With the popularization of computers and the development of the network, the database is no longer just the topic that the programmer is proprietary. and Oracle database is by virtue of its outstanding performance, easy to operate and flexible features, in the database market has occupied a place. But also with the continuous progress of network technology, the increasing data information, data security is no longer the old "long talk", and more than the previous books on those "elusive" rules.
Perhaps a long time ago, it was felt that Oracle database security was not a problem, since Oracle launched its database software last November with the slogan "Only oracle9i can be absolutely safe". But whether it's for promotional purposes or to broaden its profile, in short, with last December, British security experts Davidlitchfield discovered a bug in 9iAS that caused a buffer overflow and later Pentestlimited and eeyedigitalsecurity each put forward a small loophole, all the use of Oracle Company products are not the tension of the original loose brain-this for users, after all, related to their own "putting."
The following author will take you into the world of Oracle data security. Due to the author's limited level, so the deficiencies are inevitable, I hope we do not hesitate to enlighten.
A Some basic knowledge of Oracle Databases
Here's just a few basics for future security, because we're going to use them later.
1.Oracle Included components:
In Oracle, a database refers to the entire ORACLERDBMS environment, which includes the following components:
· Oracle database processes and buffers (instances).
· The system tablespace contains a set of systems classes that can be composed of one or more data files.
• Other table spaces defined by the database Administrator (DBA) (optional), each consisting of one or more data files.
• More than two online recovery logs.
• Archive recovery log (optional).
• Other documents (control documents, Init.ora, Config.ora, etc.).
Each Oracle database is run in a central system class and data dictionary, which is located in the system table space.
2. About "Log":
Oracle databases use several structures to protect data: Database fallback, logging, rollback segments, and control files. Here's a general look at "logs" as one of the main structures:
Each Oracle database instance provides a log that records all changes made in the database. Each running Oracle database instance has a corresponding online log that works with the Oracle background process LGWR to immediately record all changes made to the instance. Archive (offline) logging is optional and an Oracle database instance can form an online log archive once the online log fills up. Archived online log files are uniquely identified and merged into an archive log.
• About the online log: each instance of an Oracle database has an associated online log. An online log consists of multiple online log files. The online log file (Onlineredologfile) fills in the log entry (Redoentry), and the log entry records the data to refactor all changes made to the database.
• About archive logs: an archive log (Archivedredolog) is established when Oracle is archiving a filled online log filegroup. The following are useful for database backup and recovery:
<1> database backup as well as online and archived log files to ensure that all submissions are recoverable in the operating system and disk failures.
<2> in the database open and normal system use, if the archive log is permanently saved, online backup can be carried out and used.
The database can run in two different ways: Noarchivelog or Archivelog mode. When a database is used in a noarchivelog manner, it is not possible to archive online logs. If the database runs in Archivelog mode, you can implement an online log archive.
3. Physical and logical storage structure:
Oraclerdbms is made up of tablespaces, and table spaces are made up of data files. The table space data file is formatted as an internal block unit. The size of the block, which was set by the DBA at the first time Oracle was created, can be changed from 512 to 8,192 bytes. When an object is created in an Oracle tablespace, the user uses a unit called length (initial length ((initialextent), Next length (nextextent), Minimum Length (minextents), and maximum length (maxextents)) To indicate the space size of the object. The size of an oracle length can vary, but contains a chain consisting of at least five contiguous blocks.
Two Maintenance of Oracle Data security
Remember a philosopher said: "The change of things is inseparable from internal and external causes." "Then for the topic of Oracle data Security, it is also bound to be divided into the" inside "and" outside "two parts. So well, let's start with "inside":
1. Speaking from the Oracle system itself:
Let's put aside the try "hacker" and some other external reasons, first think about our database. What HDD damage, what software damage, what operation things ... A series of system problems caused by our "negligence" can completely leave the data in the database that we have painstakingly built. Well, let's find out why.
"One" solution to the problem of the system itself--database backup and recovery:
• Backup of the database:
There are three standard methods for backing up Oracle databases: Export/import (Export/import), cold backup, hot backup. Export backup is a logical backup, and cold and hot backups are physical backups.
<1> Export/import (Export/import)
Export can be used to extract data from the database, the use of import can be extracted from the data returned to the Oracle database.
A. Simple export data (export) and imported data (import)
Oracle supports three types of output:
(1) The table method (t), which exports the data from the specified table.
(2) User mode (U), which will specify all objects and data exported by the user.
(3) Whole library (full mode) to export all objects in the database.
The process of data export (import) is the reverse process of data importing (export), and their data flow is different.
B. Incremental export/import:
Incremental export is a common method of data backup that can only be implemented for the entire database and must be exported as system. When making this export, the system does not require any questions to be answered. The export file name defaults to Export.dmp, and if you do not want your output file to be named Export.dmp, you must indicate the file name you want to use on the command line.
An incremental export consists of three types:
(1) "Full" incremental export (Complete)
That is, back up the entire database, such as: $expsystem/managerinctype=completefile=990702.dmp.