Oracle Data Security Facial View (1)

xiaoxiao2021-03-06  103

With the popularity of the computer and the development of the network, the database is no longer just the topics of those programmers. The Oracle database is characterized by excellent performance, flexible operation, has occupied a place in the market. However, as the continuous improvement of network technology, data security is increasing, data security is no longer the previous "old growth talk", and it is not the previous book "The" desirable "strip box. Perhaps a long time ago, everyone felt that the security of the Oracle database did not have a hidden danger, because Oracle's slogan raised when promoting its database software in November last year is "only Oracle9i can do absolute security". But no matter how this is to promote, in order to expand awareness, in December last year, the British security expert David Litchfield discovered in the 9ias error caused by buffer overflow vulnerabilities and later, Pentest Limited and Eeye Digital Security respective A small vulnerability, all people who use Oracle's products are not nervous, the original relaxed brain - this for the user, after all, it is related to his own "home life." The author will take you into the world of Oracle data security. Since the author level is limited, it is inevitable, I hope everyone will enlighten me. (1) Some basic common sense of the Oracle database is just to lay a foundation for future safety, because we should use them later. Ha ha ~! 1. The component contained in Oracle, the database refers to the entire Oracle RDBMS environment, which includes the following components: • Oracle Database Process and Buffer (instance). • The System table space contains a centralized system category that can be constructed of one or more data files. · Other tablespaces defined by the Database Administrator (DBA) (optional), each consisting of one or more data files. · More than two online recovery logs. · Archive recovery log (optional). · Other files (control files, init.ora, config.ora, etc.). Each Oracle database runs on a central system category and data dictionary, which is located in the System tablespace. 2. About "Log" Oracle Database Use several structures to protect data: database reserve, log, rollback segment, and control files. Below we will generally understand the "log" as one of the main structures: Each Oracle database instance provides logs, and all modifications made in the database. Each running Oracle database instance has an online log, which works with the Oracle background process LGWR and immediately records all modifications made by this instance. Archive (offline) log is optional, an Oracle Database Instance Once the online log is filled, the online log archive can be formed. The archived online log files are uniquely identified and merged into archive logs. · About Online Log: Each instance of an Oracle database has a associated online log. A online log consists of multiple online log files. Online Redo Log File fills in the log entry (Redo Entry), the data recorded by the log entry is used to refactor all modifications to the database. · About archiving log: Oracle To make an archive log (Archived Redo Log) when you archive the filled online log file group.

It has the following use: <1> database reserve and online and archive log files, which can be restored in the operating system and disk failure. <2> Under the use of the database open and normal system, if the archive log is permanently saved, the online backup can be made and used. The database can run in two different ways: noarchiveLog mode or ArchiveLog mode. The database cannot be filed in the NOARCHIVELOG mode. If the database is running in the ArchiveLog mode, the archive of the online log can be implemented. 3. Physical and logical storage structure Oracle RDBMS is composed of table space, while tablespace is composed of data files. The tablespace data file is formatted into internal block units. The size of the block is set by DBA when it is created in Oracle, can be varied within 512 to 8192 bytes. When an object is created in the Oracle table space, the user uses a unit called the length (initial eXtent), next eXtent, minimum length (min extents), and max extents) To indicate the space size of the object. The size of an Oracle length can vary, but it is necessary to include a chain consisting of at least five consecutive blocks. (2) Oracle data security maintenance remember that a philosopher said: "things Change is inseparable from the internal causes and external causes. "So for the topic of Oracle data security, it is bound to be" within "and" outside ". So well, we will start from" inner ": 1. From the Oracle system itself, let us first throw away the "Hacker" and some other external reasons, let's think about our database. What hard drive is damaged, what software is damaged, what operations ... a series The system issues caused by our "negligence" can completely let our data in the database will not return. So, we will first find the reason from ourselves. [1] Solving the system itself - Database backup and recovery • Backup of the database: About the backup of the Oracle database, there are three measures: export / import (export / import), cold backup, hot backup. Export backup is a logic backup, cold backup and Thermal spare is a physical backup. <1> Export / Import (Export / Import) Using EXPORT to extract data from the database, use imported to send the extracted data back to the Oracle database. A. Simple export data ( EXPORT and Import Data (import) Oracle supports three types of output: (1) Table mode (T method), exporting the data of the specified table. (2) User mode (U mode), all objects of the user, Data Export. (3) Full Book Mode (Full Mode) Export all objects in the database. Data Export (IMPORT) procedure is the reverse process of data import (Export), and their data flow is different. B. Incremental export / Imported incremental export is a commonly used data backup method, which can only be implemented throughout the database, and must be exported as system. When this export is performed, the system does not require an answer any questions.

Export file name defaults to export.dmp, if you do not want your own output file to be named Export.dmp, you must point out the file name you want to use in the command line. Incremental exports include three types: (1) "complete" incremental export (Complete) back up the entire database, such as $ exp system / manager incy = complete file = 990702.dmp (2) "incremental" increment Export data changed after backup on the previous backup. For example: $ expressal file = 990702.dmp (3) "Cumulative" Accumulated DVD is only the information that changes in the database after the last "complete" export. For example: $ exp system / manager incy = cumulative file = 990702.dmp database administrator can schedule a backup schedule, complete and efficiently completely efficiently efficiently and efficiently using three different ways of data. For example, the backup task of the database can be arranged as follows: Export (E) · Saturday: Increment Export (F) · Sunday: Increment Export (G) If on Sunday, the database is accidentally destroyed, the database administrator can restore the database as follows: Step 1: Use command CREATE Database regenerates the database structure; Step 2: Create a large enough additional reflection. Step 3: Fully incremental imports A: $ IMP System./Manager InctYpe = Rectore Full = Y File = A Step 4: Cumulative Incremental Import E: $ IMP System / Manager IncTyPe = Rectore Full = Y File = E Five steps: Recent incremental import F: $ IMP System / Manager Incty = Restore Full = Y File = F <2> The cold backup cold backup occurs in the case where the database has been properly closed, and will be provided to us when properly closed. Database. Cold backup is a statement that copies a key file to an additional location. For backup Oracle information, cold backup is the fastest and safest way. The advantage of the cold backup is: · It is a very fast backup method (copy file only) · Easy to archive (simple copy) · Easy to return to a point in time (just copy the file back) · The method is combined, making the recovery of the database "latest state". · Low maintenance, high security.

However, the cold backup also has the following deficiencies: • When used alone, only the recovery of "a certain point in time" is available. · In implementing the full process of the backup, the database must be prepared for a backup without making it. That is, during the cold backup process, the database must be closed. · If the disk space is limited, only other external storage devices such as tape can be copied, and the speed will be very slow. · You can't be restored in form or by user. If possible (mainly efficient), the information should be backed up to the disk, then start the database (user can work) and copy the backed up to the tape (copy, the database can also work). Documents that must be copied in the cold backup include: • All data files • All Control Files • All online redo log files · init.ora file (optional) is worth noting that the cold backup must be performed in the database shutdown, when the database is in When opening the state, execute the database file system backup is the complete example of being a cold backup: (1) Turn off the database $ sqldba lmode = y sqldba> connection normal; (2) Back up all of the copies Time file, redo log file, control file, initialization parameter file SQLDBA>! CP (3) Restart Oracle Database $ SQLDBA LMODE = Y Sqldba> Connect Internal; SqlDBA> Startup; <3> Hot Backup Thermal backup is a method of backing up data using ArchiveLog MODE mode in the case of a database operation. So, if you have a cold backup yesterday and today's hot backup documents, you can use this information to restore more information when there is a problem. The hot backup requires the database to operate in the ArchiveLog mode and require a lot of file space. Once the database is running in ArchiveLog, you can make a backup. The command file of the hot spare is consisting of three parts: 1. Data file A tablespace backup backup. (1) Setting the table space to back up status (2) Backup tablespace data file (3) recovery table space is normal 2. Backup archive log file. (1) Temporary Stop Archive Process (2) Logs Under the Archive Redo Log Directory (3) Restart the Archive Process (4) Backup Archive Archive Archive Archive Archive. The advantage of backing up the copy file hot backup with the Alter Database Backup ControlFile command is: • The backup time is short in the tablespace or data file level backup. • The database can still be used when backed up. · Advertising secondary recovery (restored to a point in time). · Recovery for almost all database entities. · Recovery is fast, and in most cases, it is restored when the database is still working. The short supply of hot spare is: · It is not wrong, otherwise the consequences are serious.

转载请注明原文地址:https://www.9cbs.com/read-123792.html

New Post(0)