Skip to Main Content
Database management systems (DBMS) have a long tradition in high security and several mechanisms needed to protect data have been proposed/consolidated in the database arena. However, the effectiveness of those mechanisms is very dependent on the actual configuration chosen by the database administrator. Tuning a large database is quite complex and achieving high security is a very difficult task that requires a lot of expertise and continuous and proactive work. In this paper we present an assessment tool aimed at evaluating the security of DBMS configurations. The proposed tool is simple and effective, and can be used by administrators with very little security knowledge. We evaluate the tool by performing the assessment of four different real database installations based on four well-known and widely used DBMS engines.