In a client-server environment, an individual user may log-on to a client machine, but will need to establish a connection to a database located on a server machine across a network. In the typical scenario, to establish access, the user must pass the security mechanisms provided by either the operating system of the server machine, database system, or both. In the database systems, there are generally two methods of determining whether a user is permitted to establish access to a database.
In the first method, the database system omits implementing its own security mechanisms, thus relying solely upon the security mechanisms inherent in the operating system of the server machine. For example, if the server machine is a UNIX-based computer, then the standard UNIX user ID/security files can be employed to add a particular user to that machine's recognition list (e.g., by adding the user to the server's "/etc/passwd" file). In this type of configuration, if a user wishes to connect to a database on a remote server, the standard operating system's security checks are performed upon the user's request for access. If the user satisfies the operating system's security checks, then access is not only permitted to the server machine, but to the database itself.
A drawback to this method is that rights granted by the operating system may exceed those needed to merely access the database. This situation creates unnecessary security risks if the remote user has only need to access the database, and has no reason or purpose in accessing anything else on the server.
If the database system operates under a different operating system on different machines, then the users access rights may have to be maintained on multiple machines even when the operating systems on the different machines are the same. When the operating systems on different machines differ, the users are forced to learn multiple security mechanisms.
Regardless of whether the operating systems operating on different machines differ, a user may be required to change their password at different times. This situation creates two problems. First, users wishing to maintain identical passwords across all systems are forced to change their passwords everywhere necessary when just a single machine requires a password change. Users not maintaining identical passwords are forced to track multiple passwords, often manually.
To address the drawbacks of the first method, the second method provides for the database to maintain its own repository of valid users. When a remote user requests access to a database on a server, the remote user is checked against the repository of valid users. Remote users found in the repository are permitted access to the database on the server. In these database systems, a critical step in the security mechanism is to receive the user ID and the password and then verify that this combination is found in a repository of valid combinations of user IDs and passwords.
A problem with the second method is that the security mechanisms provided by database systems are typically not as secure as those provided by operating systems. Typically database systems merely check for valid combinations of user IDs and passwords. User IDs are most often based on names of users, names of projects, or some other easily guessed item related to the user. If a password is also selected in the same predictable manner, an infiltrator can not only easily guess the valid password, but the whole combination. Consequently, database systems may be vulnerable to commonly known techniques of infiltrating computer systems.
Even more carefilly generated passwords that are not susceptible to guessing are vulnerable. An infiltrator in possession of a stolen or inappropriately disseminated password who knows the associated user can easily guess at valid combinations of user IDs and passwords. An infiltrator can also employ a computer automated methods of attempting numerous passwords based on common words or randomly generated strings of characters. Passwords consisting of a small number of characters are especially vulnerable. The smaller the number of characters the smaller number of permutations that have to be tried before uncovering the password.
Based on the foregoing, it is clearly desirable that a database system provide its own security features and forego reliance on the security mechanisms of the operating systems. It is further desirable that the database system employ security techniques that make the database system less vulnerable to infiltration than current database systems.