With the popularity of the computer and the development of the network, the database is no longer just the topics of those programmers. The Oracle database is characterized by excellent performance, flexible operation, has occupied a place in the market. However, as the continuous improvement of network technology, data security is increasing, data security is no longer the previous "old growth talk", and it is not the previous book "The" desirable "strip box.
Perhaps a long time ago, everyone felt that the security of the Oracle database did not have a hidden danger, because Oracle's slogan raised when promoting its database software in November last year is "only Oracle9i can do absolute security". But no matter how this is to promote, in order to expand awareness, in December last year, the British security expert David Litchfield discovered in the 9ias error caused by buffer overflow vulnerabilities and later, Pentest Limited and Eeye Digital Security respective A small vulnerability, all people who use Oracle's products are not nervous, the original relaxed brain - this for the user, after all, it is related to his own "home life."
The author will take you into the world of Oracle data security. Since the author level is limited, it is inevitable, I hope everyone will enlighten me.
(1) Some basic common sense of the Oracle database
Here is just to lay some foundations for future safety, because we should use them later. Ha ha ~!
1. The components included in Oracle
In Oracle, the database refers to the entire Oracle RDBMS environment, which includes the following components:
· Oracle Database Process and Buffer (instance).
• The System table space contains a centralized system category that can be constructed of one or more data files.
· Other tablespaces defined by the Database Administrator (DBA) (optional), each consisting of one or more data files.
· More than two online recovery logs.
· Archive recovery log (optional).
· Other files (control files, init.ora, config.ora, etc.).
Each Oracle database runs on a central system category and data dictionary, which is located in the System tablespace.
2. About "log"
Oracle Database Use several structures to protect data: database reserve, logs, rollback segments, and control files. Below we will generally understand the "log" as one of the main structures:
Each Oracle database instance provides a log, and all modifications made in the database. Each running Oracle database instance has an online log, which works with the Oracle background process LGWR and immediately records all modifications made by this instance. Archive (offline) log is optional, an Oracle Database Instance Once the online log is filled, the online log archive can be formed. The archived online log files are uniquely identified and merged into archive logs.
· About Online Log: Each instance of an Oracle database has a associated online log. A online log consists of multiple online log files. Online Redo Log File fills in the log entry (Redo Entry), the data recorded by the log entry is used to refactor all modifications to the database.
· About archiving log: Oracle To make an archive log (Archived Redo Log) when you archive the filled online log file group. It has the following uses for database backups and recovery:
<1> Database Backup and Online and Archive Log Files, which can ensure that all submitted things can be recovered in the operating system and disk failure.
<2> Under the use of the database open and normal system, if the archive log is permanently saved, the online backup can be made and used. The database can run in two different ways: noarchiveLog mode or ArchiveLog mode. The database cannot be filed in the NOARCHIVELOG mode. If the database is running in the ArchiveLog mode, the archive of the online log can be implemented.
3. Physical and logical storage structure
Oracle RDBMS is composed of table space, while tablespace is composed of data files. The tablespace data file is formatted into internal block units. The size of the block is set by DBA when it is created in Oracle, can be varied within 512 to 8192 bytes. When an object is created in the Oracle table space, the user uses a unit called the length (initial eXtent), next eXtent, minimum length (min extents), and max extents) To indicate the space size of the object. The size of an Oracle length can vary, but a chain consisting of at least five consecutive blocks.
(2) Maintenance of Oracle Data Security
I remember that a philosopher said: "The changes in things are inseparable from the internal factors." Then, for the topics of Oracle data security, it is also divided into two parts and "outside". So well, we will start from "inside":
1. Start from the Oracle system itself
Let's take an excitement of "Hacker" and some other external reasons, let's think about our database. What hard drive is damaged, what software is damaged, what is the operation ... A series of system issues caused by our "negligence" can completely let our data in the database will not return. So, we will find the reason from yourself.
[1] Solving the method of system itself - the backup and recovery of the database
· Backup of the database:
About the backup of the Oracle database, there are three measures: Export / Import (Export / Import), cold backup, hot spare. Export backup is a logical backup, a cold backup and a hot backup is a physical backup.
<1> Export / Import (Export / Import)
Using EXPORT to extract data from the database, you can send the extracted data back into the Oracle database using Import.
a. Simple Export Data (Export) and Import Data (Import)
Oracle supports three types of output:
(1) Table mode (T method) export the data of the specified table.
(2) User mode (U mode), export all objects and data of the specified user.
(3) The full warehouse (FULL mode), export all objects in the database.
The process of data derivation is the inverse process of the data import (export), and their data flows are different.
b. Incremental export / import
Incremental export is a commonly used data backup method, which can only be implemented throughout the database and must be used as system. When performing such export, the system does not request an answer any questions. Export file name defaults to export.dmp, if you do not want your own output file to be named Export.dmp, you must point out the file name you want to use in the command line.
Incremental export includes three types:
(1) "Complete" incremental export (Complete) back up the entire database, such as:
$ Exp system / manager incy = complete file = 990702.dmp
(2) "incremental" incremental export
Back up the data changed after the last backup. such as:
$ Exp system / manager incy = incremental file = 990702.dmp
(3) "Cumulative" incremental export (cumulative)
The cumulative export method is just the information that changes in the database after the last "complete" export. such as:
$ Exp system / manager incy = cumulative file = 990702.dmp
Database administrators can schedule a backup schedule that is completely efficient and efficiently completed by three different ways of data. For example, the backup task of the database can be arranged as follows:
· Monday: Completely export (a)
· Tuesday: Increment Export (B)
· Wednesday: Incremental Export (C)
· Thursday: Increment Export (D)
· Friday: Cumulative Export (E)
· Saturday: Incremental Export (F)
· Sunday: Incremental Export (G)
If on Sunday, the database is accidentally destroyed, and the database administrator can restore the database as follows:
The first step: regenerate the database structure with the command Create Database;
Step 2: Create a sufficiently big additional reflection.
Step 3: Full incremental import A:
$ IMP System./Manager Inctype = Rectore Full = Y File = A
Step 4: Accumulated incremental import E:
$ IMP System / Manager Inctype = Rector Full = Y File = E
Step 5: Recent incremental import f:
$ IMP System / Manager InctYpe = Restore Full = Y File = f
<2> Cold backup
The cold backup occurs in the case where the database has been properly closed, and it will be given to us a complete database when properly turned off. Cold backup is a statement that copies a key file to an additional location. For backup Oracle information, cold backup is the fastest and safest way. The advantage of the cold backup is:
· It is a very fast backup method (only copy file)
· Easy to archive (simple copy)
· Easy to recover to a point in time (just copy the file back)
· Combine with the archive method, making the database "Latest Status" recovery.
· Low maintenance, high security.
But the cold backup also has the following deficiencies:
· When used alone, only the recovery of "at a time point" is available.
· In implementing the full process of the backup, the database must be prepared for a backup without making it. That is, during the cold backup process, the database must be closed.
· If the disk space is limited, only other external storage devices such as tape can be copied, and the speed will be very slow.
· You can't be restored in form or by user.
If possible (mainly efficient), the information should be backed up to the disk, then start the database (user can work) and copy the backed up to the tape (copy, the database can also work). Documents that must be copied in the cold backup include: • All data files
· All control files
· All online redo log files
· Init.ora file (optional)
It is worth noting that the cold backup must be performed in the case where the database is closed. When the database is open, the execution database file system backup is invalid.
Here is a complete example of making cold backup:
(1) Turn off the database $ sqldba lmode = y
Sqldba> Connect Internal;
Sqldba> shutdown normal;
(2) Back up all of the time files, redo log files, control files, and initialize parameter files
SQLDBA>! CP
(3) Restart Oracle Database
$ SQLDBA LMODE = Y
Sqldba> Connect Internal;
Sqldba> Startup;
<3> Hot spare
Thermal backup is a method of backing up data using ArchiveLog MODE mode in the case of a database operation. So, if you have a cold backup yesterday and today's hot backup documents, you can use this information to restore more information when there is a problem. The hot backup requires the database to operate in the ArchiveLog mode and require a lot of file space. Once the database is running in ArchiveLog, you can make a backup. The command file of the hot spare is consisting of three parts:
1. Data file A tablespace backup backup.
(1) Set the table space to back up status
(2) Data file of backup table space
(3) Recovery table space is normal
2. Backup archive log file.
(1) Temporary stop archiving process
(2) Log under the file in the Archive Redo Log Target Directory
(3) Restart the Archive process
(4) Backup archived redo log file
3. Use the alter database backup controlfile command to back up the copy file
The advantage of hot backup is:
· You can backup in the table space or data file level, the backup time is short.
• The database can still be used when backed up.
· Advertising secondary recovery (restored to a point in time).
· Recovery for almost all database entities.
· Recovery is fast, and in most cases, it is restored when the database is still working.
The lack of hot spare is:
· It can't be wrong, otherwise the consequences are serious.
· If the hot backup is unsuccessful, the result is not available for time point recovery.
· Because it is difficult to maintain, it is necessary to carefully carefully, and "endlessly end" is allowed. "
(2) Another hidden danger from the inside - User management and password issues here, in fact, as a similar database administrator is very clear, the Oracle database itself uses many means to enhance the security of the database, often see There is a password, role, permission, etc. Then we start from the simplest dbsnmp: Oralce database If you use a typical installation, a user named dbsnmp is automatically created. The user is responsible for running the intelligent agent of the Oracle system. The user's default password is also " DBSNMP. If you forget to modify the user's password, anyone can access the database system through the user. Now let's take a look at what permissions and roles have, then analyze the loss of the user's possible database system. Start the SQL / PLUS program, use the user to log in to enter: SQL> Select * from session_privs;
Create session
Alter session
Unlimited TableSpace
Create Table
Create Cluster
Create Synonym
Create Public Synonym
Create View
Create sequence
Create Database Link
CREATE Procedure
Create Trigger
Analyze Any
Create Type
Create Operator
Create Indextype
It can be seen that the user is not SYS or SYSTEM management user, however, it has two system level privileges: Unlimited TableSpace and Create Public Synonym. Seeing these two permissions You should think about it, these are safe hidden dangers, especially Unlimited TableSpace, which is one of the attack points of the database system. If you still think that even if someone uses this unmodified password login into the database, I have to remind you: The user has a system permission of UNLIMITED TABLESPACE, which can write a small script. Then maliciously fill the system with spam, so that the database system will not run, and will directly lead to the final paralysis. At present, many database systems require 7x24 work. If there is a case where the system is filled with garbage data, then when the database system recovers, it is probably that the loss of irreparable loss has been caused. However, in addition to dbsnmp, there are many other users, what should I do? Let us first look at the user management issues currently in the Oracle database: (1) Excessive permissions: General users of Oracle database programming and browsing often have DBA (Database Administrator Permissions), can do any modifications to the database system Or delete. (2) Poor security: Many Oracle users default storage locations in system table space, which not only affects the normal operation of the system, but also affects each other, transparent and confidentiality in different users. As the data continues to join, it is possible to make the entire database system crash. (3) Passwords are regular: bad habits consistent with usernames and passwords formed in Oracle debugging, reserved to the present; system users SYS and SYSTEM passwords are well known. I know these popular "wrong", what do we do? Here is some of my suggestions: (1) Oracle DBA (Database Administrator) specification • Sun Solaris operating system The Oracle user password should be strictly confidential, and should never set the password to Oracle; and designate a dedicated database administrator regularly modified . · Oracle initialization established SYS and SYSTEM system administrator user passwords should be changed to other strings that are not easy to be memorable by the original Manager. · Oracle Web Server's management port has the ability to browse the database, so the password of its administrator admin should be confidential, should not set the password into manager; and specify a specialized database administrator regularly modified. · Oracle DBA is best implemented in the Sun SPARC Server console. The premise is the Oracle user launched the server, and then entered the SVRMGRM in the window command line, which launched the Oracle Server Manager menu management; after logging in as SYSDBA, you can do the database system maintenance (2) SQL * Plus programming users Normative and storage structure specification considers that all walks of life, companies, departments, various departments, and our SQL * PLUS programming users should also serve as this direction specification: Different kinds of applications must There are different users; different types of applications must have different storage locations, including physical files, default tablespace, temporary table space creation and planning: When preparing to write a large scale (from Oracle data, Consider) When an application, you should first create a logical storage location-table space, and define the storage path of the physical file and the size of the hard disk.
