Concurrency Control. R/RR/W W/W User 2 ReadWrite User 1 Read Write R/W: Inconsistent Read problem. W/W: Lost Update problem.

Concurrency Control

R/R R/W

R/W W/W

User 2

Read Write

User 1Read

Write

R/W: Inconsistent Read problem.

W/W: Lost Update problem.

Example

• Husband/Wife joint account with $1000 balance.

• Transactions:– Husband: Withdraw 800– Wife: Withdraw 100

• Processing:– Read Balance, Calculate New Balance, Write New Balance

Husband:ReadBalance CalNewBalance WriteNewBalance

(In memory) (On disk)

1000 New=1000-800 200

Wife: ReadBalance CalNewBalance WriteNewBalance

1000 New=1000-100 900

Locking

• Locking is the most widely used approach to ensure serializability of concurrent transactions.

• Shared lock: read only access

• Exclusive lock: for both read and write access.

Lock Granularity

• The size of data items protected by a lock.– Entire database– Entire table– A page– A record– A Field

• The coarser the data item size, the lower the degree of concurrency permitted.

Dead Lock

• Two transactions wait for locks on items held by the other.

T1 T2

DataItem 1

DataItem 2

Lock Wait For

Wait ForLock

Transaction

• An unit of work on database that is either completed in its entirety or is not performed at all.

Transaction Commands

• Begin Transaction

• Update commands

• Commit

• RollBack

• End Transaction

DefiningTransaction in An Application

• Truck Rental System:– Vehicle Table: VID, VType, VStatus

» V1 PickUp Available

» V2 TowTruck Booked

– VReservation: RID, VID, Date» R1 V2

1/2/04

Transaction Example(Pseudo Code)

Sub Rent(RID, VID, RDate)Begin TransactionInsert (RID, VID, RDate) into VReservation tableIf No Error Then

Update Vehicle StatusIf No Error Then

Commit TransactionElse

Roll BackEnd if

ElseRoll Back

End ifEnd Sub

Transaction ACID Properties

• Atomic– Transaction cannot be subdivided– All or nothing

• Consistent– Constraints don’t change from before transaction to after

transaction– A transaction transforms a database from one consistent state to

another consistent state.• Isolated

– Transactions execute independently of one another.– Database changes not revealed to users until after transaction

has completed• Durable

– Database changes are permanent and must not be lost.

Log File (Journal)

• A file that contains all information about all updates to the database. It may contain the following data:– Transaction records:

• Transaction ID• Type of action:

– Begin, Insert,Delete, Modify, Commit, Rollback, End

• Before-image• After-image

– Checkpoint records• The point of synchronization between the database and the

transaction log file.

To Recover• In the event of a failure, examine the log

starting from the most recent checkpoint record.

• Any transaction with Transaction Start and Transaction Commit records should be redone:– Perform all the writes to the database using

the after-image log records in the order in which they were written to the log.

Database Security

Threats to Data Security• Accidental losses attributable to:

– People• Users: using another person’s means of access, viewing

unauthorized data, introduction of viruses• Programmers/Operators• Database administrator: Inadequate security policy

– Software failure• DBMS: security mechanism, privilege• Application software: program alteration

– Hardware failure

• Theft and fraud• Improper data access:

– Loss of privacy (personal data)– Loss of confidentiality (corporate data)

• Loss of data integrity• Loss of availability (through, e.g. sabotage)

Countermeasures to Threats

• Authorization– Authentication

• Access controls: privileges• Database views• BackUp and Recovery• Enforcing integrity rules• Encryption

– Symmetric encryption: use same key for encryption and decryption

– Asymmetric encryption:• Public key: for encryption• Private key: decryption

• RAID

Authorization Rules• Controls incorporated in the data management

systemRestrict:

– access to data– actions that people can take on data

Authorization matrix for:– Subjects– Objects– Actions– Constraints

Figure 12-5 Authorization matrix

SQL Injection

• "SQL Injection" is an unverified/unsanitized user input vulnerability, and the idea is to convince the application to run SQL code that was not intended.

• Exploits applications that use external input for database commands.

SQL Injection Demo

• On a web page that takes customer ID entered in a textbox as input, then displays the customer’s data.

• 1. Retrieve all records:In the textbox, enter:‘ OR 1=1 OR CID = ‘

2. Guess table name or field name:‘ AND 1=(SELECT COUNT(*) FROM Orders) AND CID=‘

3. Finding some users:' or cname like 'S%' or cid=‘

SQLInjectionDemo

Demo

Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click Dim strConn As String = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source = c:\salesDB.mdb" Dim objConn As New OleDbConnection(strConn) Dim strSQL As String = "select * from customer where cid = '" & TextBox1.Text & "'" Dim objComm As New OleDbCommand(strSQL, objConn) Try objConn.Open() Dim objDataReader As OleDbDataReader objDataReader = objComm.ExecuteReader() GridView1.DataSource = objDataReader GridView1.DataBind() Catch except As SystemException Response.Write(except.Message) End Try End Sub

Introduction to XML

ISYS 464

XML<?xml version="1.0" ?>

<Books>

<Book>

<ISBN>1-34567-04-01</ISBN>

<Authors>

<AuthorName>John Smith</AuthorName>

<AuthorName>Peter Chen</AuthorName>

<AuthorName>David Chao</AuthorName>

</Authors>

<Price> $45.00</Price>

<Description>This is a grerat book</Description>

</Book>

<Book>

<ISBN>1-34567-04-02</ISBN>

<Authors>

<AuthorName>Adam Smith</AuthorName>

</Authors>

<Price> $25.00</Price>

<Description>This is a second great book</Description>

</Book>

</Books>

XML SchemaDefinition of an XML Document

• Namespaces: Allow element names to be qualified to avoid name collisions.

• Complex and simple types:– Elements that contains other elements are complex type.

• Cardinality: – minOccurs: 0 for optional element.– maxOccurs: specified number or unbounded

• Compositor:– Sequence: defines an ordered sequence of subelements.– Choice: defines a choice between several possible elements.

• Constraints:– Uniqueness contraint

Relational to XML

• Example:– Access

• File/Export• File/Get External data/Import