Sustentative commentary:
Commentary for question 1:
The provided answer for the first question is excellent. This is mainly because the two main ways of securing databases is encryption and authentication. The answer is excellent since it provides the different types of encryption methods that can be used to secure databases (McGowan, Bardin & McDonald, 2009). An additional question is how full-disk encryption, virtual disk and volume encryption, and file/folder encryption differ. In addition, the answer has presented various authentication methods. This is excellent since it answers the question effectively. In addition to the information provided, other methods that can be used to improve database security using user privileges and restrictions (Gertz & Jajodia, 2010).
Commentary for question 2:
The answer provided for this question is excellent. The answer provides an excellent example of how inappropriate privileges may lead to vulnerability of web-enabled databases. The answer provides an excellent example of how system administrators provide more privileges to meet the needs of customers. However, this vulnerability affects Web enabled databases since it makes the database less secure. It would be critical to know where to draw the line on what privileges that users should get. Additionally, the answer could have examined poor database structures as a vulnerability that affects Web enabled databases. This can be because of poorly designed security features that may leave loopholes for hackers to access the database illegally (Gertz & Jajodia, 2010).
Commentary for question 3:
This is an excellent answer to the question. It has given excellent examples of companies, which have Web-Based databases. These databases contain critical customer data that needs to be secured in order to ensure that customer data is not used illegally. The answer has also examined what hackers use to try to gain access to such databases (Goodrich & Tamassia, 2011). The answer has critically examined the use of SQL injections. These are commands that can be used to penetrate databases in order to display sensitive information. The answer also examines CWE, which is an organization that deals with information security, and it has rates SQL injections as high possibility attacks. Finally, the answer is excellent since it provides solutions to SQL injections.
References:
Goodrich, M., & Tamassia, R., (2011). Introduction to Computer Security. Chapter 9, Security Models and Practice, section 10.1 Database Security pp. 488-499. sections: 9.3, 9.4 and 9.5
McGowan, J., Bardin, J., & McDonald, J. (2009). Storage security. In Vacca, J. R. (Ed.), Computer and information security handbook. Boston, MA: Morgan Kaufmann Publishers.
Gertz, M., & Jajodia, S. (2010). Handbook of database security: Applications and trends. London: Praxis.
