A detailed account of the security control strategy of Sybase database

The security of computer systems has always been a headache for developers, especially in the database system, because of the large number of data centralized storage, and for many users to share directly, security issues more prominent. The dangers of security are needless to say, many of the world's largest banks have been hit by illegal intruders to varying degrees, but for commercial reasons these banks are reluctant to disclose the extent of their losses, making security more difficult to solve. As a large database system, Sybase has a typical security control strategy. This paper takes Sybase database as an example to briefly introduce the Common Security control strategy in large database.

Hierarchy of security controls

Sybase database provides developers with an effective security control strategy, which focuses on the security of data access and the monitoring of user login, while also taking into account the user's requirements for speed when using data. The security in Sybase is based on layering, and its security measures are set at the first level and are truly layered. The first layer is the registration and user license to protect the basic access to the server; the second layer is access control, which sets different permissions for different users, and maximizes the protection of the database. The third layer is to increase the view and stored procedures that restrict data access, and to create a barrier between the database and the user.

Basic principles of security issues

Sybase based on the above hierarchy of security system, put forward the following points to implement the principle of security:

1, Selective access control (discretionary Access Controls DAC), the DAC is used to determine whether users have access to database objects;

2, verification, verification is to ensure that only authorized legitimate users can register and access;

3, authorization, to different users access to the database to grant different permissions;

4, audit, monitoring the system occurred in all events.

The security control strategy of Sybase

Based on these four-point principles, Sybase provides four basic strategies for security control.

When the server is created, Sybase assigns all permissions to the system administrator, and the system administrator can increase the registrant (logins) on the server (only the system administrator has this permission). Logins can log on to the server but cannot access the database. The database owner (DBO) has the right to increase the user (users), and users can use the database assigned to it. When users visit the database, first to logins identity into the server, the system automatically open the default database, logins identity into the users identity.

After the user logs on, the system is authenticated by a password to prevent the illegal user from stealing another user's name for login. This verification step appears in the Registration dialog box at logon, registration and authentication are simultaneous, username and password are not consistent, logon request is denied.

The permission makes the user in the database activity scope only to be allowed in the small scope, greatly enhances the database security. In Sybase systems, the owner or creator of an object is automatically granted permission to the object. The owner has the right to decide to grant permission to another user. Sybase provided the grant and REVOKE commands to grant or revoke the license. The database owner and system administrator have special permissions, including that the database owner (DB owner,dbo) has full license to all objects in the database that they own; system administrator (Systems Administrantion,sa) have permission to all objects of all databases within the server.