A two-pronged approach to web database security audit tracking and backup

With the application of Web database more and more widely, the security problem of Web database becomes more and more prominent, how to guarantee and strengthen the security of database has become a problem that must be solved at present.

Security control mode of database system

Web database is a combination of database technology and web technology, there are many security problems, such as the transmission over the network of user names and passwords are easily stolen. Data that the user reads may be intercepted, tampered with, and so on. How to ensure the safe operation of the Web database?

Building a security model

In general, security is the security authentication process that users in a computer system have to go through to access a background database using a database application.

When the user accesses the database first through the database application into the database system, then the database application will submit user name and password (password ciphertext) to the database management system for authentication, after the identification of the legal identity, before entering the next operation. When you want to operate on objects (tables, views, triggers, stored procedures, etc.) in the database, you must also authenticate through database access, and only through the authentication of the database can the actual operation of the database objects be carried out.

Authenticated users only have access to the application system and the database "credentials", but users in the application system and database can do what kind of operation, rely on "access control" and "access control" rights allocation and constraints. The "Access control" is related to the application system, which determines which modules in the application system and which workflow in the module can be managed by the current user. Access control is associated with a database that determines which objects in the database the current user can manipulate and what actions they can take. Although access control and access control can minimize the scope of user access to the application system, data object operation permissions are minimized, but in the database itself, the use of such views, triggers, stored procedures, and other methods to protect the data and the "encrypted storage" of some sensitive data is also a security policy provided by the database management system.

Audit trails and data backup

There is no feasible way to completely solve the problem that legitimate users abuse privileges after authentication, but audit trail is still an important line of defense to ensure database security.

Auditing is a monitoring measure that tracks the access activities of data. The audit trail automatically records all operations of the user to the database and is stored in the audit log (Audit log). The contents of the records generally include: the type of operation (such as modification, query, delete), the operation of the terminal identification and operator identification, operation date and time, the operation of related data (such as basic tables, views, records, attributes, etc.), the database of the former and the image and so on. Using this information, we can further identify the people, time, and content of illegal access to data.

The database management system often takes it as an optional feature, allowing the corresponding operation statement to open or close the audit function flexibly.

Database Backup Recovery Strategy

Computers, like other devices, can fail. There are many reasons for computer failure, including disk failure, power failure, software failure, disaster failure and man-made destruction. Once this happens, the loss of the database can be caused. Therefore, the database system must take the necessary measures to ensure that the database can be restored when the failure occurs. The backup and recovery mechanism of database system management system is to ensure that the database system can be restored to normal state when the database system fails.

Data backup (establishing redundant data) means replicating the database on a regular or irregular basis. You can copy data to a local mechanism or to another machine. Recovery methods are usually accomplished using backup technology, transaction log technology, and mirroring technology.