T 2.39 Complexity of a DBMS

When planning the implementation of a database management system (DBMS), the requirements placed on the selection, configuration, operation, and possible future extension of the planned system must be specified.

The selection and use of a standard database software package requires careful planning, installation, and configuration of the database management system (DBMS) to guarantee trouble-free use. The wide range of potential threats posed will be illustrated in the following examples.

Selection of an unsuitable standard database software package

• A DBMS is selected that does not run in the intended operating environment. This could be due to the fact that the DBMS only runs on a certain operating system or that the hardware used does not meet the minimum requirements of the DBMS.
• The selected DBMS poses a security risk because it is impossible to guarantee the required level of availability, integrity, and confidentiality of the data using the security mechanisms provided by the database manufacturer.

Faulty installation or configuration of the standard database software package

The recommended security safeguards are implemented incorrectly or incompletely, or are not implemented at all.

Examples:

The control files of a database system are not mirrored or the mirrored control files are not stored on a different hard disk. A hard disk crash in this case will most likely result in the destruction of the database.

• During installation, the system administrator ID created automatically is assigned a trivial password that is not changed after installation.
• The physical distribution of the data is inadequate (if the DBMS provides physical distribution capabilities). If application-specific data is not stored on physically separate hard disks, then the failure of a single hard disk could result in the complete failure of all applications.
• Access to certain data may be impossible due to incorrect parameter settings.
• Due to an incorrect country setting in the database software, it may be impossible to display certain special characters.

Faulty database concept

In the database concept, the relationships between the tables are shown in addition to the individual tables and their columns and keys.

An element in a table may be related to one or more elements in another table, or to none of the elements in any of the other tables. These relationships lead to restrictions that need to be maintained when executing delete, update, or insert operations to maintain the integrity of the database.

Example:

• Every resident must have a place of residence. A resident can have more than one place of residence, though. When a resident dies, it no longer needs a place of residence. Several residents may also share a place of residence. A place of residence can also be empty.

In the database, such a relation is shown in an additional table that contains keys for each element in the relation (for the resident/place of residence relation in the example) that refer to the corresponding records in the individual tables. If a record is deleted from the table of residents or the table of places of residence, then there must not be any more references to this record in the table used to associate the residents to the places of residence. Such conditions can be defined in the database itself, using conditions in program statements, or using automatic procedures.

The interaction of such constructions can lead to cascading database operations, but such operations are limited in various DBMSs using various restrictions.

Missing relations between individual tables can lead to a loss of the referential database integrity when this functionality is not implemented in the application.

Examples:

• A place of residence is deleted without checking if other residents are still assigned to this place of residence.
• The incorrect use of database triggers can lead to inconsistencies in the data if the application does not take these triggers into account.
• A resident dies and is therefore deleted from the database. -After the delete operation has been completed, a delete trigger deletes all places of residence records of the deceased resident from the additional table used to relate places of residence to residents.
• A poor concept of how to use database triggers properly can lead to a loss of integrity of the data or to uncontrolled changes to the data.