Oracle Data Security Facial View (2)

xiaoxiao2021-03-06  95

(2) Another hidden danger from the inside - User management and password issues here, in fact, as a similar database administrator is very clear, the Oracle database itself uses many means to enhance the security of the database, often see There is a password, role, permission, etc. Then we start from the simplest dbsnmp: Oralce database If you use a typical installation, a user named dbsnmp is automatically created. The user is responsible for running the intelligent agent of the Oracle system. The user's default password is also " DBSNMP. If you forget to modify the user's password, anyone can access the database system through the user. Now let's take a look at what permissions and roles have, then analyze the loss of the user's possible database system. Start the SQL / PLUS program, use the user to log in to enter:

SQL> SELECT * from SESSION_PRIVS;

Create session

Alter session

Unlimited TableSpace

Create Table

Create Cluster

Create Synonym

Create Public Synonym

Create View

Create sequence

Create Database Link

CREATE Procedure

Create Trigger

Analyze Any

Create Type

Create Operator

Create Indextype

It can be seen that the user is not SYS or SYSTEM management user, however, it has two system level privileges: Unlimited TableSpace and Create Public Synonym. Seeing these two permissions You should think about it, these are safe hidden dangers, especially Unlimited TableSpace, which is one of the attack points of the database system. If you still think that even if someone uses this unmodified password login into the database, I have to remind you: The user has a system permission of UNLIMITED TABLESPACE, which can write a small script. Then maliciously fill the system with spam, so that the database system will not run, and will directly lead to the final paralysis. At present, many database systems require 7x24 work. If there is a case where the system is filled with garbage data, then when the database system recovers, it is probably that the loss of irreparable loss has been caused. However, in addition to dbsnmp, there are many other users, what should I do? Let us first look at the user management issues currently in the Oracle database: (1) Excessive permissions: General users of Oracle database programming and browsing often have DBA (Database Administrator Permissions), can do any modifications to the database system Or delete. (2) Poor security: Many Oracle users default storage locations in system table space, which not only affects the normal operation of the system, but also affects each other, transparent and confidentiality in different users. As the data continues to join, it is possible to make the entire database system crash. (3) Passwords are regular: bad habits consistent with usernames and passwords formed in Oracle debugging, reserved to the present; system users SYS and SYSTEM passwords are well known. I know these popular "wrong", what do we do? Here is some of my suggestions: (1) Oracle DBA (Database Administrator) specification • Sun Solaris operating system The Oracle user password should be strictly confidential, and should never set the password to Oracle; and designate a dedicated database administrator regularly modified . · Oracle initialization established SYS and SYSTEM system administrator user passwords should be changed to other strings that are not easy to be memorable by the original Manager. · Oracle Web Server's management port has the ability to browse the database, so the password of its administrator admin should be confidential, should not set the password into manager; and specify a specialized database administrator regularly modified. · Oracle DBA is best implemented in the Sun SPARC Server console. The premise is the Oracle user launched the server, and then entered the SVRMGRM in the window command line, which launched the Oracle Server Manager menu management; after logging in as SYSDBA, you can do the database system maintenance (2) SQL * Plus programming users Normative and storage structure specification considers that all walks of life, companies, departments, various departments, and our SQL * PLUS programming users should also serve as this direction specification: Different kinds of applications must There are different users; different types of applications must have different storage locations, including physical files, default tablespace, temporary table space creation and planning: When preparing to write a large scale (from Oracle data, Consider) When an application, you should first create a logical storage location-table space, and define the storage path of the physical file and the size of the hard disk.

转载请注明原文地址:https://www.9cbs.com/read-123791.html

New Post(0)