBMS?

Transaction: An action, or series of actions, carried out by a single user or application program, which

reads or updates the contents of the database. A logical unit of work that transforms the database from one consistent state to another. Also the unit of concurrency and recovery control. See Section 22.1.

22.2 The consistency and reliability aspects of transactions are due to the \properties of

transactions. Discuss each of these properties and how they relate to the concurrency control and recovery mechanisms. Give examples to illustrate your answer.

Atomicity The ‘all or nothing’ property. It is the responsibility of the recovery subsystem of the DBMS to ensure atomicity.

Consistency A transaction must transform the database from one consistent state to another consistent state. It is the responsibility of both the DBMS and the application developers to ensure consistency.

Isolation Transactions execute independently of one another. In other words, the partial effects of incomplete transactions should not be visible to other transactions. It is the responsibility of the concurrency control subsystem to ensure isolation.

Durability The effects of a successfully completed (committed) transaction are permanently recorded in the database and must not be lost because of a subsequent failure. It is the responsibility of the recovery subsystem to ensure durability.

ACID properties discussed in Section 22.1.1.

22.3 Describe, with examples, the types of problem that can occur in a multi-user environment when

concurrent access to the database is allowed.

Lost update problem, the uncommitted dependency problem, and the inconsistent analysis problem (see

Examples 22.1 - 22.3).

22.4 Give full details of a mechanism for concurrency control that can be used to ensure the types of

problems discussed in Question 22.3 cannot occur. Show how the mechanism prevents the problems illustrated from occurring. Discuss how the concurrency control mechanism interacts with the transaction mechanism.

Should discuss 2PL, timestamping, or an optimistic technique. Solutions to above problems for 2PL

given in Examples 22.6 - 22.8.

Transaction is the unit of concurrency control.

此文件由本人颜彦(Kufic)取得及保存，任何他人不得阅读修改或者列印，否则一切责任后果由颜彦(Kufic)全部承担! Database Systems: Instructor’s Guide - Part III

百度搜索“77cn”或“免费范文网”即可找到本站免费阅读全部范文。收藏本站方便下次阅读，免费范文网，提供经典小说综合文库Database在线全文阅读。