Course & Code: Library & Database Technology

LEVEL : LIS
Semester: Autumn 2023
Assignment No. 02
SYED IHTISHAM UL HASSAN SHAH
20PLR04625
Name.
Course.Bs library and information science
User id.
Semester.Autumn 2023
Code book.9213.
Assignment No. 2
Question no.1.
Discuss in the various steps involved in programing the
application/database.
Answer.A properly designed database provides you with access to up-
to-date, accurate information. Because a correct design is essential to
achieving your goals in working with a database, investing the time
required to learn the principles of good design makes sense. In the end,
you are much more likely to end up with a database that meets your
needs and can easily accommodate change.
This article provides guidelines for planning a desktop database. You will
learn how to decide what information you need, how to divide that
information into the appropriate tables and columns, and how those
tables relate to each other. You should read this article before you
create your first desktop database.
Programming an application with a database involves several key
steps:
Design:
 Create a system architecture outlining components and their
interactions.
  Design the database schema, specifying tables, relationships, and
constraints.
 Plan the user interface and overall application flow.
Choose Technology Stack:
 Select the programming language (e.g., Python, Java, C#).
 Choose a database management system (e.g., MySQL, PostgreSQL,
MongoDB).
 Consider frameworks and libraries for development.
Testing:
 Conduct unit testing to validate individual components.
 Perform integration testing to ensure different modules work
together.
 Test database operations, including CRUD (Create, Read, Update,
Delete) functionality.
Debugging:
 Identify and fix errors in the code.
 Use debugging tools to trace and resolve issues.
 Conduct thorough testing after each debugging iteration.
Determine the purpose of your database
This helps prepare you for the remaining steps.
Find and organize the information required
Gather all of the types of information you might want to record in the
database, such as product name and order number.
Divide the information into tables
Divide your information items into major entities or subjects, such as
Products or Orders. Each subject then becomes a table.
Turn information items into columns
Decide what information you want to store in each table. Each item
becomes a field, and is displayed as a column in the table. For example,
an Employees table might include fields such as Last Name and Hire
Date.
Specify primary keys
Choose each table’s primary key. The primary key is a column that is
used to uniquely identify each row. An example might be Product ID or
Order ID.
Set up the table relationships
Look at each table and decide how the data in one table is related to
the data in other tables. Add fields to tables or create new tables to
clarify the relationships, as necessary.
Refine your design
Analyze your design for errors. Create the tables and add a few records
of sample data. See if you can get the results you want from your
tables. Make adjustments to the design, as needed.
Apply the normalization rules
Apply the data normalization rules to see if your tables are structured
correctly. Make adjustments to the tables, as needed.
Optimization:
 Optimize database queries for better performance.
 Fine-tune code for efficiency.
 Address any bottlenecks or resource-intensive processes.
Documentation:
 Create comprehensive documentation for code, APIs, and
database structure.
 Include setup instructions, usage guidelines, and troubleshooting
information.
Deployment:
 Prepare the application for deployment to a production
environment.
 Set up the database on a production server.
Ensure proper configuration and scalability.
User Training and Support:
 Provide training materials for end-users.
 Establish a support system for addressing user issues.
 Gather feedback for future improvements.
These steps ensure a systematic and effective approach to programming
an application with a database, covering everything from initial
planning to ongoing maintenance.
Question no.2.
Explain in full details the internal and external security related
techniques of database/application.
Answer.
Security is a critical aspect of both database and application
development.
Here are details on internal and external security techniques:
Internal Security Techniques:
Authorization:
 Employ role-based access control (RBAC) to restrict access based
on user roles.
 Limit privileges to the minimum necessary for each user or role.
 Regularly audit and update access permissions.
Audit Trails:
 Maintain detailed audit logs for all database activities.
 Log login attempts, data modifications, and access changes.
 Regularly review and analyze audit trails for suspicious activities.

External Security Techniques:

Firewalls:
 Implement firewalls to control incoming and outgoing traffic.
 Define rules to allow only necessary connections to the
database/application.
 Regularly update and monitor firewall configurations.
Intrusion Detection and Prevention Systems (IDPS):
 Deploy IDPS to monitor and respond to potential security threats.
 Set up alerts for suspicious activities and unauthorized access
attempts.
 Regularly update intrusion detection signatures.
Data Backups:
 Regularly backup database and application data.
 Store backups in secure locations with access controls.
Test and validate data restoration procedures.
Patch Management:
 Keep the application and database software up-to-date with the
latest patches.
 Regularly review and apply security updates.
 Monitor vendor advisories for security vulnerabilities.
Security Training and Awareness:
 Educate users and administrators about security best practices.
 Conduct regular security awareness training sessions.
 Foster a security-conscious culture within the organization.
Database security refers to the various measures organizations like
yours take to ensure their databases are protected from internal and
external threats. Database security includes protecting the database
itself, the data it contains, its database management system, and the
various applications that access it. Organizations must secure databases
from deliberate attacks such as cybersecurity threats and misuse of data
and databases by those who can access them.
In the last several years, the number of data breaches has risen
considerably. In addition to the considerable damage these threats pose
to a company’s reputation and customer base, there are an increasing
number of regulations and penalties for data breaches that
organizations must deal with, such as those in the General Data
Protection Regulation (GDPR)—some of which are extremely costly.
Effective database security is key for remaining compliant, protecting
your reputation, and keeping your customers.
What are the challenges of database security?
Security concerns for internet-based attacks are some of the most
persistent challenges to database security. Hackers devise new ways to
infiltrate databases and steal data almost daily. You must ensure your
database security measures are strong enough to withstand these
attacks and avoid a security breach.
Some cybersecurity threats can be difficult to detect, like phishing
scams in which user credentials are compromised and used without
permission. Malware and ransomware are also common cybersecurity
threats.Another critical challenge for database security is making sure
that your employees, partners, and contractors with database access
don’t abuse their credentials.This is sometimes referred to as an insider
threat. These exfiltration vulnerabilities are difficult to guard against
because authorized users with legitimate access can take sensitive data
for their own purposes. Edward Snowden’s compromise of the NSA is a
good example of this challenge.
Organizations like yours must also make sure that users with legitimate
access to database systems and applications are only privy to the
protected data that they need for work. Otherwise, there’s greater
potential for them to compromise data security.
How you can deploy database security
There are three layers of database security: the database level, the
access level, and the perimeter level. Security at the database level
occurs within the database itself, where the data live. Access layer
security focuses on controlling who can access certain data or systems
containing it. Security policy at the perimeter level determines who can
and cannot get into databases. Each level requires unique security
solutions.
By combining these internal and external security techniques,
organizations can significantly enhance the overall security posture of
their databases and applications, safeguarding against both internal and
external threats. Regular audits, updates, and user training are essential
components of a robust security strategy.
Database security refers to the range of tools, controls, and measures
designed to establish and preserve database confidentiality, integrity,
and availability. This article will focus primarily on confidentiality since
it’s the element that’s compromised in most data breaches.
Database security must address and protect the following:
 The data in the database
 The database management system (DBMS)
 Any associated applications
 The physical database server and/or the virtual database server
and the underlying hardware
 The computing and/or network infrastructure used to access the
database
Database security is a complex and challenging endeavor that involves
all aspects of information security technologies and practices. It’s also
naturally at odds with database usability. The more accessible and
usable the database, the more vulnerable it is to security threats; the
more invulnerable the database is to threats, the more difficult it is to
access and use. (This paradox is sometimes referred to as Anderson’s
Rule. (link resides outside IBM).
Question no.3.
Discuss main functions for database maintenance with relevant
examples.
Answer
Database maintenance involves various tasks aimed at ensuring the
smooth operation, optimal performance, and reliability of a database.
Here are the main functions for database maintenance, along with
relevant examples:
Database Maintenance is a term we use to describe a set of tasks that
are all run with the Intention to improve your database. There are
routines meant to help performance, free up disk space, check for data
errors, check for hardware faults, update internal statistics, and many
other obscure (but important) things.
WorkSpace has always had a companion program called ‘Database
Maintenance’ (or ‘System Utilities’ back before 2009) that is installed
with it. Unfortunately, it is a widely unknown portion of the program. I
am sure people see it in the Start Menu, but most people never click on
it, which is unfortunate. The ‘Database Maintenance’ program should
be run at least every 14 days in order to keep your server at its peak
‘Health’.
This article is meant to give you a little bit of a crash course on what
exactly our ‘Database Maintenance’ does to your database.
Our Database Maintenance program has four main ‘Categories’ of
routines:
 Index Defragmentation
 Log File Maintenance
 File/Data Compaction
 Integrity Check
Each of these categories can be run independently of each other using
the new ‘Database & Server Health’ feature located in the ‘Help’ menu
(version 2014.250 and newer).Log files automatically grow as you add
more and more data to your database. Each time the file grows, it
creates a ‘Virtual Log File’ (VLF) inside that it uses to store data. Using
these VLFs the SQL Server is able to find a single operation in the log file
much, much faster than if it had to scan the entire log file. The
downside to this is that if there are too many VLFs, the time it takes to
insert data into the log file can actually increase, which harms
performance. Part of our maintenance routine is to scan these VLFs and
see if they are hurting performance. If the maintenance routine
determines that they are, then we adjust several factors of the log file,
including how large each ‘increment’ is when the log file grows. We can
then compact these VLFs together to regain our lost performance (and
without losing any log data).
Data into the log file can actually increase, which harms performance.
Part of our maintenance routine is to scan these VLFs and see if they are
hurting performance. If the maintenance routine determines that they
are, then we adjust several factors of the log file, including how large
each ‘increment’ is when the log file grows. We can then compact these
VLFs together to regain our lost performance (and without losing any
log data).
1. Index Defragmentation:
SQL databases contain objects called ‘indexes’ that work a lot like the
Dewey Decimal system of a library. Each table inside of your Office Tools
Professional database contains at least one indexed column that we use
when we need to search for a specific value (such as an Employee or a
Work Code). Indexes store a sorted and partitioned copy of that data in
an ultra-fast section of memory, so when ask SQL server for some
specific data (such as ‘All time cards for employee ‘Joe Demo’), the
database first scans the indexes for ‘Joe Demo’ to get all the row
numbers for Joe’s time cards, then retrieves just those records for the
application. Without an index, the database would have to read each
and every single record in the table (in its entirety) to find all the
records. A well-designed (and well maintained) index can improve the
performance of a query by 1,000 fold or more. So creating and
maintaining indexes are extremely important.
2. Log File Maintenance
SQL Databases contain a ‘Log File’ that keeps track of every single
transaction that happens in the database. Using these log files, you can
actually restore a database to the state it was at any point in time
before. So if something bad happens to your database (either
corruption, accidentally, or maliciously), you can recover your data as it
was the instant before the event happened. So the Log files are
extremely important parts of the system, and they require their own
special maintenance as well.
Log files automatically grow as you add more and more data to your
database. Each time the file grows, it creates a ‘Virtual Log File’ (VLF)
inside that it uses to store data. Using these VLFs the SQL Server is able
to find a single operation in the log file much, much faster than if it had
to scan the entire log file. The downside to this is that if there are too
many VLFs, the time it takes to insert data into the log file can actually
increase, which harms performance. Part of our maintenance routine is
to scan these VLFs and see if they are hurting performance. If the
maintenance routine determines that they are, then we adjust several
factors of the log file, including how large each ‘increment’ is when the
log file grows. We can then compact these VLFs together to regain our
lost performance (and without losing any log data).
3. File/Data Compaction
As you use your SQL database, the file size both grows and shrinks. Each
time the file needs more space, it grows by a certain increment. And as
data is added to the database (as a chunk), it is saved into any spot that
has enough memory to store that chunk. Unfortunately, the data is not
always stored close to other data from the same table. The data itself
becomes fragmented, just like the indexes we talked about before. In
order to resolve this issue, we run what is called a ‘Data Compaction’,
which reorganizes the file by grouping all associated data together. This
not only groups data together, but it can also free up space inside the
file as well, which can then be reclaimed by the operating system as
free disk space on your hard disc.

4. Integrity Check
Over time, your database will go through numerous changes. Data will
be added and removed, tables will be added, modified, and removed.
The database’s overall schema will change. Indexes will be added,
rebuild, deleted, and re-created. Data columns will be added, modified,
and removed. The database will go through thousands upon thousands
of changes just as a natural course of its lifespan. But each change, no
matter how small, has the potential to introduce corruption into the
database. Indexes can have corrupt pages, table can have bad records,
the schema can contain inaccurate references. These different types of
corruption can cause anything from simple performance issues to
complete schema failure and catastrophic data loss. But this is where
the Integrity Check comes into play. The Database Integrity Check
examines and analyzes the database in its entirety, and can detect and
repair most any corruption it comes across. The database integrity
check should be run on a regular, reoccurring, weekly schedule. The
Integrity Check is your best weapon to prevent catastrophic data loss.
WorkSpace has a built in Integrity Check that any OTP user with Admin
rights can run on demand. If any corruption was detected or repaired,
WorkSpace will immediately inform the user of the details, severity, and
actions taken. In nearly all cases, that is where the corruption will end,
and there will be no need for further action. But if you run an integrity
check and WorkSpace reports that an issue was detected but was not
resolved, please contact the Office Tools Technical Support team
immediately. Our data specialists have decades of experience working
with SQL Server databases and have been able to recover data that
others though was completely irrecoverable.

Question no 4
Define public interface. Also discuss the different components of
public interface with examples
Answer.
A public interface, in the context of software development, refers to the
set of methods, functions, and protocols that are made available to the
users or other parts of the software. It serves as the boundary between
different software components, providing a clear and well-defined
means of interaction. The public interface hides the internal workings of
a module or class, allowing for encapsulation and abstraction.
Properties/Attributes:
Definition: Publicly accessible variables or attributes that provide
information about the state of an object.
Example: In a class representing a car, properties like color, speed, and
fuelLevel could be part of the public interface.
Events/Callbacks:
Definition: Mechanisms for notifying external entities about specific
occurrences or changes.
Example: In a graphical user interface (GUI) library, events like onClick
or onHover could be part of the public interface to handle user
interactions.
Data Structures:
Definition: Publicly exposed structures or collections for organizing and
storing data.
Example: In a data processing library, a public interface might include
classes like LinkedList or Dictionary along with their associated
methods.
Example: Providing inline comments, README files, or official
documentation that guides users on how to interact with the public
interface.
Error Handling:
Definition: Publicly exposed mechanisms for handling and reporting
errors or exceptions.
Example: Including error codes, exception classes, or error-handling
functions/methods in the public interface to help users gracefully
handle unexpected situations.
Access Modifiers:
Definition: Specifying the visibility and accessibility of elements in the
public interface (e.g., public, private, protected).
Example: Marking certain methods as private to encapsulate internal
functionality while exposing only essential methods and properties as
public.
A well-designed public interface is crucial for creating modular,
maintainable, and scalable software systems. It allows for effective
communication between different parts of a program, promotes
encapsulation, and simplifies the complexity for users or developers
interacting with the software.
Q5. Write short notes on the following:
a. Authority table maintenance
Authority table maintenance typically refers to the process of managing
and updating an authority table within a database or system. An
authority table is a reference table that stores information about user
roles, permissions, or access levels. Here’s a breakdown of the key
components:

Authority Table:
 An authority table is a database table that holds information
related to user permissions and roles.
 It typically includes fields such as user ID, role ID, and permissions.
User Roles:
 Roles define a set of permissions or actions that a user with that
role can perform.
 Examples of roles might include “Admin,” “Manager,” or “User.”
Permissions:
 Permissions specify the actions or operations a user with a
particular role can undertake.
 These can include read, write, update, delete, or specific access to
certain functionalities.
Maintenance Process:
  Regularly update the authority table to reflect changes in user
roles or permissions.
 Add new roles or modify existing ones as organizational needs
evolve.
 Ensure that users are assigned appropriate roles to align with their
responsibilities.
User Access Management:
 Grant or revoke permissions based on changes in user roles or job
requirements.
 Monitor and adjust access levels to maintain security and
compliance.
Security Considerations:
 Implement robust security measures to protect the authority table
from unauthorized access.
 Regularly audit and review access controls to identify and mitigate
potential security risks.
Integration with Applications:
 Ensure that the authority table integrates seamlessly with the
applications or systems that rely on it for access control.
 Applications should query the authority table to determine user
permissions dynamically.
Logging and Auditing:
 Implement logging mechanisms to track changes made to the
authority table.
 Regularly audit these logs to detect and respond to any suspicious
or unauthorized activities.
Documentation:
  Maintain comprehensive documentation for the authority table
schema, roles, and permissions.
 Documentation should include guidelines for administrators on
how to manage and update the authority table.
Testing:
 Conduct thorough testing when making changes to the authority
table to ensure that access controls function as intended.
 Test scenarios where users assume different roles to validate
proper permissions.
In summary, authority table maintenance involves managing a
structured table that defines user roles, permissions, and access levels
within a system. Regular updates, security considerations, integration
with applications, and proper documentation are crucial aspects of
maintaining an effective authority table.
b. Maintaining and upgrading application
Maintaining and upgrading applications involves ongoing efforts to
ensure software remains functional, secure, and up-to-date.
Maintenance includes fixing bugs, addressing security vulnerabilities,
and making performance improvements. Upgrades typically involve
introducing new features, compatibility enhancements, or adapting the
application to newer technologies. This process is crucial for a
software’s longevity and effectiveness in meeting evolving user needs.
c. Creating the configuration file
To create a configuration file, you typically need to define settings and
parameters for a specific application or system. Here’s a general guide:
Choose a Format:
Decide on the format of your configuration file. Common formats
include JSON, YAML, XML, or INI. Each has its own syntax and structure.
Define Sections and Keys:
If using a format like INI or some flavors of YAML, you might organize
the file into sections. In JSON or XML, you can structure the data
hierarchically. Define keys for each setting you want to configure.
Specify Values:
Assign values to the keys based on the configuration you need. This
could include things like database connection details, API keys, or
general application settings.
Example (INI Format):

Ini
[Database]
Host = localhost
Port = 3306
Username = myuser
Password = mypassword

[App]
Debug = true
Log_level = INFO
Save the File:
Save the configuration file with a meaningful name and the appropriate
extension (.json, .yaml, .ini, etc.). Place it in a location accessible by your
application.
Read and Parse:
In your application code, implement logic to read and parse the
configuration file. Libraries or built-in functions are often available for
this purpose, depending on the programming language you’re using.
Handle Errors:
Include error-handling mechanisms in your code to manage situations
where the configuration file is missing or contains errors. Provide
meaningful error messages to assist with troubleshooting.
Update Dynamically (Optional):
Depending on your application’s requirements, you might want to allow
users to update the configuration dynamically without restarting the
application. Implement a mechanism for safely updating the
configuration at runtime.Remember, the specifics may vary based on
the programming language and framework you’re using, but these
general steps should give you a good starting point. If you have a
specific language or framework in mind, let me know for more tailored
guidance.
d. Authority Entries
Authority entries, in various contexts, refer to comprehensive records or
profiles of authoritative figures, institutions, or entities. These entries
often include detailed information such as:
Personal Information: Names, titles, positions, and affiliations of
individuals.
Professional Background: Educational qualifications, career history, and
relevant experience.
Achievements and Contributions: Notable accomplishments or
contributions to a particular field or industry.
Roles and Responsibilities: Details about the roles and responsibilities
held by the authority figure.
Publications and Works: Any written works, publications, or significant
projects associated with the authority.
Recognition and Awards: Honors, awards, or recognitions received for
outstanding performance or contributions.
Contact Information: Relevant contact details for communication or
collaboration.
These entries are often found in reference materials, directories, or
databases and serve as a comprehensive source for understanding the
background and impact of authoritative figures in a given domain. The
specific content may vary depending on the purpose and scope of the
authority entries, whether they pertain to academic, professional, or
other contexts.