Open Database Connectivity

904
Chapter 20 
■
Software Development Security
F I g u r e 2 0 . 9
ODBC as the interface between applications and a backend database 
system
O
D
B
C
Application
ODBC
Manager
Database
Drivers
Database
Types
NoSQL
As database technology evolves, many organizations are turning away from the relational 
model for cases where they require increased speed or their data does not neatly fit into 
tabular form. NoSQL databases are a class of databases that use models other than the 
relational model to store data.
These are the three major classes of NoSQL database:
■
Key/value stores
are perhaps the simplest possible form of database. They store infor-
mation in key/value pairs, where the key is essentially an index used to uniquely iden-
tify a record, which consists of a data value. Key/value stores are useful for high-speed 
applications and very large datasets.
■
Graph databases
store data in graph format, using nodes to represent objects and edges 
to represent relationships. They are useful for representing any type of network, such 
as social networks, geographic locations, and other datasets that lend themselves to 
graph representations.
■
Document stores
are similar to key/value stores in that they store information using 
keys, but the type of information they store is typically more complex than that in a 
key/value store and is in the form of a document. Common document types used in 
document stores include Extensible Markup Language (XML) and JavaSsript Object 
Notation (JSON).
The security models used by NoSQL databases may differ significantly from relational 
databases. Security professionals in organizations that use this technology should familiar-
ize themselves with the security features of the solutions they use and consult with database 
teams in the design of appropriate security controls.
Storing Data and Information
Database management systems have helped harness the power of data and gain some modi-
cum of control over who can access it and the actions they can perform on it. However, 
security professionals must keep in mind that DBMS security covers access to information 

Storing Data and Information 
905
through only the traditional “front-door” channels. Data is also processed through a com-
puter’s storage resources—both memory and physical media. Precautions must be in place 
to ensure that these basic resources are protected against security vulnerabilities as well. 
After all, you would never incur a lot of time and expense to secure the front door of your 
home and then leave the back door wide open, would you?

Download 19,3 Mb.

Do'stlaringiz bilan baham: