In-depth analysis of Oracle Database Security Policies (1)

Oracle is a relational database management system with powerful functions and excellent performance. It plays an important role in today's large database management systems. Under normal circumstances, the Oracle database ensures data security and stability, and provides users with correct data, however, computer system faults (hardware faults, software faults, network faults, and system faults) affect the operations of the database system, data correctness in the database, and even damage the database, if all or part of the data in the database is lost, the entire system will be paralyzed. Therefore, how to ensure the security of Oracle databases becomes an important part of system security.

Oracle Database Security policies include database backup and recovery, and user role management.

I. structure used for Database Backup

Oracle databases use several structures to protect data: database backup, logs, rollback segments, and control files.

1. Database Backup is composed of the operating system backup that makes up the physical files of the Oracle database. When a media fault occurs, the database is restored and the destroyed data files or control files are recovered using backup files.

2. Each Oracle database instance provides logs to record all modifications made in the database. Each running Oracle database instance has an online log, which works with the Oracle background process LGWR and immediately records all modifications made to the instance. Archive (offline) logs are optional. Once an Oracle database instance is filled with online logs, an online log archive file can be formed. Archived online log files are uniquely identified and merged into archived logs.

3. the rollback segment is used to store the old value of the modified value of ongoing transactions (for uncommitted transactions). This information is used to cancel any uncommitted modifications during database recovery.

4. control files are generally used to store the status of the physical structure of the database. Some status information in the control file is used to guide Oracle during instance recovery and media recovery.

Ii. Online logs

Each instance of an Oracle database has an associated online log. An online log consists of multiple online log files. Fill in the online redo log file with the redo entry. The data recorded in the log entry is used to reconstruct all modifications made to the database.

Iii. Archiving logs

When Oracle wants to archive a filled online log File Group, archived redo log must be created ). It is useful for database backup and recovery:

1. database backup and online and archive log files Ensure that all submitted items can be recovered in the case of operating system and disk faults.

2. When the database is opened and used normally, if the archived logs are permanently saved, they can be used online backup.

Databases can run in NOARCHIVELOG or ARCHIVELOG modes. When a database is used in NOARCHIVELOG mode, online logs cannot be archived. If the database runs in ARCHIVELOG mode, you can archive online logs.

Iv. Oracle backup features

Oracle backup includes logical backup and physical backup.

1. Logical backup

The logical backup of the database contains reading a database record set and writing the record set to a file.

(1) the output can be an entire database, a specified user, or a specified table.

(2) input (Import) the binary dump file created by the output is read and executed.

2. Physical backup

Physical backup includes copying the files that constitute the database regardless of the logical content.

Oracle supports two different types of physical file backup: offline backup and online backup ).

(1) offline backup

Offline backup is used to back up the following files when the database is shut down normally and the database is in "offline:

All data files

All control files

All online logs

Init. ora (optional)

(2) online backup

Online backup can be used to back up any databases that operate in the ARCHIVELOG mode. In this way, online logs are archived and a complete record of all jobs is created in the database.

The online backup process has powerful functions. First, a full point-in-time recovery is provided. Second, the database is allowed to be enabled during file system backup.

Backup Mode features comparison