The ORACLE tutorial is on Oracle data security.Oracle Data SecurityAuthor: Author★With the popularization of computers and the development of the network, the sl god of war database is no longer just the proprietary topic of those programmers. Oracle databases, however, have a place in the database market thanks to their superior performance and convenient and flexible operations. However, as network technology continues to improve and data information continues to increase, data security is no longer an old saying ", it is also not the "unattainable" rules in previous books.
Perhaps a long time ago, everyone felt that the security of Oracle databases was not a risk, because Oracle began to promote its database software in March, with the slogan "only Oracle9i can achieve absolute security ". However, whether it is for promotion or to increase awareness, it was accompanied by the buffer overflow vulnerability caused by program errors found in 9iAS by British security expert David Litchfield in February and later, penTest Limited and eEye Digital Security each proposed a small vulnerability. All users who use Oracle products cannot help but become nervous about the originally relaxed brain, after all, it is related to your own "Personal Life ".
I will take you into the world of Oracle data security. Due to my limited level, the shortcomings are inevitable.
(1) Basic knowledge about Oracle databases
This is just to lay some foundation for future security, because we will use them later. Haha ~!
1. components contained in Oracle
In Oracle, a database refers to the entire Oracle RDBMS environment. It includes the following components:
· Oracle Database process and buffer (instance ).
· The SYSTEM tablespace contains a centralized SYSTEM category, which can be composed of one or more data files.
· Other tablespaces defined by the database administrator (DBA) (Optional). Each tablespace consists of one or more data files.
· More than two online recovery logs.
· Archive recovery logs (optional ).
· Other files (control files, Init. ora, Config. ora, etc ).
Each Oracle database runs on a central SYSTEM category and data dictionary. It is located in the SYSTEM tablespace.
2. About "logs"
Oracle databases use several structures to protect data: database backup, logs, rollback segments, and control files. Here we will take a general look at the "log" as one of the main structures ":
Each Oracle database instance provides logs to record all modifications made in the database. Each running Oracle database instance has an online log, which works with the Oracle background process LGWR and immediately records all modifications made to the instance. Archive (offline) logs are optional. Once an Oracle database instance is filled with online logs, an online log archive file can be formed. Archived online log files are uniquely identified and merged into archived logs.
· Online logs: each instance of an Oracle database has an associated online log. An online log consists of multiple online log files. Fill in the online redo log file with the redo entry. The data recorded in the log entry is used to reconstruct all modifications made to the database.
· Archive logs: Archive logs (archived redo logs) must be created when Oracle wants to archive all online log File groups ). It is useful for database backup and recovery:
<1> database backup and online and archive log files Ensure that all submitted items can be recovered in case of an operating system or disk failure.
<2> online backup can be used if the archived logs are permanently saved when the database is enabled and normally used by the system.
Databases can run in NOARCHIVELOG or ARCHIVELOG modes. When a database is used in NOARCHIVELOG mode, online logs cannot be archived. If the database runs in ARCHIVELOG mode, you can archive online logs.
3. physical and logical Storage Structure
Oracle RDBMS is composed of tablespaces, and tablespaces are composed of data files. The tablespace data file is formatted as an internal block unit. The block size is set by DBA when Oracle was first created. It can be changed within the range of 512 to 8192 bytes. When an object is created in an Oracle tablespace, the user uses the unit of length (initial extent), next length (next extent), and min extents (min extents) and max extents to indicate the size of the object. The length of an Oracle database can be changed, but it must contain a chain consisting of at least five consecutive blocks.
(2) Oracle Data Security Maintenance
I remember a philosopher saying, "The changes of things are inseparable from internal and external causes ." Therefore, Oracle data security is also divided into "internal" and "external. Well, let's start with "inner:
1. Starting from the Oracle system itself
Let's take a look at our database without worrying about the "hacker" and other external reasons. What disk damage, what software damage, what operations ...... A series of system problems caused by our "negligence" can completely let the data in the database we have worked hard to build go forever. Then, let's look for reasons from ourselves.
[1] solutions to system problems-database backup and recovery
· Database backup:
There are three methods for Oracle Database Backup: Export/Import, cold backup, and hot backup. Exporting backup is a logical backup, while cold backup and hot backup are physical backup.
<1> Export/Import (Export/Import)
The Export can be used to extract data from the database, and the Import can be used to send the extracted data back to the Oracle database.
A. Simple Export of data (Export) and Import data (Import)
Oracle supports three types of output:
(1) the data of the specified table is exported in the T mode.
(2) user mode (U mode), which exports all objects and data of the specified user.
(3) Full database mode (Full mode) to export all objects in the database.
The data Export process is the inverse process of the data Import (Export). Their data flows are different.
B. incremental Export/Import
Incremental export is a common data backup method. It can only be implemented for the entire database and must be exported as a SYSTEM.
[1] [2] [3] [4] Next page
The ORACLE tutorial is on Oracle data security. Output. During this export, the system does not require any answers. The default export file name is export. dmp. If you do not want your output file to be named export. dmp, you must specify the file name to use in the command line.
Incremental export includes three types:
(1) "Complete" incremental Export (Complete)
Back up the entire database, for example:
$ Exp system/manager inctype = complete file = 990702.dmp
(2) incremental Export
Back up the data changed after the last backup. For example:
$ Exp system/manager inctype = incremental file = 990702.dmp
(3) Cumulative)
The accumulative export mode only exports the changed information in the database after the last "full" export. For example:
$ Exp system/manager inctype = cumulative file = 990702.dmp
The database administrator can schedule a backup schedule and export the data in three different ways. For example, the database backup task can be arranged as follows:
· Monday: full export ()
· Tuesday: Incremental Export (B)
· Wednesday: Incremental Export (C)
· Thursday: Incremental Export (D)
· Friday: accumulative Export (E)
· Saturday: Incremental Export (F)
· Sunday: Incremental Export (G)
If the database is accidentally damaged on Sunday, the database administrator can follow these steps to restore the database:
Step 1: Use the create database Command to regenerate the DATABASE structure;
Step 2: create an additional return segment that is large enough.
Step 3: import A in full Increments:
$ Imp system./manager inctype = rectore full = y file =
Step 4: Accumulative incremental import E:
$ Imp system/manager inctype = rectore full = y file = E
Step 5: import the latest incremental F:
$ Imp system/manager inctype = restore full = y file = F
<2> cold backup
Cold backup occurs when the database is shut down normally. When the database is shut down normally, it will provide us with a complete database. Cold backup is a way to copy key files to another location. Cold backup is the fastest and safest way to back up Oracle information. Advantages of cold backup:
· A very fast backup method (just copy files)
· Easy to archive (simple copy)
· Easy recovery to a certain point in time (you only need to copy the file back)
· Can be combined with archiving methods to restore the database to the "latest State.
· Low maintenance and high security.
However, cold backup also has the following shortcomings:
· When used separately, only recovery at a certain time point can be provided.
· During the entire backup process, the database must be backed up instead of other work. That is to say, in the cold backup process, the database must be closed.
· If the disk space is limited, it can only be copied to tape and other external storage devices, and the speed will be very slow.
· Cannot be restored by table or by user.
If possible (mainly for efficiency), back up the information to the disk and start the database (allowing the user to work) and copy the backed up information to the tape (the database can work at the same time ). Files that must be copied in cold backup include:
· All data files
· All control files
· All online redo log files
· Init. ora file (optional)
It is worth noting that cold backup must be performed when the database is closed. When the database is turned on, the execution of database file system backup is invalid.
The following is a complete example of cold backup:
(1) shut down the database $ sqldba lmode = y
SQLDBA> connect internal;
SQLDBA> shutdown normal;
(2) Use the Copy command to back up all the time files, redo log files, control files, and initialize parameter files.
SQLDBA>! Cp <file> <backup directory>
(3) restart the Oracle database
$ Sqldba
Previous Page [1] [2] [3] [4] Next page
The ORACLE tutorial is on Oracle data security. Lmode = y
SQLDBA> connect internal;
SQLDBA> startup;
<3> Hot Backup
Hot Backup uses archivelog mode to back up data when the database is running. Therefore, if you have a cold backup file last night and a hot backup file today, you can use this data to restore more information when a problem occurs. Hot Backup requires that the database be operated in Archivelog mode and requires a large amount of archive space. Once the database is running in the archivelog state, you can back up the database. The Hot Backup command file consists of three parts:
1. Data Files are backed up in one tablespace and one tablespace.
(1) set the tablespace to the backup state.
(2) back up the data files in the tablespace
(3) restore the tablespace to normal state
2. Back up the archive log file.
(1) temporarily stop the archiving process
(2) files in the target directory of archive redo log under log
(3) restart the archive Process
(4) back up the archived redo log file
3. Run the alter database backup controlfile command to back up and copy files.
Advantages of Hot Backup:
· Backup can be performed at the tablespace or data file level, with a short backup time.
· The database can still be used during Backup.
· It can be restored in seconds (to a specific point in time ).
· Restore almost all database entities.
· Recovery is fast. In most cases, it is restored when the database is still working.
Hot Backup is insufficient:
· No error is allowed; otherwise, the consequences are serious.
· If the hot backup fails, the result cannot be used for restoration at a time point.
· Because it is difficult to maintain, you must be careful not to "end with failure ".
2) Another internal risk-user management and password Problems
As a database administrator, Oracle databases use many methods to enhance the security of databases, including passwords and roles, permissions. Let's start with DBSNMP:
After a typical Oracle database is installed, a user named DBSNMP is automatically created, which runs the Intelligent Agent of the Oracle system ), the user's default password is "DBSNMP ". If you forget to modify the password of this user, anyone can access the database system through this user. Now let's take a look at the permissions and roles that the user has, and analyze the potential losses that the user may cause to the database system.
Start the SQL/PLUS program and use this user to log on:
SQL> select * from session_privs; CREATE SESSION ALTER SESSION UNLIMITED TABLESPACE CREATE TABLE CREATE CLUSTER CREATE SYNONYM CREATE PUBLIC SYNONYM CREATE VIEW CREATE SEQUENCE CREATE DATABASE LINK CREATE PROCEDURE CREATE TRIGGER ANALYZE ANY CREATE TYPE CREATE OPERATOR CREATE INDEXTYPE
It can be seen that this user is not a SYS or SYSTEM management user. However, it has two SYSTEM-level permissions: unlimited tablespace and create public synonym.
When you see these two permissions, you should immediately think that these are security risks, especially unlimited tablespace, which is one of the attack points that damage the database system. If you still think that using this unmodified password to log on to the database will not cause any loss, I have to remind you that the user has the system permission of UNLIMITED TABLESPACE, it can write a small script, and then maliciously fill the system with junk data, so that the database system will not run, and will directly lead to the final paralysis. At present, many database systems require 7x24 jobs. If the system is filled with junk data, the irreparable loss may occur when the database system recovers.
However, apart from DBSNMP, there are many other users. What should I do? Let's take a look at the common user management problems in Oracle databases:
(1) Excessive permissions: Common ORACLE Database Programming and browsing users often have DBA (Database Administrator permission) and can modify or delete the database system.
(2) poor security: Many ORACLE users store data in the system tablespace by default. This not only affects the normal operation of the system, but also affects the data information of different users, which is transparent and has poor confidentiality. With the continuous addition of data, the entire database system may crash.
(3) password regularity: the bad habits of the same username and password formed at the early stage of ORACLE debugging are retained until now. The passwords of SYSTEM users SYS and SYSTEM are also well known.
How can we solve these common "problems? Below are some of my suggestions:
(1) oracle dba (Database Administrator) Specifications
· The password of ORACLE users in the SUN Solaris operating system should be kept strictly confidential and should never be set to ORACLE. A dedicated database administrator should be designated to modify the password on a regular basis.
· The password of the SYS and SYSTEM Administrator created during ORACLE initialization should be changed from the original MANAGER to another string that is hard to remember.
· The Management port of oracle web server can be used by DBAs to browse databases. Therefore, the ADMIN password of the Administrator should be kept confidential and should not be set to MANAGER. A dedicated database administrator should be designated to modify the password on a regular basis.
· It is best for oracle dba to use a window interface to manage the server on the SUN or table store server console. The premise is that the ORACLE user starts the SERVER and then enters SVRMGRM under the window command line, that is, the oracle server manager menu management is started. After logging on as SYSDBA, the database system can be maintained.
(2) SQL * PLUS programming user specifications
· Specifications of the Storage Structure
Considering that SQL * PLUS programming can meet various application requirements of various industries, companies, and departments, our SQL * PLUS programming users should also standardize in this direction: different types of applications must have different users. Different types of applications must have different storage locations, including the creation and planning of physical files, default tablespace, and temporary tablespace: when preparing a large-scale application (from the ORACLE data volume and user-oriented), you should first create a logical storage location-tablespace, define the storage path of the physical file and the size of the disk.
① The default storage path of physical files is/oracle_home/dbs. Run the UNIX Command df-k on the command line to view the usage of the hard disk Resource Partition. If oracle_home has a usage rate of more than 90 ‰ and one or more
Previous Page [1] [2] [3] [4] Next page
The ORACLE tutorial is on Oracle data security. Idle hard disk resource partitions can be used. We 'd better change the default storage path of physical files to the idle hard disk Resource Partition path. In this path, we can plan the storage of resource physical files as follows:
Xxx tablespace
Xxx industry/xxx company/xxx department/xxx service. dbf
DEMO tablespace
Default_datafile_home1/col/elec/sys4/demo1.dbf
Default_datafile_home1/col/elec/sys4/demo2.dbf
Four parts of the company's system are used to simulate the physical files of the system
HUMAN tablespace
Default_datafile_home1/col/elec/human. dbf
Company Personnel Department personnel management system physical files
BOOK tablespace
Default_datafile_home1/col/elec/book. dbf
Company Data room library management system physical files
QUESTION tablespace
Default_datafile_home1/col/elec/client/question. dbf
Company customer service department
PC tablespace
Default_datafile_home1/col/chaoxun/client/pc. dbf
Company PC after-sales service system physical file
...... Tablespace
Default_datafile_home2 /.................................
And so on.
Note: default_datafile_home1 refers to oracle_home/dbs; default_datafile_home2 refers to the idle hard disk Resource Partition path.
② The size of physical files depends on the amount of data in the application system, data objects, and packages. Generally, in a small system used for Simulation Demonstration, the initial physical file of the tablespace can meet the requirement at 2 MB. If the information is full, you can add physical files, expand the tablespace (the size of each expansion can also be set to 2 MB). Generally, the actual application system can increase the initial physical file size of the tablespace, but do not allocate too much space at a time (because it is not easy to recycle space, but it is easy to expand space). This also needs to be analyzed based on the specific situation: applications with large amounts of information and long-time storage can have up to several hundred MB or even up to several GB of space as conditions permit. Applications with small amounts of information and frequent refreshing in the short term, the tablespace can be controlled below 2 MB.
③ The name of a tablespace should be an English character or character abbreviation similar to that used by the system. One or more physical file names corresponding to the tablespace should also be correlated. Different users have different default tablespaces, so the stored information cannot be accessed from each other. This is much more secure than storing all user information in the system tablespace. If you create a user using the oracle web server to manage the port, the default and temporary tablespace must be the system tablespace, And the DBA must remember to change the user's default tablespace. Temporary tablespace stores temporary data segments, processes sorting, merging, and other intermediate operations. You can place them in a specially created tablespace based on actual application requirements. If the system tablespace is large, you can also place them in the system tablespace. It is best to store the data index created by the user separately from the data file in different tablespaces to reduce data contention and improve response speed.
Previous Page [1] [2] [3] [4]
