Nearly all website applications are database driven nowadays. An increase in the number of organizations and individuals relocating their data to cloud is recorded each day. As many web applications are created, more website database security threats arise every day. Despite the fact that web developers keep the pace of technology advancement and revolution in their development skills, many loopholes still exist because many web developers do not spend much effort in reinforcing security during development process mainly because they lack security incentives and insufficiency in security testing. Implementing a web database on cloud offers measurable benefits such as resource utilization and low cost among others. However, the benefits only come with robust implementation strategies.
In the world with the fast pacing technology, everything cannot be expected to go the normal way; things go wrong sometimes. Data breaches increase day by day; the Guardian (2017) reports an exclusive cyber-attack at Deloitte, an internationally known organization based in the United States. According to the Guardian (2017), the attack found the middle ground of a server that had the emails of over 350 clients inclusive of four government department in the UN as well as the biggest multinationals in the world (Guardian, 2017). Typically, hacker target information include names, social security numbers, credit card numbers, and debit card numbers, among others. Data breaches can occur due to many reasons including hackers breaking into a system database. This habit can, however, be mitigated during web database implementation in various ways.
While implementing a robust web database that is free from cyber-attacks like the ones mentioned above, a developer must be well conversant with various aspects of web database development (Phillips, 2011). A web database is a collection of related information hosted in a web server. It enables any authorized user to gain access into a system to log in and analyze data in the system database. Web database development is consist of front end as well as back end development (Batra, & Li, 2010). The two parts of web development are sub-divided into four layers of a web database application as described in the following section.
Application logic layer
This is the layer where most developers spend their time. The layer handles a collection of data including query or SQL statements, preparing the query and sending it to the database through a database connection layer, get feedback from the layer and format, and display it for users (Coronel, & Morris, 2016). The layer can also be referred to as business logic as it handles various functionalities and rules pertaining to business logic. The security responsibility of this layer, however, depends on the method of implantation for the web database. As such the developer should be cognizant of the following questions while implementing a web database: is the web application intended for public or only open to registered users? What are the network checks i.e. IP addresses and span filter? Does the site require a user of a specific role? This layer is good for auditing of requests.
Database connection layer
The layer provide a connection between a web server and a web database. The overwhelming task of the labor-intensive database connection is gone; there are multiple web database tools that facilitate database connectivity selection that has simplified the connectivity process (Quast et al., 2012). The tools mainly connect DBMS and the application logic layer.
Beyond the database connection layer, the data layer is the layer where security which needs the most database security measures. The database security refers to the wide-ranging use of data security panels to prevent web database from security breach. Technical, administrative, as well as physical control, are the areas to be secured in a web database (Guardian, 2017). Database consist of various security layers including security administrator, database administrator, security officer, employers, and developers.
To set up a robust web database, the following must be put into consideration:
- Pose various security threats to the aforementioned layers.
- Adopt three the three-tier client architecture to satisfy the need for advancement in web database application.
There are various categories of tier
The presentation tier: plays the role of information gathering and display it in a user-friendly and legible manner.
The logic tier: transfer information between a website and data tier
The data storage tier: play the role of implementing persistence data storage with the relational database or other types of database.
At a glance, a conclusion can be derived from the above study that with the ever-increasing web databases on the internet which has led to security concerns, it is impending to implement web databases and offer individuals a unified access to them with no security concerns. In conclusion, this thesis has presented a research on ways to implement a secure web database in the cloud instance that can help us to avoid cyber-attacks in the future.
Batra, V. S., & Li, W. S. (2010). U.S. Patent No. 7,685,131. Washington, DC: U.S. Patent and Trademark Office.
Coronel, C., & Morris, S. (2016). Database systems: design, implementation, & management. Cengage Learning.
Guardian, (2017). Deloitte hack hit server containing emails from across US government. Retrieved on 15th September 2018 from: < https://www.theguardian.com/business/2017/oct/10/deloitte-hack-hit-server-containing-emails-from-across-us-government>
Petry, S. M., Rajagopal, R., Lund, P. K., Cox, F. L., Moore, A. P., Dunston, L. L., & Zaugg, B. T. (2018). U.S. Patent Application No. 10/027,700.
Phillips, R. (2011). U.S. Patent Application No. 12/944,233.
Quast, C., Pruesse, E., Yilmaz, P., Gerken, J., Schweer, T., Yarza, P., & Glöckner, F. O. (2012). The SILVA ribosomal RNA gene database project: improved data processing and web-based tools. Nucleic acids research, 41(D1), D590-D596.