計算機外文翻譯--數(shù)據(jù)庫安全-閱讀頁
2025-06-05 17:20本頁面
【正文】 s does not mean that there are not still a large number of insecure works out there). As such, the focus is expanding to consider technologies such as databases with a more critical eye. ◆ Common sense security Before we discuss the issues relating to database security it is prudent to high light the necessity to secure the underlying operating system and supporting technologies. It is not worth spending a lot of effort securing a database if a vanilla operating system is failing to provide a secure basis for the hardening of the data base. There are a large number of excellent documents in the public domain detailing measures that should be employed when installing various operating systems. One mon problem that is often encountered is the existence of a database on the same server as a web server hosting an Inter (or Intra) facing application. Whilst this may save the cost of purchasing a separate server, it does seriously affect the security of the solution. Where this is identified, it is often the case that the database is openly connected to the Inter. One recent example I can recall is an Apache Web server serving an organizations Inter offering, with an Oracle database available on the Inter on port 1521. When investigating this issue further it was discovered that access to the Oracle server was not protected (including lack of passwords), which allowed the server to be stopped. The database was not required 畢業(yè)設(shè)計(文獻翻譯) 第 6 頁 from an Inter facing perspective, but the use of default settings and careless security measures rendered the server vulnerable. The points mentioned above are not strictly database issues, and could be classified as architectural and firewall protection issues also, but ultimately it is the database that is promised. Security considerations have to be made from all parts of a public facing work. You cannot rely on someone or something else within your organization protecting your database from exposure. ◆ Attack tools are now available for exploiting weaknesses in SQL and Oracle I came across one interesting aspect of database security recently while carrying out a security review for a client. We were performing a test against an intra application, which used a database back end (SQL) to store client details. The security review was proceeding well, with access controls being based on Windows authentication. Only authenticated Windows users were able to see data belonging to them. The application itself seemed to be handling input requests, rejecting all attempts to access the data base then happened to e across a backup of the application in the office in which we were working. This media contained a backup of the SQL database, which we restored onto our laptop. All security controls which were in place originally were not restored with the database and we were able to browse the plete database, with no restrictions in place to protect the sensitive data. This may seem like a contrived way of promising the security of the system, but does highlight an important point. It is often not the direct approach that is taken to attack a target, and ultimately the endpoint is the
畢業(yè)設(shè)計相關(guān)推薦
鄂ICP備17016276號-1