Comprehensive analysis of Oracle database security Policy

oracle| Security | strategy | data | database

Oracle is a relational database management system, which has powerful function and excellent performance, and occupies an important position in today's large database management system. In the MIS system developed by us, we choose the Oracle7.3 database. Under normal circumstances, Oracle database will ensure data security, stability, provide users with correct data, but due to computer system failures (hardware, software, network and system failure) affect the operation of the database system, affecting the correctness of data in the database, and even destroy the database, All or part of the data in the database is lost and the entire system is paralyzed. Therefore, how to ensure the security of Oracle database is an important part of the whole MIS system security.

Security policies for Oracle databases include backup and recovery of databases, and user role management.

The structure used by the database backup

Oracle databases use several structures to protect data: Database fallback, logging, rollback segments, and control files.

1. Database fallback consists of the operating system fallback of the physical files that make up the Oracle database. When the media failure of the database recovery, the use of backup files to recover corrupted data files or control files.

2. Each Oracle database instance provides a log that records all changes made in the database. Each running Oracle database instance has a corresponding online log that works with the Oracle background process LGWR to immediately record all changes made to the instance. Archive (offline) logging is optional and an Oracle database instance can form an online log archive once the online log fills up. Archived online log files are uniquely identified and merged into an archive log.

3. The rollback segment is used to store the old value of a modified value for a transaction in progress (for uncommitted transactions) that is used to undo any uncommitted modifications during database recovery.

4. Control files, typically used to store the state of the physical structure of the database. Some state information in the control file is used to boot Oracle during instance recovery and media recovery.

Second, the online log

Each instance of an Oracle database has an associated online log. An online log consists of multiple online log files. Log entries (Redo entry) are filled in on-line log files (online redo log file), and log entries record data to refactor all changes made to the database.

Third, the archive log

An archive log (archived redo log) is created when Oracle is archiving a filled online log filegroup. The following are useful for database backup and recovery:

1. Database backup and online and archived log files ensure that all submissions are recoverable in the operating system and disk failures.

2. In the case of database open and normal system use, if the archive log is permanently saved, online backup can be done and used.

The database can run in two different ways: Noarchivelog or Archivelog mode. When a database is used in a noarchivelog manner, it is not possible to archive online logs. If the database runs in Archivelog mode, you can implement an online log archive.

IV. Oracle Backup Features

Oracle backups include logical and physical backups.

1. Logical backup

A logical backup of a database consists of reading a database recordset and writing the recordset to a file.

(1) The output (export) output can be an entire database, a specified user, or a specified table.

(2) input (import) Enter the binary dump file created by the output to read and execute its commands.

2. Physical backup

A physical backup contains a copy of the file that makes up the database, regardless of its logical content.

Oracle supports two different types of physical file backups: Offline backup (offline Backup) and online backup (on line Backup).

(1) Offline backup

An offline backup is used to back up the following files when the database has been shut down properly and the database is "offline":

All data files

All control files

All online logs

Init.ora (optional)

2) Online Backup

Online backups can be used to back up any database that operates in Archivelog mode. In this way, the online log is archived and a complete record of all jobs is established within the database.

The online backup process has powerful features. First, a complete point-in-time (point-in-time) recovery is provided. Second, allow the database to remain open while the file system is backed up.

Comparison of backup mode characteristics

Mode type recovery feature

Export logic can restore any database object to the state of the output

Offline Backups Physics can restore the database to a shutdown state: If the database is running in Archivelog mode, it can revert to any point in time.

Online Backups Physics can restore the database to any point in time

[1] [2] Next page