My research dissertation

My research interest in Network Security including Web Security Application and SQL Database Security, Encryption Technology and Cryptography

Web and SQL Database Security

Research and Writing

Annotated Bibliography

By Tai Cleveland

Ph. D student of Computer Information Systems 2007 Colorado Technical University




Kelly, Van E.; Thomas, Catharine P.; Wang, Huiyu. 2000, Managing Data-Based Systems

With numerous systems applying dynamic construction of Web pages from a database, commercial information security is still more critical. Formerly, firm database authority or dedicated client software was obligatory to view the data. Nowadays anyone with access to a Web browser can inspect data in a database that is not appropriately guarded. In no way before has information security had so scores of weak points (Kelly et al, 2000). As the information technology industry shifts from the mainframe era to the client/server era to the Internet era, a largely growing number of points of infiltration have found ways in.


Zwicky, E., Chapman, B., and Cooper, S. 2000, Building Internet Firewalls, O'Reilly & Associates.

For a great deal of Internet security, database experts have had to depend on network administrators executing safety measures like firewalls to safeguard local data. As of the character of Intranet/ Internet information authority, still, a lot of security purposes fall into a dull area of accountability. (Zwicky et al, 2000)


Vaas, Lisa; McCright, John S. 2002, Database battle heats up. eWeek, Vol. 19 Issue 45, p9
Latest security measures and technology are initiated every day, and this article clarifies the Web and SQL Database security systems concerned with resolving the present troubles (Vaas et al, 2002).


Songini, Marc L. 2003, SQL Server Users Focus On Database's Security. Computerworld, Vol. 37 Issue 46, p6

Use of Microsoft's SQL Server database has grown dramatically over the past few years. Improvements in the application have made it a viable option for many organizations, providing much of the same functionality as Oracle on mid-range applications and costing quite a bit less. Microsoft has also developed MSDE, a desktop edition of SQL server that is free to use. Many products use this as their database. MSDE is just a stripped-down version of SQL Server; it limits the number of allowed connections and the size of the database (2GB).Microsoft's SQL Server uses the SA account for administration, which has super user access to the server and no password by default. If you do not delete this account or give it a strong password, your data is available to anyone with a little SQL Server knowledge. SQL Server also supports its own authentication scheme or Windows login account. Many applications require the server to run in mixed mode-that is, allowing either authentication scheme to be used. For security purposes, you should ideally use only Windows authentication, enabling you to centrally manage all of your accounts. SQL Server contains a number of stored procedures. These are macros and programs that are installed by default. Some stored procedures allow users to execute code on the system. If your database is compromised, an attacker could use these stored procedures to gain full control of the system and as a launching point against other systems on your network. Be sure to remove or disable any stored procedures you do not require. (Songini, 2003)



Nichols, R. and Lekkas, P., 2001, Wireless Security: Models, Threats, and Solutions, McGraw-Hill Professional.

Securing data for transmission over the Internet or Intranet is no simple job. The unsurpassed way to assess your security requirements is to consider the drawbacks of unofficial users viewing the data. The more confidentiality your data needs, the more security should be in place. Security is time and again far simpler to put into practice than to keep up. Make certain that the required procedures in your association keep your system up to date. Security is often ignored or avoided by everyday users for ease. By the time damaging of data or security breaks have been revealed, much spoil may have already been done. SQL Database and Web server merchants are regularly improving their systems, so keeping on up to date on the specific architectures is a necessity (Nichols and Lekkas, 2001).

Across Releases Using Historical Data Dictionaries. Bell Labs Technical Journal, Vol. 5 Issue 2, p121-133


MS SQL Server. Database Security in SQL Server 6.5. Apress Publishing, 2004. Available online at: http://www.aspfree.com/c/a/MS-SQL-Server/Database-Security-in-SQL-Server-6-5/


SQL Server: A database application is a program that enables clients to access to data. There are various types of this application, ranging from the expensive enterprise-level Microsoft SQL Server to the free and open source mySQL. Most database server applications have several things in common. First, database applications use the same general programming language known as SQL, or “Structured Query Language”. This language, also known as a fourth-level language due to its simplistic syntax, is at the core component on how a client communicates its requests to a server. Using SQL in its simplest form, a programmer can select, add, update, and delete information in a database. SQL can be used also to create and design entire databases, perform various functions on the returned information, and execute other programs.
The second function of database server applications is that they require some form of authenticated connection between client and host. Though SQL language in its basic form is quite easy to use, any client that wants to perform queries must first provide some form of credentials that will authorize the client. The client also has to define the format of the request and response. The client must define what type of database server it is connecting to, before any connection can be made. This is handled by a software component that provides the client with the instructions needed to create the request in the correct format. In addition to the type of database, the request type can be used to further define how the client's request will be handled by the server. Next are the database name and the authentication information. All the connection information is important, but by far the weakest link is the authentication information or lack of it. In a correctly managed server, each database has its own users with specially designated permissions that control what type of activity they can perform.