計算機外文翻譯--數(shù)據(jù)庫安全(參考版)
2025-05-16 17:20本頁面
【正文】 system promise. A backup copy of the database may be stored on the server, and thus facilitates access to the data indirectly. There is a simple solution to the problem identified above. SQL 2020 can be configured to use password protection for backups. If the backup is created with password protection, this password must be used when restoring the password. This is an effective and unplicated method of stopping simple capture of backup data. It does however mean that the password must be remembered! ◆ Current trends There are a number of current trends in IT security, with a number of these being linked to 畢業(yè)設(shè)計(文獻(xiàn)翻譯) 第 7 頁 database security. The focus on database security is now attracting the attention of the attackers. Attack tools are now available for exploiting weaknesses in SQL and Oracle. The emergence of these tools has raised the stakes and we have seen focused attacks against specific data base ports on servers exposed to the Inter. One mon theme running through the security industry is the focus on application security, and in particular bespoke Web applications. With he functionality of Web applications being more and more plex, it brings the potential for more security weaknesses in bespoke application code. In order to fulfill the functionality of applications, the backend data stores are monly being used to format the content of Web pages. This requires more plex coding at the application end. With developers using different styles in code development, some of which are not as security conscious as other, this can be the source of exploitable errors. SQL injection is one such hot topic within the IT security industry at the moment. Discussions are now monplace among technical security forums, with more and more ways and means of exploiting databases ing to light all the time. SQL injection is a misleading term, as the concept applies to other databases, including Oracle, DB2 and Sybase. ◆ What is SQL Injection? SQL Injection is simply the method of munication with a database using code or mands sent via a method or application not intended by the developer. The most mon form of this is found in Web applications. Any user input that is handled by the application is a mon source of attack. One simple example of mishandling of user input is highlighted in Figure 1. Many of you will have seen this mon error message when accessing web sites, and often indicates that the user input has not been correctly handled. On getting this type of error, an attacker will focus in with more specific input strings. Specific securityrelated coding techniques should be added to coding standard in use within your organization. The damage done by this type of vulnerability can be far reaching, though this depends on the level of privileges the application has in relation to the the application is accessing data with full administrator type privileges, then maliciously run mands will also pick up this level of access, and system promise is inevitable. Again this issue is analogous to operating system security principles, where programs should only be run with the minimum of permissions that is requi
畢業(yè)設(shè)計相關(guān)推薦
鄂ICP備17016276號-1