SQL Server database security control policy (1)

Introduction

Database Security refers to protecting the database to prevent data leaks, changes or damages caused by illegal use. Whether the system security protection measures are effective is one of the main indicators of the database system. The security of databases is closely related to and supported by computer systems, including operating systems and network systems.

For database management, protecting data from internal and external attacks is an important task. Microsoft SQL Server is increasingly widely used in internal and external departments. As SQL ServerSQL Server, it is the database system administrator of Microsoft SQL Server, you need to have a thorough understanding of SQL Server's security control policies to achieve management security goals.

The SQL Server security control policy is provided. As shown in the figure, SQL Server's security control policy is a collection of hierarchical systems. You can enter the next layer only after the security requirements of the previous system are met.

: SQL Server Security Control Policy SQL Server security control policies at different layers are implemented through Identity Authentication of security control systems at different layers. Identity Authentication refers to the process in which the system confirms the account and password of the user when the user accesses the system. The authentication content includes verifying whether the user's account is valid, whether the user can access the system, and what data can access the system. The authentication method is used by the system to confirm the user. The SQL Server System is based on the Windows NT/2000 operating system. Currently, the SQL Server system can be installed on Windows 95 and the Winsock upgrade software must be installed), Windows 98, and Windows ME, there will be no security control for the first and second layers), but the old SQL Servers system can only run on Windows NT/2000 operating systems. Windows NT/2000 has its own authentication method. You must provide your own username and password to access Windows NT/2000. In this way, the SQL Server security system can be implemented in two ways on any Server: SQL Server and Windows) and Windows Only ). Access to the Windows NT/2000 system depends on the settings of the SQL Server authentication method.

1. user identification and verification

User identification and verification are the outermost security measures provided by the system. The method is provided by the system to allow users to identify their own names or identities. Each time a user requests to enter the system, the system checks and passes the authentication before providing the right to use the machine.

If you want to use the database, the database management system also needs to identify and authenticate users who have obtained the permission to access the machine.

There are many methods for user identification and authentication, and in a system, multiple methods are often used simultaneously to obtain stronger security. Common methods include:

Use a user name or user identification number to indicate the user's identity. The system records the identities of all valid users. If the user is verified by the system, you can proceed to the next step. If not, you cannot use the system.

To further verify the user, the system usually requires the user to enter the Password ). For the sake of confidentiality, the password entered by the user on the terminal is not displayed on the screen. The system checks the password to verify the identity of the user.

The user identification and authentication correspond to the Windows NT/2000 Logon account and password, and the SQL Server User Logon account and password.

2. SQL Server Authentication Method

You must use a Logon account to connect to SQL Server. SQL Server can identify two types of Authentication methods: SQL Server Authentication (SQL Server Authentication) and Windows Authentication (Windows Authentication. The structure 2 of the two methods is shown in. Both methods have their own Logon account type.

: SQL Server Authentication Method

Note that if you use the Personal version of SQL Server on Microsoft Windows95/98/ME, the Microsoft Windows95/98/ME system hosted by SQL Server can only log on to SQL Server. Therefore, Windows NT/2000 authentication, domain user accounts, and domain group accounts are unavailable.

When SQL Server authentication is used, the SQL Server System Administrator defines the SQL Server account and password. When you connect to SQL Serve, you must provide the Logon account and password. When Windows authentication is used, the Windows NT/2000 account or group controls the user's access to the SQL Server system. In this case, you do not have to provide the SQL Server Login account and password to connect to the system. However, before the user connects, the SQL Server System Administrator must define the Windows NT/2000 account or Windows NT/2000 group as the valid logon account of SQL Server.