2 cissp ® Official Study Guide Eighth Edition

902
Chapter 20 
■
Software Development Security
Databases that fail to implement concurrency correctly may suffer from the following 
issues:
■
Lost updates
occur when two different processes make updates to a database unaware 
of each other’s activity. For example, imagine an inventory database in a warehouse 
with different receiving stations. The warehouse might currently have 10 copies of the 
CISSP Study Guide
in stock. If two different receiving stations each receive a copy of 
the 
CISSP Study Guide
at the same time, they both might check the current inventory 
level, find that it is 10, increment it by 1, and update the table to read 11, when the 
actual value should be 12.
■
Dirty reads
occur when a process reads a record from a transaction that did not suc-
cessfully commit. Returning to our warehouse example, if a receiving station begins 
to write new inventory records to the database but then crashes in the middle of the 
update, it may leave partially incorrect information in the database if the transaction is 
not completely rolled back.
Concurrency uses a “lock” feature to allow one user to make changes but deny other 
users access to views or make changes to data elements at the same time. Then, after the 
changes have been made, an “unlock” feature restores the ability of other users to access 
the data they need. In some instances, administrators will use concurrency with auditing 
mechanisms to track document and/or field changes. When this recorded data is reviewed, 
concurrency becomes a detective control.

Download 19,3 Mb.

Do'stlaringiz bilan baham: