Security Considerations for SQL-Based Implementations of STEP

摘要

The Database Language SQL (SQL) is a standard interface for accessing andmanipulating relational databases. As such, SQL can be used in many different operational environments, with correspondingly different needs for security. One specific application of this standard is in the field of Product Data Exchange using STEP (PDES). This paper examines the security implications of the versions of the SQL standard as used to implement STEP. STEP does not imply any particular security policy, so a variety of security policies are examined. The paper has been written as a companion document to the National Institute of Standards and Technology's (NTIS's) general SQL security document, 'Security Issues in the Database Language SQL', and references that document frequently.