Ensure the safe operation of web database

Source: Internet
Author: User
Tags log network function access web database backup

With the application of Web database more and more widely, the security problem of Web database becomes more and more prominent, how to guarantee and strengthen the security of database has become a problem that must be solved at present.

security control mode of database system

Web database is a combination of database technology and web technology, there are many security problems, such as the transmission over the network of user names and passwords are easily stolen. Data that the user reads may be intercepted, tampered with, and so on. How to ensure the safe operation of the Web database?

Building a security model

In general, security is the security authentication process that users in a computer system have to go through to access a background database using a database application.

When the user accesses the database first through the database application into the database system, then the database application will submit user name and password (password ciphertext) to the database management system for authentication, after the identification of the legal identity, before entering the next operation. When you want to operate on objects (tables, views, triggers, stored procedures, etc.) in the database, you must also authenticate through database access, and only through the authentication of the database can the actual operation of the database objects be carried out.

Authenticated users only have access to the application system and the database "credentials", but users in the application system and database can do what kind of operation, rely on "access control" and "access control" rights allocation and constraints. The "Access control" is related to the application system, which determines which modules in the application system and which workflow in the module can be managed by the current user. Access control is associated with a database that determines which objects in the database the current user can manipulate and what actions they can take. Although access control and access control can minimize the scope of user access to the application system, data object operation permissions are minimized, but in the database itself, the use of such views, triggers, stored procedures, and other methods to protect the data and the "encrypted storage" of some sensitive data is also a security policy provided by the database management system.

Audit trails and data backup

There is no feasible way to completely solve the problem that legitimate users abuse privileges after authentication, but audit trail is still an important line of defense to ensure database security.

Auditing is a monitoring measure that tracks the access activities of data. The audit trail automatically records all operations of the user to the database and is stored in the audit log (Audit log). The contents of the records generally include: the type of operation (such as modification, query, delete), the operation of the terminal identification and operator identification, operation date and time, the operation of related data (such as basic tables, views, records, attributes, etc.), the database of the former and the image and so on. Using this information, we can further identify the people, time, and content of illegal access to data.

The database management system often takes it as an optional feature, allowing the corresponding operation statement to open or close the audit function flexibly.

database backup Recovery Strategy

Computers, like other devices, can fail. There are many reasons for computer failure, including disk failure, power failure, software failure, disaster failure and man-made destruction. Once this happens, the loss of the database can be caused. Therefore, the database system must take the necessary measures to ensure that the database can be restored when the failure occurs. The backup and recovery mechanism of database system management system is to ensure that the database system can be restored to normal state when the database system fails.

Data backup (establishing redundant data) means replicating the database on a regular or irregular basis. You can copy data to a local mechanism or to another machine. Recovery methods are usually accomplished using backup technology, transaction log technology, and mirroring technology.

view mechanism and data encryption

You can restrict the access of individual users by defining different views for different users. Through the view mechanism, the data to be protected is hidden from the users who do not have access to the data, thus providing a certain degree of security protection to the database automatically. But the security protection of view mechanism is not very fine, often can not meet the requirements of application system, its main function is to provide the logical independence of the database. In practical application, the view mechanism is usually combined with the authorization mechanism, first, the view mechanism is used to screen some classified data, and then the access rights are further defined on the view mechanism.

Data encryption (encryption) is an effective means to prevent the compromise of data storage and transmission in database. The basic idea of encryption is to encrypt the original data (plaintext plaintext) into a format that cannot be directly identified (ciphertext, ciphertext) according to certain algorithms, and the data is stored and transmitted in ciphertext.

Web database security threat involves many aspects, is a global problem, and the hacker's attack means and methods are constantly refurbished, so according to the actual needs of the enterprise comprehensive consideration of a variety of technologies to build an organic combination.

At the same time, we should also soberly realize that a good security solution is not only a pure technical problem, but also requires the cooperation of law, management and social factors.

Common Web Database security technology

user identification and identification:

There are many ways to identify and authenticate users, and in order to achieve greater security, there are usually several ways to use them. The system checks the password to determine the authenticity of the user. This method is simple and easy, but it is also an unsafe method, which cannot withstand the guessing attack of the password, in addition, the attacker may eavesdrop on the communication channel or conduct network snooping (sniffer), and the plaintext transmission of the password allows the attacker to obtain the password in the process of password transmission, the system will be compromised Passwords are easily stolen in clear text on communication channels, so people usually use more sophisticated methods--password encryption, password in the form of ciphertext transmission on the communication channel.

Smart card technology:

Smart card is composed of microprocessor, memory, input, in which the microprocessor can calculate the card of a serial number (ID) and other data encryption form, ID guarantee the authenticity of smart card, cardholder can access the system. In the case of smart cards, many systems need both cards and identification codes (Pins) to be used simultaneously for security reasons.

Advantages of using smart card for authentication: Smart card provides hardware protection and encryption algorithm, better than traditional password authentication method, security can increase; disadvantage: inconvenient to carry and higher account opening cost.

main feature identification:

Based on the human body's unique, reliable and stable biological characteristics (such as fingerprint, Iris, face, Palmprint, etc.), the subject authentication technology uses the powerful network function of the computer and the network technology for image processing and pattern recognition.

Characteristics of the main features: security, reliability and effectiveness compared with the transmission of identity authentication means a qualitative leap, suitable for higher security sites; disadvantages: The cost of biometric information collection and authentication equipment is higher, and the recognition rate of personal character recognition software needs to be improved.

This paper collects and collates from the Internet, if you are the original author, please write a letter to change the author and source Post@chinaz.com (change # to @)



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.