Oracle数据库作为目前最成熟的商业数据库,在稳定其核心功能的同时也针对数量众多的用户群提出了很多安全运维工具解决方案。在数
对于信息系统而言,安全性是至关重要的考量方面。从近年来全球爆发的信息数据泄露引起的广泛关注来看,没有数据的安全,就没有客户持续的信任,也就没有企业的生存空间。
安全威胁是一个综合性的范围。究其要点,是由很多因素构成的,比如广受关注的外界黑客网络攻击。但是,经过统计,我们企业面对的绝大多数情况都是针对数据内部的威胁。很多机密、隐私数据并不是通过“无所不在”的黑客们盗取的,而是就在运维部门、开发部门和业务部门的“内鬼”引起的。
内部安全问题,其实是一个非常矛盾的“非技术”问题。如果不对内部人员放开数据,很多工作是无法完成的。如果对内部人员开放数据,特别是第三方服务商人员,你的数据其实是没有保障的。
当然,很多机构和组织也尝试了一些方法,来应对这样的问题。比如法律上的保密协定、多层审批机制,但是这也只能从一定程度上缓解问题。一种普遍认为比较有用的方法就是职责分开,单人单值。也就是说,一个人一个岗位只让承担一个单一职责,只是接触数据全过程的一个环节。单一工作人员泄密风险是高的,但是整个工作流上所有点,甚至整个团队都泄密的风险是大大降低的。
Oracle数据库作为目前最成熟的商业数据库,在稳定其核心功能的同时也针对数量众多的用户群提出了很多安全运维工具解决方案。在数据层面,Oracle有三个代表新的技术:Virtual Private Database(VPD)、Label Security和Oracle Vault。VPD主要是针对解决应用层面的数据访问需求添加数据访问权限,Label Security是VPD某种程度的拓展升级。而Vault主要是对Oracle数据库的安全职责进行分离,将数据安全责任从用户甚至sys身上剥离出去,进行细粒度的安全责任分配。
1、Oracle Vault简述
Oracle Vault是官方推荐的security策略之一,它主要用于运维机构中对数据的保护。传统意义的Oracle安全是一种“sys上帝”的主宰模型。我们虽然有各种系统、角色和对象权限,虽然各种安全手册要我们使用非sys用户进行维护工作,但是很多数据库管理员还是在使用sys进行所有工作。一些数据防护技术,比如VPD虽然可以实现数据层面的控制,但是对sys也是无效的。
更重要的是一些any类的系统权限,如select any table,一旦赋予,用户其实就控制了所有数据表的数据访问。这个是非常武断的做法,潜藏着很大问题。
在“sys上帝”的前提控制下,这样的局面是控制不住的。因为一些运维操作,如数据备份、导入导出是避免不了高级访问权限的。“要么不做、要么别管”就是我们目前很多运维机构的现状。
Oracle Vault提供了sys用户削权的一种选择。作为Oracle数据库的一个可选组件,Vault是需要额外的文件链接、注册和安装的。安装vault之后,Oracle会去创建一个全新的用户dbvowner,原有的sys对一些数据的操作和访问权限,,也都有进行控制的可能。
Vault中的三个核心要素:Realm(领域)、Factor(因素)和规则(Rule)。从数据对象、操作命令等多个方面来限制或者保护特定的对象。
本系列中,会介绍Oracle Vault的安装、配置和使用方法。首先,我们介绍如何进行vault安装。
2、Oracle Vault前提
默认企业版中,Vault是不会安装的。我们需要手工的进行编译、安装,才能使用。
我们采用Oracle 11gR2进行测试,版本号为11.2.0.4。
SQL> select * from v$version;
BANNER
-----------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - Production
PL/SQL Release 11.2.0.4.0 - Production
CORE 11.2.0.4.0 Production
TNS for Linux: Version 11.2.0.4.0 - Production
NLSRTL Version 11.2.0.4.0 - Production
判断当前vault是否安装,查看v$option视图。
SQL> select * from v$option where parameter like '%Vault%';
PARAMETER VALUE
------------------------- ----------
Oracle Database Vault FALSE
安装配置之前,要将数据库、监听程序、DB Console关闭。
--监听程序
[oracle@SimpleLinux ~]$ lsnrctl stop
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 07-APR-2014 12:41:34
Copyright (c) 1991, 2013, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=SimpleLinux)(PORT=1521)))
The command completed successfully
--Console
[oracle@SimpleLinux ~]$ emctl stop dbconsole
Oracle Enterprise Manager 11g Database Control Release 11.2.0.4.0
Copyright (c) 1996, 2013 Oracle Corporation. All rights reserved.
https://SimpleLinux:1158/em/console/aboutApplication
Stopping Oracle Enterprise Manager 11g Database Control ...
... Stopped.
--Database Server
SQL> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
3、组件编译
Oracle Vault是依赖Label Security,需要在操作系统层面上启动配置。在Linux/Unix环境下,使用make进行配置链接。
Explain the InnoDB Buffer Pool and its importance for performance.Apr 19, 2025 am 12:24 AMInnoDBBufferPool reduces disk I/O by caching data and indexing pages, improving database performance. Its working principle includes: 1. Data reading: Read data from BufferPool; 2. Data writing: After modifying the data, write to BufferPool and refresh it to disk regularly; 3. Cache management: Use the LRU algorithm to manage cache pages; 4. Reading mechanism: Load adjacent data pages in advance. By sizing the BufferPool and using multiple instances, database performance can be optimized.
MySQL vs. Other Programming Languages: A ComparisonApr 19, 2025 am 12:22 AMCompared with other programming languages, MySQL is mainly used to store and manage data, while other languages such as Python, Java, and C are used for logical processing and application development. MySQL is known for its high performance, scalability and cross-platform support, suitable for data management needs, while other languages have advantages in their respective fields such as data analytics, enterprise applications, and system programming.
Learning MySQL: A Step-by-Step Guide for New UsersApr 19, 2025 am 12:19 AMMySQL is worth learning because it is a powerful open source database management system suitable for data storage, management and analysis. 1) MySQL is a relational database that uses SQL to operate data and is suitable for structured data management. 2) The SQL language is the key to interacting with MySQL and supports CRUD operations. 3) The working principle of MySQL includes client/server architecture, storage engine and query optimizer. 4) Basic usage includes creating databases and tables, and advanced usage involves joining tables using JOIN. 5) Common errors include syntax errors and permission issues, and debugging skills include checking syntax and using EXPLAIN commands. 6) Performance optimization involves the use of indexes, optimization of SQL statements and regular maintenance of databases.
MySQL: Essential Skills for Beginners to MasterApr 18, 2025 am 12:24 AMMySQL is suitable for beginners to learn database skills. 1. Install MySQL server and client tools. 2. Understand basic SQL queries, such as SELECT. 3. Master data operations: create tables, insert, update, and delete data. 4. Learn advanced skills: subquery and window functions. 5. Debugging and optimization: Check syntax, use indexes, avoid SELECT*, and use LIMIT.
MySQL: Structured Data and Relational DatabasesApr 18, 2025 am 12:22 AMMySQL efficiently manages structured data through table structure and SQL query, and implements inter-table relationships through foreign keys. 1. Define the data format and type when creating a table. 2. Use foreign keys to establish relationships between tables. 3. Improve performance through indexing and query optimization. 4. Regularly backup and monitor databases to ensure data security and performance optimization.
MySQL: Key Features and Capabilities ExplainedApr 18, 2025 am 12:17 AMMySQL is an open source relational database management system that is widely used in Web development. Its key features include: 1. Supports multiple storage engines, such as InnoDB and MyISAM, suitable for different scenarios; 2. Provides master-slave replication functions to facilitate load balancing and data backup; 3. Improve query efficiency through query optimization and index use.
The Purpose of SQL: Interacting with MySQL DatabasesApr 18, 2025 am 12:12 AMSQL is used to interact with MySQL database to realize data addition, deletion, modification, inspection and database design. 1) SQL performs data operations through SELECT, INSERT, UPDATE, DELETE statements; 2) Use CREATE, ALTER, DROP statements for database design and management; 3) Complex queries and data analysis are implemented through SQL to improve business decision-making efficiency.
MySQL for Beginners: Getting Started with Database ManagementApr 18, 2025 am 12:10 AMThe basic operations of MySQL include creating databases, tables, and using SQL to perform CRUD operations on data. 1. Create a database: CREATEDATABASEmy_first_db; 2. Create a table: CREATETABLEbooks(idINTAUTO_INCREMENTPRIMARYKEY, titleVARCHAR(100)NOTNULL, authorVARCHAR(100)NOTNULL, published_yearINT); 3. Insert data: INSERTINTObooks(title, author, published_year)VA
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Atom editor mac version download
The most popular open source editor
SublimeText3 Linux new version
SublimeText3 Linux latest version
SublimeText3 Mac version
God-level code editing software (SublimeText3)
SublimeText3 English version
Recommended: Win version, supports code prompts!
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
