Concurrency Control
Dec 20, 2015
Concurrency Control
R/R R/W
R/W W/W
User 2
Read Write
User 1Read
Write
R/W: Inconsistent Read problem.
W/W: Lost Update problem.
Example
• Husband/Wife joint account with $1000 balance.
• Transactions:– Husband: Withdraw 800– Wife: Withdraw 100
• Processing:– Read Balance, Calculate New Balance, Write New Balance
Husband:ReadBalance CalNewBalance WriteNewBalance
(In memory) (On disk)
1000 New=1000-800 200
Wife: ReadBalance CalNewBalance WriteNewBalance
1000 New=1000-100 900
Locking
• Locking is the most widely used approach to ensure serializability of concurrent transactions.
• Shared lock: read only access
• Exclusive lock: for both read and write access.
Lock Granularity
• The size of data items protected by a lock.– Entire database– Entire table– A page– A record– A Field
• The coarser the data item size, the lower the degree of concurrency permitted.
Dead Lock
• Two transactions wait for locks on items held by the other.
T1 T2
DataItem 1
DataItem 2
Lock Wait For
Wait ForLock
Transaction
• An unit of work on database that is either completed in its entirety or is not performed at all.
Transaction Commands
• Begin Transaction
• Update commands
• Commit
• RollBack
• End Transaction
DefiningTransaction in An Application
• Truck Rental System:– Vehicle Table: VID, VType, VStatus
» V1 PickUp Available
» V2 TowTruck Booked
– VReservation: RID, VID, Date» R1 V2
1/2/04
Transaction Example(Pseudo Code)
Sub Rent(RID, VID, RDate)Begin TransactionInsert (RID, VID, RDate) into VReservation tableIf No Error Then
Update Vehicle StatusIf No Error Then
Commit TransactionElse
Roll BackEnd if
ElseRoll Back
End ifEnd Sub
Transaction ACID Properties
• Atomic– Transaction cannot be subdivided– All or nothing
• Consistent– Constraints don’t change from before transaction to after
transaction– A transaction transforms a database from one consistent state to
another consistent state.• Isolated
– Transactions execute independently of one another.– Database changes not revealed to users until after transaction
has completed• Durable
– Database changes are permanent and must not be lost.
Log File (Journal)
• A file that contains all information about all updates to the database. It may contain the following data:– Transaction records:
• Transaction ID• Type of action:
– Begin, Insert,Delete, Modify, Commit, Rollback, End
• Before-image• After-image
– Checkpoint records• The point of synchronization between the database and the
transaction log file.
To Recover• In the event of a failure, examine the log
starting from the most recent checkpoint record.
• Any transaction with Transaction Start and Transaction Commit records should be redone:– Perform all the writes to the database using
the after-image log records in the order in which they were written to the log.
Database Security
Threats to Data Security• Accidental losses attributable to:
– People• Users: using another person’s means of access, viewing
unauthorized data, introduction of viruses• Programmers/Operators• Database administrator: Inadequate security policy
– Software failure• DBMS: security mechanism, privilege• Application software: program alteration
– Hardware failure
• Theft and fraud• Improper data access:
– Loss of privacy (personal data)– Loss of confidentiality (corporate data)
• Loss of data integrity• Loss of availability (through, e.g. sabotage)
Countermeasures to Threats
• Authorization– Authentication
• Access controls: privileges• Database views• BackUp and Recovery• Enforcing integrity rules• Encryption
– Symmetric encryption: use same key for encryption and decryption
– Asymmetric encryption:• Public key: for encryption• Private key: decryption
• RAID
Authorization Rules• Controls incorporated in the data management
systemRestrict:
– access to data– actions that people can take on data
Authorization matrix for:– Subjects– Objects– Actions– Constraints
Figure 12-5 Authorization matrix
SQL Injection
• "SQL Injection" is an unverified/unsanitized user input vulnerability, and the idea is to convince the application to run SQL code that was not intended.
• Exploits applications that use external input for database commands.
SQL Injection Demo
• On a web page that takes customer ID entered in a textbox as input, then displays the customer’s data.
• 1. Retrieve all records:In the textbox, enter:‘ OR 1=1 OR CID = ‘
2. Guess table name or field name:‘ AND 1=(SELECT COUNT(*) FROM Orders) AND CID=‘
3. Finding some users:' or cname like 'S%' or cid=‘
SQLInjectionDemo
Demo
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click Dim strConn As String = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source = c:\salesDB.mdb" Dim objConn As New OleDbConnection(strConn) Dim strSQL As String = "select * from customer where cid = '" & TextBox1.Text & "'" Dim objComm As New OleDbCommand(strSQL, objConn) Try objConn.Open() Dim objDataReader As OleDbDataReader objDataReader = objComm.ExecuteReader() GridView1.DataSource = objDataReader GridView1.DataBind() Catch except As SystemException Response.Write(except.Message) End Try End Sub
Introduction to XML
ISYS 464
XML<?xml version="1.0" ?>
<Books>
<Book>
<ISBN>1-34567-04-01</ISBN>
<Authors>
<AuthorName>John Smith</AuthorName>
<AuthorName>Peter Chen</AuthorName>
<AuthorName>David Chao</AuthorName>
</Authors>
<Price> $45.00</Price>
<Description>This is a grerat book</Description>
</Book>
<Book>
<ISBN>1-34567-04-02</ISBN>
<Authors>
<AuthorName>Adam Smith</AuthorName>
</Authors>
<Price> $25.00</Price>
<Description>This is a second great book</Description>
</Book>
</Books>
XML SchemaDefinition of an XML Document
• Namespaces: Allow element names to be qualified to avoid name collisions.
• Complex and simple types:– Elements that contains other elements are complex type.
• Cardinality: – minOccurs: 0 for optional element.– maxOccurs: specified number or unbounded
• Compositor:– Sequence: defines an ordered sequence of subelements.– Choice: defines a choice between several possible elements.
• Constraints:– Uniqueness contraint
Relational to XML
• Example:– Access
• File/Export• File/Get External data/Import