Oracle VPD(Virtual Private Database)就是从数据库层面实现数据访问控制的一种成熟技术。借助VPD,一些已经上线或者不容易进行
在应用系统开发领域,功能权限和数据权限两层权限体系占到了安全功能性需求的大半。除了在应用程序层面进行处理之外,我们其实还可以从数据库层面实现数据权限访问的。
Oracle VPD(Virtual Private Database)就是从数据库层面实现数据访问控制的一种成熟技术。借助VPD,一些已经上线或者不容易进行二次开发的功能可以比较容易的解决。
1、VPD简述
从产品属性来看,Oracle Virtual Private Database(简称VPD)是归属在Oracle安全security框架下的成熟产品。要注意:VPD是企业版Enterprise版本功能,在其他如标准Standard版下是不能使用的。
简单的说,VPD就是介于用户SQL语句和实际执行对象之间的介质层。用户或者应用程序发出的SQL语句在传入到DBMS执行之前,会自动被拦截并且进行额外处理。处理的结果往往反映为在语句where条件中添加特殊的条件式。
例如:数据表T中包括了所有供应商的信息,设计者系统任何SQL语句发送之后,都只能查看到location=’北京’的记录。在没有VPD的情况下,我们必须修改应用程序代码,将location=’北京’加入到所有对应数据表操作SQL语句中。
借助VPD,应用程序不需要修改任何代码。我们只需要在数据库层面设定一个指定策略规则,如果针对某个数据对象表的所有SQL语句,都会调用一个设定的函数。函数自身会返回一个字符串条件,作为补充的where语句条件。
例如:如果我们设定对数据表t的每个Select语句都要添加一个条件object_id
下面我们通过一系列的实验来进行验证演示。
2、环境介绍和配置
我们选择Oracle 11g企业版进行测试。
SQL> select * from v$version;
BANNER
-----------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - Production
PL/SQL Release 11.2.0.4.0 - Production
CORE 11.2.0.4.0 Production
注意:只有在其中明确标注Enterprise Edition才认为是企业版Oracle。否则是标准版。
创建专门用户用于实验。
SQL> create user vpd identified by vpd;
User created
SQL> grant resource, connect to vpd;
Grant succeeded
SQL> grant execute on dbms_rls to vpd;
Grant succeeded
SQL> grant select any dictionary to vpd;
Grant succeeded
在vpd schema下创建数据表T。
SQL> conn vpd/vpd@ora11g;
Connected to Oracle Database 11g Enterprise Edition Release 11.2.0.4.0
Connected as vpd
SQL> create table t as select * from dba_objects;
Table created
SQL> select count(*) from t;
COUNT(*)
----------
86032
目标是使用VPD实现数据隐藏:只有VPD用户查询数据表T才能获取全文,其他schema读取不到其中数据。
3、配置VPD
配置VPD第一步是定义处理函数,我们需要函数的意义是返回一个字符串条件列。在函数中,我们可以根据不同的情况插入自由的逻辑。
针对这个需求,首先需要获取到查询用户的schema名称才能判断。于是,函数为:
SQL> create or replace function f_limit_access
2 (
3 vc_schema varchar2,
4 vc_object varchar2
5 ) return varchar2
6 as
7 vc_userid varchar2(100);
8 begin
9 select SYS_CONTEXT('USERENV','SESSION_USER')
10 into vc_userid
11 from dual;
12
13 if (trim(vc_userid)='VPD') then
14 return '1=1';
15 else
16 return '1=0';
17 end if;
18
19 end;
20 /
Function created
sys_context函数可以获取到当前用户名信息,做出判断。输入参数vc_schema和vc_object是作为调用点,可以逆向插入回去的。
更多详情见请继续阅读下一页的精彩内容:
How does MySQL index cardinality affect query performance?Apr 14, 2025 am 12:18 AMMySQL index cardinality has a significant impact on query performance: 1. High cardinality index can more effectively narrow the data range and improve query efficiency; 2. Low cardinality index may lead to full table scanning and reduce query performance; 3. In joint index, high cardinality sequences should be placed in front to optimize query.
MySQL: Resources and Tutorials for New UsersApr 14, 2025 am 12:16 AMThe MySQL learning path includes basic knowledge, core concepts, usage examples, and optimization techniques. 1) Understand basic concepts such as tables, rows, columns, and SQL queries. 2) Learn the definition, working principles and advantages of MySQL. 3) Master basic CRUD operations and advanced usage, such as indexes and stored procedures. 4) Familiar with common error debugging and performance optimization suggestions, such as rational use of indexes and optimization queries. Through these steps, you will have a full grasp of the use and optimization of MySQL.
Real-World MySQL: Examples and Use CasesApr 14, 2025 am 12:15 AMMySQL's real-world applications include basic database design and complex query optimization. 1) Basic usage: used to store and manage user data, such as inserting, querying, updating and deleting user information. 2) Advanced usage: Handle complex business logic, such as order and inventory management of e-commerce platforms. 3) Performance optimization: Improve performance by rationally using indexes, partition tables and query caches.
SQL Commands in MySQL: Practical ExamplesApr 14, 2025 am 12:09 AMSQL commands in MySQL can be divided into categories such as DDL, DML, DQL, DCL, etc., and are used to create, modify, delete databases and tables, insert, update, delete data, and perform complex query operations. 1. Basic usage includes CREATETABLE creation table, INSERTINTO insert data, and SELECT query data. 2. Advanced usage involves JOIN for table joins, subqueries and GROUPBY for data aggregation. 3. Common errors such as syntax errors, data type mismatch and permission problems can be debugged through syntax checking, data type conversion and permission management. 4. Performance optimization suggestions include using indexes, avoiding full table scanning, optimizing JOIN operations and using transactions to ensure data consistency.
How does InnoDB handle ACID compliance?Apr 14, 2025 am 12:03 AMInnoDB achieves atomicity through undolog, consistency and isolation through locking mechanism and MVCC, and persistence through redolog. 1) Atomicity: Use undolog to record the original data to ensure that the transaction can be rolled back. 2) Consistency: Ensure the data consistency through row-level locking and MVCC. 3) Isolation: Supports multiple isolation levels, and REPEATABLEREAD is used by default. 4) Persistence: Use redolog to record modifications to ensure that data is saved for a long time.
MySQL's Place: Databases and ProgrammingApr 13, 2025 am 12:18 AMMySQL's position in databases and programming is very important. It is an open source relational database management system that is widely used in various application scenarios. 1) MySQL provides efficient data storage, organization and retrieval functions, supporting Web, mobile and enterprise-level systems. 2) It uses a client-server architecture, supports multiple storage engines and index optimization. 3) Basic usages include creating tables and inserting data, and advanced usages involve multi-table JOINs and complex queries. 4) Frequently asked questions such as SQL syntax errors and performance issues can be debugged through the EXPLAIN command and slow query log. 5) Performance optimization methods include rational use of indexes, optimized query and use of caches. Best practices include using transactions and PreparedStatemen
MySQL: From Small Businesses to Large EnterprisesApr 13, 2025 am 12:17 AMMySQL is suitable for small and large enterprises. 1) Small businesses can use MySQL for basic data management, such as storing customer information. 2) Large enterprises can use MySQL to process massive data and complex business logic to optimize query performance and transaction processing.
What are phantom reads and how does InnoDB prevent them (Next-Key Locking)?Apr 13, 2025 am 12:16 AMInnoDB effectively prevents phantom reading through Next-KeyLocking mechanism. 1) Next-KeyLocking combines row lock and gap lock to lock records and their gaps to prevent new records from being inserted. 2) In practical applications, by optimizing query and adjusting isolation levels, lock competition can be reduced and concurrency performance can be improved.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
SublimeText3 Linux new version
SublimeText3 Linux latest version
Dreamweaver Mac version
Visual web development tools
Zend Studio 13.0.1
Powerful PHP integrated development environment
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft
