Database applications are pervasive in any organization. In these database applications, databases organized according to the relational model are among the most widely used. The database language SQL [ANS92] provides a standard means of accessing data organized according to the relational model. In this section, security features provided by SQL are described. The use of SQL in a network environment is specified by the RDA standard ([ISO90b] and [ISO90c]). This section also discusses the security considerations of using SQL in a network environment.
The term SQL is often used to refer to different specifications or implementations. In the formal standards area, SQL'89 refers to ANSI X3.135-1989 [ANS89] (FIPS 127-1 [FIP90]); SQL'92 refers to ANSI X3.135-1992 [ANS92] (FIPS 127-2 [FIP93a]); and SQL3 refers to ANSI X3-135-199x [ISO92]which is expected to be approved by ANSI within a couple of years. In addition, the term SQL is often used to refer to a SQL implementation which includes vendor enhancements. In this section, the term ``SQL'' always refers to one of the ANSI standards. If a capability described is contained within each of SQL'89, SQL'92, and SQL3, then the term ``SQL'' is used. If a capability is not contained within each of SQL'89, SQL'92, and SQL3, then the versions of the standard which support the capability are specifically named.
SQL'89 provides basic facilities for creating and manipulating databases based on a relational model. These facilities include:
SQL'92 provides additional capabilities including schema manipulation and the ability (called dynamic SQL) to dynamically build and execute SQL statements. SQL'92 also provides the means to apply SQL to a network environment by adding the capabilities for connection and session management. SQL3 will provide the ability to define, create, and manipulate more general objects in addition to tables.