The ORACLE tutorial is: Security Policy of Oracle Database. ---- Oracle is a relational database management system with powerful functions and excellent performance. It plays an important role in today's large database management systems. In the MIS system we developed, the Oracle7.3 database is selected. Under normal circumstances, the Oracle database ensures data security and stability, and provides users with correct data, however, computer system faults (hardware faults, software faults, network faults, and system faults) affect the operations of the database system, data correctness in the database, and even damage the database, if all or part of the data in the database is lost, the entire system will be paralyzed. Therefore, how to ensure the security of the Oracle database has become an important part of the security of the entire MIS system.
---- Oracle database security policies include database backup and recovery, and user role management.
---- 1. structure used for Database Backup
---- Oracle databases use several structures to protect data: database backup, logs, rollback segments, and control files.
---- 1. Database Backup is composed of the operating system backup that makes up the physical files of the Oracle database. When a media fault occurs, the database is restored and the destroyed data files or control files are recovered using backup files.
---- 2. Each Oracle database instance provides logs to record all modifications made in the database. Each running Oracle database instance has an online log, which works with the Oracle background process LGWR and immediately records all modifications made to the instance. Archive (offline) logs are optional. Once an Oracle database instance is filled with online logs, an online log archive file can be formed. Archived online log files are uniquely identified and merged into archived logs.
---- 3. the rollback segment is used to store the old value of the modified value of ongoing transactions (for uncommitted transactions). This information is used to cancel any uncommitted modifications during database recovery.
---- 4. control files are generally used to store the status of the physical structure of the database. Some status information in the control file is used to guide Oracle during instance recovery and media recovery.
---- 2. Online logs
---- Each instance of an Oracle database has an associated online log. An online log consists of multiple online log files. Fill in the online redo log file with the redo entry. The data recorded in the log entry is used to reconstruct all modifications made to the database.
---- 3. Archiving logs
---- Archive an archive log (archived redo log) is created when Oracle wants to archive the filled online log File groups ). It is useful for database backup and recovery:
---- 1. database backup and online and archive log files Ensure that all submitted items can be recovered in the case of operating system and disk faults.
---- 2. When the database is opened and used by the normal system, if the archived logs are permanently saved, they can be used online backup.
---- The database can run in two different ways: NOARCHIVELOG mode or ARCHIVELOG mode. When a database is used in NOARCHIVELOG mode, online logs cannot be archived. If the database runs in ARCHIVELOG mode, you can archive online logs.
---- IV. Oracle backup features
---- Oracle backup includes logical backup and physical backup.
---- 1. Logical backup
---- The logical backup of the database contains reading a database record set and writing the record set to a file.
---- (1) the output can be the entire database, a specified user, or a specified table.
---- (2) input (Import) the binary dump file created by the output is read and executed.
---- 2. Physical backup
---- Physical backup includes copying the files that constitute the database regardless of the logical content.
---- Oracle supports two different types of physical file backup: offline backup and online backup ).
---- (1) offline backup
---- Offline backup is used to back up the following files when the database is shut down normally and the database is in "offline:
All data files
All control files
All online logs
Init. ora (optional)
---- (2) online backup
---- Online backup can be used to back up any database in ARCHIVELOG mode. In this way, online logs are archived and a complete record of all jobs is created in the database.
---- The online backup process has powerful functions. First, a full point-in-time recovery is provided. Second, the database is allowed to be enabled during file system backup.
---- Backup mode features comparison
Method Type recovery features
The Export logic can restore any database object to the output state.
Offline Backups can physically restore the database to the closed state: if the database runs in ARCHIVELOG mode, it can be restored to any time point.
Online Backups physical recovery of databases to any point in time
---- Oracle database role management
---- The basic measures taken by the Oracle database system to manage database security using roles include:
The user name and password are verified to prevent non-Oracle users from registering with the Oracle database and performing illegal access to the database.
Grant the user certain permissions to restrict the user's permission to manipulate the database.
Grant users the permission to access and execute database entities to prevent users from accessing unauthorized data.
Provides a database Entity Access audit mechanism so that the database administrator can monitor the data access and system resource usage in the database.
The view mechanism is used to restrict access to the row and column sets of the base table.
---- Security policies of Oracle databases in MIS instances
---- Oracle Database Backup has three methods, each of which has different recovery features. Therefore, you should integrate database and file system backup, logical backup, and physical backup.
---- 1. Backup Policy
1. At the operating system level, a large disk array is used to automatically distribute each database file on each physical disk through the disk image technology. In this way, when a disk is physically damaged, the operating system will automatically trigger the image disk to replace the invalid disk to ensure the normal operation of the database.
Because we use dual-server, we keep a backup database on the other server. The backup database has the same parameter status as the database in use. In this way, you only need to perform the least necessary restoration in case of database faults, minimizing the recovery time.
Maintain backup of multiple control files on multiple physical disks. The control file is used to guide Oracle during database recovery. Therefore, the backup of multiple control files ensures that available control files can be used for database recovery in the event of a disk failure.
Enables the database to run in ARCHIVELOG mode, and stores archived logs on the Logical Disk of another image.
An online backup operation is performed every night to back up all data files, all archived log files, and one control file.
An Export operation is performed once a week.
---- 2. Recovery Policy
---- 1. instance failed
---- Recovery from instance failure is automatically performed. Instance failure is generally caused by Server failure. When the database instance fails, restart the server, start the database, and check data files and online log files in Oracle, and synchronize all files to the same time point.
---- 2. disk failure
---- If a control file is lost, you only need to close the database and copy it from the place where the control file is retained.
---- If the data file is lost, you can use the online backup of the previous night to restore it. The steps are as follows:
---- 1) store the lost file in the original location from the backup.
---- 2) load the database
---- 3) restore the database
---- 4) Open the database
---- 3. delete or modify objects by mistake
---- In this case, we generally want to trace the time point before the error occurs. This is called time point recovery. Follow these steps:
---- 1) from the current database output (Export), input (Import) to the backup database, so that the backup database is consistent with the current database.
---- 2) scroll forward to the time point before the error occurs.
---- 3) output the logical objects affected by errors from the standby database.
---- 4) use the output file generated in the previous step to input the affected objects to the current database.
---- User role management
---- 1. assign different user roles to all clients according to their work nature.
---- 2. Grant different database object access permissions to different user roles based on their data sources.
---- Based on the above security policies, illegal users can be prevented from accessing the database and the permissions of legal users to manipulate the database can be restricted. In this way, the database will not lose any data after a fault occurs, in addition, the database can be quickly restored to the time point before the fault occurs, ensuring data security and continuous operation of the entire system to the maximum extent.
<