Database security includes two aspects: system operation security and system information security. Protection technologies for database security include: database encryption (core data storage encryption), database firewall (anti-vulnerability, anti-attack), data desensitization (anonymization of sensitive data), etc.
Database security includes two levels of meaning:
The first level refers to system operation Security, system operation security is usually threatened as follows. Some network criminals invade the computer through the network, LAN, etc., causing the system to fail to start normally, or overloading the machine to run a large number of algorithms, and turning off the CPU fan, causing the CPU to overheat. Burning and other destructive activities;
The second layer refers to system information security. The threats to system security are usually as follows: hackers invade the database and steal the desired information. The security features of database systems are mainly for data, including data independence, data security, data integrity, concurrency control, fault recovery and other aspects.
Database security protection technologies include: database encryption (core data storage encryption), database firewall (anti-vulnerability, anti-attack), data desensitization (anonymization of sensitive data), etc.
Security issues:
Information leakage shows two trends:
(1) Hackers use B/S applications, Use the Web server as a springboard to steal data from the database; traditional solutions do not have any control over application access and database access protocols. For example, SQL injection is a typical database hacker attack method.
(2) Data leakage often occurs internally, and a large number of operation and maintenance personnel are directly exposed to sensitive data. Traditional network security solutions that focus on external prevention have lost their use.
The database has become the protagonist in these leaks. This is related to the fact that we have ignored database security issues in traditional security construction. In the traditional information security protection system, the database is at the core of protection and is not easily exposed to external threats. Hacker attacks, and the database itself already has powerful security measures, which seems safe enough on the surface, but this traditional security defense idea has fatal flaws.
Features
The security features of the database system are mainly for data, including data independence, data security, and data integrity. , concurrency control, fault recovery and other aspects. The following introduces them respectively
Data independence
Data independence includes two aspects: physical independence and logical independence. Physical independence means that the user's application program and the data in the database stored on the disk are independent of each other; logical independence means that the user's application program and the logical structure of the database are independent of each other.
Data Security
Objects in the operating system are generally files, and the application requirements supported by the database are more sophisticated. Usually a relatively complete database takes the following measures for data security:
(1) Separate the parts of the database that need to be protected from other parts.
(2) Adopt authorization rules, such as account, password and permission control and other access control methods.
(3) Encrypt the data and store it in the database.
Data integrity
Data integrity includes the correctness, validity and consistency of data. Correctness means that the input value of the data is of the same type as the corresponding field of the data table; validity means that the theoretical value in the database meets the constraints of the value segment in real applications; consistency means that the same data used by different users should be the same of. To ensure data integrity, it is necessary to prevent legitimate users from adding unsemantic data to the database when using the database.
Concurrency control
If a database application wants to realize multi-user sharing of data, multiple users may want to access data at the same time. This kind of event is called a concurrent event. When a user retrieves data for modification, if another user retrieves the data before the modification is stored in the database, the read data will be incorrect. At this time, it is necessary to control this concurrent operation, eliminate and avoid such errors, and ensure the correctness of the data.
Fault recovery
The database management system provides a set of methods to detect and repair faults in a timely manner, thereby preventing data from being damaged. The database system can recover as quickly as possible from failures that occur when the database system is running, which may be physical or logical errors. For example, data errors caused by misoperation of the system, etc.
Recommended learning: "Database Video Tutorial"
The above is the detailed content of What are the two aspects of database security?. For more information, please follow other related articles on the PHP Chinese website!