Damage confinement is a critical aspect of database survivability. Damaged data items of a database should not be allowed to access until they are repaired. Traditional database damage confinement is one phase, that is, a damaged data item is confined only after it is identified as corrupted, and one- phase damage confinement has a serious problem, that is, during damage assessment serious damage spreading can be caused. In this paper, we present the design and implementation of a multiphase database damage confinement system, called DDCS. The damage confinement process of DDCS has one confining phase, which instantly confines the damage that might have been caused by the intrusion(s) as soon as the intrusion(s) are detected, and one or more later on unconfining phases to unconfine the data items that are mistakenly confined during the confining phase and the items that are repaired. In this way, DDCS ensures no damage spreading during damage assessment. DDCS can confine the damage caused by multiple malicious transactions in a concurrent manner. DDCS is built on top of a commercial database server. DDCS is transparent to end users, and the performance penalty of DDCS is reasonable.