With the popularization of computers and the development of the network, the database is no longer just the topic of the programmer. Oracle database is based on its excellent performance, easy to operate and flexible features, in the database market has occupied a place. But also with the continuous improvement of network technology, data information is increasing, data security is no longer the previous "Laosheng long Talk", but also not the previous books on those "Can not be".
Perhaps a long time ago, we all felt that Oracle database security is not a hidden danger, because Oracle Company began to promote its database software last November, the slogan is "only oracle9i can be absolutely safe." But whether it's for promotion, or for the sake of expansion, in the end, last December, British security expert David Litchfield discovered a buffer overflow vulnerability in 9iAS that resulted in a program error and later, PenTest Limited and EEye Digital Security Each proposed a small loophole, all the people who use the Oracle company products are not from the ground tension of the original relaxed brain-this for users, after all, related to their own "Mr. Gbagbo."
The following author will take you into the world of Oracle data security. Due to the limited level of the author, so the shortcomings are unavoidable, I hope everyone's generous enlighten.
A Some basic knowledge of Oracle Database
This is just a foundation for future security, because we need to use them later.
Components included in the 1.Oracle:
In Oracle, the database refers to the entire Oracle RDBMS environment, which includes the following components:
· Oracle database processes and buffers (instances).
· The system table space contains a centralized systems class that can consist of one or more data files.
• Other table spaces defined by the database Administrator (DBA) (optional), each consisting of one or more data files.
• More than two online recovery logs.
• Archive recovery logs (optional).
• Other documents (control files, Init.ora, Config.ora, etc.).
Each Oracle database runs on a central system class and data dictionary, which is located in the system table space.
2. About "Log"
Oracle databases use several constructs to protect data: Database fallback, logging, rollback segments, and control files. Below we will take a general look at the "log" as one of the main structures:
Each Oracle DB instance provides a log that records all changes made in the database. Each running Oracle DB instance has an online log corresponding to the Oracle background process LGWR, which immediately logs all modifications made to the instance. Archived (offline) logs are selectable, and an Oracle DB instance can form an online log archive once the online log fills up. Archived online log files are uniquely identified and merged into an archive log.
• About online logs: An online log is associated with each instance of an Oracle database. An online log consists of multiple online log files. The online redo log file fills in the log entry (redo entry), and the log entry records data for refactoring all modifications made to the database.
• About archive logs: When Oracle is archiving a filled online log file group, an archive log (archived redo log) is created. It has the following uses for database backup and recovery:
<1> database fallback as well as online and archived log files to ensure that all committed things can be restored in the operating system and disk failures.
<2> under Database open and normal system use, if archive log is saved permanently, online fallback can be made and used.
The database can be run in two different ways: Noarchivelog or Archivelog mode. When the database is used in Noarchivelog mode, the online log cannot be archived. If the database is running in Archivelog mode, an archive of online logs can be implemented.
3. Physical and logical storage structure:
Oracle RDBMS is made up of table spaces, and table spaces are made up of data files. The tablespace data file is formatted as an internal block unit. The size of the block is set by the DBA when Oracle was first created, and can vary from 512 to 8,192 bytes. When an object is created in an Oracle tablespace, the user is called a unit of length (initial length (initial extent), next length (next extent), Minimum length (min extents), and maximum length (max extents). To indicate the size of the object's space. The size of an oracle length can vary, but include a chain consisting of at least five contiguous blocks.
Oracle Database Security Basics