In-depth analysis of Oracle Database Security Policies

Oracle is a relational database management system with powerful functions and excellent performance. It plays an important role in today's large database management systems. Under normal circumstances, the Oracle database ensures data security and stability, and provides users with correct data, however, the database system is affected by computer system faults (hardware faults, software faults, network faults, and system faults ).

Oracle is a relational database management system with powerful functions and excellent performance. It plays an important role in today's large database management systems. Under normal circumstances, the Oracle database ensures data security and stability, and provides users with correct data, however, the database system is affected by computer system faults (hardware faults, software faults, network faults, and system faults ).

Oracle is a relational database management system with powerful functions and excellent performance. It plays an important role in today's large database management systems. Under normal circumstances, the Oracle database ensures data security and stability, and provides users with correct data, however, computer system faults (hardware faults, software faults, network faults, and system faults) affect the operations of the database system, data correctness in the database, and even damage the database, if all or part of the data in the database is lost, the entire system will be paralyzed. Therefore, how to ensure the security of Oracle databases becomes an important part of system security.

Oracle Database Security policies include database backup and recovery, and user role management.

I. structure used for Database Backup

Oracle databases use several structures to protect data: database backup, logs, rollback segments, and control files.

1. Database Backup is composed of the operating system backup that makes up the physical files of the Oracle database. When a media fault occurs, the database is restored and the destroyed data files or control files are recovered using backup files.

2. Each Oracle database instance provides logs to record all modifications made in the database. Each running Oracle database instance has an online log, which works with the Oracle background process LGWR and immediately records all modifications made to the instance. Archive (offline) logs are optional. Once an Oracle database instance is filled with online logs, an online log archive file can be formed. Archived online log files are uniquely identified and merged into archived logs.

3. the rollback segment is used to store the old value of the modified value of ongoing transactions (for uncommitted transactions). This information is used to cancel any uncommitted modifications during database recovery.

4. control files are generally used to store the status of the physical structure of the database. Some status information in the control file is used to guide Oracle during instance recovery and media recovery.

Ii. Online logs

Each instance of an Oracle database has an associated online log. An online log consists of multiple online log files. Fill in the online redo log file with the redo entry. The data recorded in the log entry is used to reconstruct all modifications made to the database.

Iii. Archiving logs

When Oracle wants to archive a filled online log File Group, archived redo log must be created ). It is useful for database backup and recovery:

1. database backup and online and archive log files Ensure that all submitted items can be recovered in the case of operating system and disk faults.

2. When the database is opened and used normally, if the archived logs are permanently saved, they can be used online backup.

Databases can run in NOARCHIVELOG or ARCHIVELOG modes. When a database is used in NOARCHIVELOG mode, online logs cannot be archived. If the database runs in ARCHIVELOG mode, you can archive online logs.

Iv. Oracle backup features

Oracle backup includes logical backup and physical backup.

1. Logical backup

The logical backup of the database contains reading a database record set and writing the record set to a file.

(1) the output can be an entire database, a specified user, or a specified table.

(2) input (Import) the binary dump file created by the output is read and executed.

2. Physical backup

Physical backup includes copying the files that constitute the database regardless of the logical content.

Oracle supports two different types of physical file backup: offline backup and online backup ).

(1) offline backup

Offline backup is used to back up the following files when the database is shut down normally and the database is in "offline:

All data files

All control files

All online logs

Init. ora (optional)

(2) online backup

Online backup can be used to back up any databases that operate in the ARCHIVELOG mode. In this way, online logs are archived and a complete record of all jobs is created in the database.

The online backup process has powerful functions. First, a full point-in-time recovery is provided. Second, the database is allowed to be enabled during file system backup.

Backup Mode features comparison

V. role management of Oracle databases

The basic measures taken by the Oracle database system to manage database security using roles include:

The user name and password are verified to prevent non-Oracle users from registering with the Oracle database and performing illegal access to the database.

Grant the user certain permissions to restrict the user's permission to manipulate the database.

Grant users the permission to access and execute database entities to prevent users from accessing unauthorized data.

Provides a database Entity Access audit mechanism so that the database administrator can monitor the data access and system resource usage in the database.

The view mechanism is used to restrict access to the row and column sets of the base table.

Vi. Oracle database security policies

Oracle Database Backup has three methods, each of which has different recovery features. Therefore, you should integrate database and file system backup, logical backup, and physical backup.

(1) backup policy

At the operating system level, a large disk array is used to enable automatic distribution of each database file on each physical disk through disk image technology. In this way, when a disk is physically damaged, the operating system will automatically trigger the image disk to replace the invalid disk to ensure the normal operation of the database.

Maintain backup of multiple control files on multiple physical disks. The control file is used to guide Oracle during database recovery. Therefore, keeping multiple control files backed up ensures that available control files can be used for database recovery in the event of a disk failure.

Enables the database to run in ARCHIVELOG mode, and stores archived logs on the Logical Disk of another image. An online backup operation is performed every night to back up all data files, all archived log files, and one control file. An Export operation is performed once a week.

(2) recovery strategies

1. instance failed

Recovery from instance failure is automatically performed. Instance failure is generally caused by Server failure. When the database instance fails, restart the server, start the database, and check data files and online log files in Oracle, and synchronize all files to the same time point.

2. disk failure

If a control file is lost, you only need to close the database and copy it from the place where the control file is retained.

If the data file is lost, you can use the online backup of the previous night to restore it. The steps are as follows:

1) store the lost file in the original location from the backup.

2) load the database

3) restore the database

4) Open the database

3. delete or modify objects by mistake

In this case, we generally want to trace the time point before the error occurs. This is called time point recovery. Follow these steps:

1) from the current database output (Export), input (Import) to the backup database, so that the backup database is consistent with the current database.

2) scroll forward to the time point before the error occurs.

3) output the logical objects affected by errors from the standby database.

4) use the output file generated in the previous step to input the affected objects to the current database.

(3) User role management

1. assign different user roles to all clients based on their work nature.

2. Grant different database object access permissions to different user roles based on their data sources.