Relational Database Management System (RDBMS) is a database management system whose functionality bases on the relational model. Therefore, A RDBMS can be viewed as a program that can perform operations such as creation, deletion, insertion and administering of a relational database. A relational model Database system deploys the use declarative method during data specification and the carrying out of data queries in the database. This implies that the end user states directly the information that is contained in the database and the exact data content that we want to extract from the database, the database management system is then responsible for handling of the operations that entail interaction with the database on behalf of the user (Ciampa, 2008, P 48). Many of the RDBMS that are commercial deploy the use of Structured Query Language (SQL) to perform operations in the database. MS SQL server is considered an example of an RDBMS because it uses the Structured Query Language and the SQL data definition procedures to administer a relational DBMS. The Microsoft SQL Server does not represent a deviation from the relational model. Therefore it is considered a relational DBMS (Ciampa, 2008, P 52).
Database normalization is applied in relational databases. It entails the organisation of data structure with the aim of minimizing data redundancy. The primary objectives behind the normalization of a database are to eliminate any redundant data, for instance, same data that has been stored in more than one table, and making sure that the various relations or data dependencies are logical, which is achieved through ensuring that data stored in the same table are related. Both the two strategies are imperative in databases since they serve to lessen the space that a data consumes in a database system. Database normalization also ensures that data elements are logically organized within a Database system. There are various approaches that could be applied during data normalization (Stallings, 2010, P 64), these strategies are usually referred to as the normal forms with the lowest level of database normalization called the First Normal Form (1NF), ranging all the way to Fifth Normal Form (5NF).
Authentication of a user by a web application
User authentication serves as one of the security strategies that web based applications deploy. For web applications to be more secure passwords should not be sent like plain texts, rather they should be encrypted. Effective authentication should use multifactor authentication, implying that the web application should use at least two combination sets of variables to authenticate a user. An example is the combination of both username and a matching password. The steps of authentication by a web application are outlined below (Ciampa, 2008, P 73).
An application user first sends a request to have access to the resource that has been protected or requires some access rights. The web application usually offers an interface that prompts the user to input a combination of two or more access requirements, say a login name and a matching password. Once the user has input the required credentials, the web application submits the credentials to a database server and validates the various credentials. Depending on the outcome, the maximum attempts that are allowable in the system before the user is denied access and authentication, access is either granted or denied. In some cases, third-party authentication is required in scenarios where the user utterly fails to input the matching credentials.
How a rainbow table can be used to discover passwords
A rainbow table can be defined as a table that uses pre-computation algorithms to undo cryptographic hash functions that have been used to store passwords in a server. Rainbow tables are used for cracking passwords that are in plain text. They are usually limited to a certain length and a limited character set (Ciampa, 2008, P 76).
A rainbow table that is used for cracking passwords has storage for the hash chains that make up the passwords. The rainbow table then computes a password chain, beginning from the original password, using a compression function, denoted by R and a Hash function denoted by H. A recurrence relation is usually denoted by Xi+1 = R (H (Xi)), X=0; with this, password P can be calculated having a hash chain with a length n, which are then stored in the rainbow table.
The execution of a rainbow table usually begins with the identification of the password policy of a give system or application after which appropriate attributes such password lengths and character sets are calculated.
A web application developer may reduce the success of an attack associated with rainbow table using unlimited and varied character sets and password lengths in the password policy of the application. Another approach to curb such attacks is the use at least two authentication factors in the application (Stallings, 2010, P 81). Passwords should be encrypted rather that than being sent in plain text.
Requirements of the PCI-DSS in relation to databases
PCI DSS is responsible for the issuance of security standards that are aimed at enhancing security when using payment cards. Payment cards are a typical example of online transaction processing systems that require access to a database and the various authentication measures. This implies that strict policies regarding authentication and the handling of users' information have to be diploid. The key objective is to ensure that the information of the user or the cardholder is handled with ultimate confidentiality. For vendors and manufacturers of the devices that are used for payment card reading, there is a standardized set of requirements that are outlined before any transaction involving the use of PIN such as POS, payment terminals that are automated.