Authentication refers to the task of verifying the identity of a
person/software

connecting to an application. The simplest form of authentication
consists of a

secret password that must be presented when a user connects to the
application.

Unfortunately, passwords are easily compromised, for example, by
guessing, or

by sniffing of packets on the network if the passwords are not
sent encrypted.

More robust schemes are needed for critical applications, such as
online bank

accounts. Encryption is the basis for more robust authentication
schemes.

Many applications use two-factor authentication, where two independent

factors (that is, pieces of information or processes) are used to identify
a user. The

two factors should not share a
common vulnerability; for example, if a system

merely
required two passwords, both could be vulnerable to leakage in the same

manner.
While biometrics such as fingerprints or iris scanners can be used in

situations
where a user is physically present at the point of authentication, they

are
not very meaningful across a network. Passwords are used as the first factor in
most such two-factor authentication schemes. Smart cards or other encryption
devices connected through the USB

interface,
which can be used for authentication based on encryption techniques are widely
used as second factors.

 

We may want to differentiate among the users as far as the

type of access they are permitted on various data values in the
database. These

differentiations are expressed in terms of authorization, the most common

being: read authorization, which allows reading, but not modification, of

data; insert authorization, which allows insertion of new data, but not
modification

of existing data; update authorization, which allows modification,

but not deletion, of data; and delete authorization, which allows deletion of

data. We may assign the user all, none, or a combination of these
types of

authorization. The DDL, just like any other programming language, gets as
input some

instructions (statements) and generates some output. The output of
the DDL is

placed in the data
dictionary,which contains metadata—that is, data about data.

The data dictionary is considered to be a special type of table
that can only be

accessed and updated by the database system itself (not a regular
user). The

database system consults the data dictionary before reading or modifying
actual

data.

 

Encryption
refers to the process of transforming data into a form that is unreadable,

unless
the reverse process of decryption is applied. Encryption algorithms

use
an encryption key to perform encryption, and require a decryption key (which

could
be the same as the encryption key depending on the encryption algorithm

used)
to perform decryption.

The
oldest uses of encryption were for transmitting messages, encrypted

using
a secret key known only to the sender and the intended receiver. Even if

themessage
is intercepted by an enemy, the enemy, not knowing the key, will not

be
able to decrypt and understand the message. Encryption is widely used today

for
protecting data in transit in a variety of applications such as data transfer
on

the
Internet, and on cellular phone networks. Encryption is also used to carry out

other
tasks, such as authentication