This is a computer networking model, which entails an application design, partitioning the tasks between servers (service providers) and clients (service requesters). Dewire (1993) gave a more succinct definition of client-server computing as the logical expansion of modular computerized programming. The client-servers relationship usually exists between one computer program and another. The client program requests a service that is delivered by the server program. The clients and servers often operate through a computerized network, but on separate hardware systems. A server usually shares its resources with clients, even though clients do not share their resources with the servers. A good example of a client program is the web browser in the user’s computer, capable of accessing information at web servers (Guynes, Golladay &Huff, 1996).
In the client-server environment, several issues arise, among which security issue is paramount. Various security issues in a client-server computing relationship are hereby discussed.
Security issues in client-server computing
Security issues are of major concern for computing systems within organizations. The security of Individual clients, the networking system as well as the security of the server are issues that pose a great risk to the computing process if not well addressed appropriately by the relevant organs in an organization.
According to Wilson, Lin & Craske (1999), the distribution of the service between clients and servers boosts the susceptibility of the system to risks and damages from frauds, computer viruses, website hacking, stalking, physical damage as well as the misuse of computerized systems. They continued arguing that as businesses are increasingly moving towards the adoption of multi-vendor systems, issues in regard to security are multiplying as well. Security in the client-server computing relationship, therefore, has to include the LANs and global WANs, the PCs themselves, the host system, and the users (Wilson, Lin & Craske, 1999).
The network is the vehicle that bridges the gap between the clients and the servers, and several security issues are characterized at this level. It connects the two with computing services and information, and it is not prone to hazardous intruders. The intruders can use the network to access computer systems and their information, destroy or alter important information, or even get access to highly confidential information such as passwords, company databases, and vital details. The intruders can also reveal weak areas, which they can utilize to break into or access the systems.
Encryption of data is one of the security measures which can be used to counterattack network intruders or attackers, sniffing into a network. This involves the conversion of readable data into a version that is unreadable, which can only be accessed by the clients with the decryption key (Wilson et al, 1999). In a manner to authenticate the users, Wilson et al, (1999) noted that most systems make use of re-usable passwords which can allow the intruders or attackers to scrutinize the network, access the system, and get access to and extract vital information, hence posing a great threat to the users (clients) and the computing system as well.
A network will be secure for the clients and servers if it conforms to the four basic principles as outlined by Wilson et al (1999): user authentication, audit, object re-use and have a discretionary control and in addition to these principles, the security of the network system should be enhanced through the provision of rules to govern its usage and screening devices interconnecting to the network system.
Database security issue
The security of databases has emerged as a major issue of concern between the clients and the organization’s database managers, who are the servers. Client-server computing is majorly based on database management software, which supports applications in the computing environment. The main issue here is the control of access to databases in a client-server computing environment. Adam (1992, p.19) noted that the evolution of end-user computing has provided a lot of power in workplaces, resulting in increased demands by end-users to access corporate data, and with little or no consideration for data security. Control of accessibility of clients to various data in a database is quite vital regarding the security of the data or information contained in the database system.
There are two exposures in the Database system that pose a great security threat to the systems and the end-users. The first one is the allowance of some database management systems for users to connect to an application directly without the use of sign-on security, such as Sybase. Secondly, a lot of application software purchased over the counter, defines their database tables to the ‘public,’ meaning that any person can directly sign on to the database management system, and alter information, in the application tables. These two present a great risk of insecurity of the data to be utilized by the client (end-user), as it is highly [prone to attackers (Client-server security, n.d).
As a security measure, security professionals at the server terminal should ensure maximum security and protection of tables holding application data. A Database management system should also put in place a ‘view’ program to allow the database to restrict users’ access rights in data fields (Client-server security, n.d).
File server security
The server system is usually controlled by a system administrator, who controls the entire system. This means that the individual performs all the administrative functions, including security. The individual controls the data files deployed through the client-server applications, which raises risks to the security of the files accessible by the client or the end-user. It is quite a hard task for a single individual to effectively monitor and control all the files available in the server, hence the risks for not realizing harmful files from intruders being high, therefore posing a security threat not only to the end-users but also to the entire system (Client-server security, n.d). To offset this phenomenon, the duties of the system administrator should be separated to have a file server auditor to interrogate vital files for the purpose of maintaining file security and authenticity for clients’ consumption.
At the workstation, the personal computer users have the overall duty of controlling the data files and other applications deployed to their PCs. Sometimes lack of controlled information can be deployed to the clients, which poses a great security threat to their machines, their organizations, or even themselves (Wilson et al 1999).
The workstation operating system assumption is that the person who turns a PC on is the owner of all the files, inclusive of the configuration files. The easy accessibility of the operating system exposes the client-server application to security risks and threats, as attacks can corrupt data in the operating system, which can be passed to other stages in the client-server system (Wilson et al 1999).
In a client-server environment, the records worked on in a PC should not be stored in the computer’s hard disk, as the records may possess detrimental files which can affect its operating system or corrupt other personal files in the PC (Client-server security, n.d). If the user records are to be stored in the computer, then a security product must be installed in place to authenticate the user activities and encrypt user data which poses a security threat to the hard disk or the network (Client-server security, n.d).
Security in a client-server computing system is a very vital factor for a successful client-server relationship. The servers should ensure the security and authenticity of the applications deployed to the client. This should encompass a secure network, secure database management system, and file server security as well as the clients’ station security. Through adequate security measures, sharing of data or information between the client and the server becomes friendlier and easier, as chances of cyber-attacks and access to inauthentic information are greatly minimized.
Adam, J., A. (1992). Data security. IEEE Spectrum, 29 (8), 19-20.
Client-Server security (n.d). Web.
Dewire, D. T. (1993). Client/Server Computing. Singapore. McGraw-Hill.
Guynes, C., S., Golladay,R.,M. & Huff, A. (1996). Database security in a client/server environment. ACM SIGSAC Review, 14(3) 9-12.
Wilson, I., Lin, X. & Craske, N. (1999).Client/server security issues. Web.