Oracle database security policy
- 2020-05-24 06:22:56
- OfStack
With the popularization and improvement of computer network application, Oracle database application is changing with each passing day in various fields. It has excellent performance and convenient operation. It is one of the most popular database systems at present. However, with the deepening of the application, the increasing of data information, the security of the database has been mentioned on a 10-point important agenda, it is the database administrator in the daily work of a 10-point concern. As a result of computer software, hardware failure, resulting in the database system can not operate normally, resulting in a large number of data information loss, even make the database system crash. To this end, the author talks about how to ensure the Oracle database has high security and make the database system in a stable and safe state.
Management of user roles
This is an important means to protect the security of the database system. By establishing different user groups and user password verification, it can effectively prevent illegal Oracle users from entering the database system and causing unnecessary trouble and damage. In addition, in the Oracle database, the operation of Oracle users can be restricted by authorization, that is, some users are allowed to access the Oracle server, that is to say, they have the right to read and write to the entire database, while most users can only read and write in the same group or only have the right to read the entire database. Here, special emphasis is placed on the confidential management of SYS and SYSTEM special accounts.
To protect the security of the Oracle server, the ownership of all content in the $ORACLE_HOME/bin directory should be guaranteed to the Oracle user.
In order to strengthen the security of the database in the network, for remote users, they should use encryption method to access the database through the password, and strengthen the control of the DBA permission on the network, such as refusing the remote access of DBA.
Data protection
Database data protection is mainly database backup, when the computer's software and hardware failure, the use of backup database recovery, in order to restore damaged database files or control files or other files.
Another type of data protection is logging. The database instances of Oracle all provide logging to record various operations in the database, including modification and adjustment of parameters, etc. A complete record of all jobs is established within the database.
The second is the backup of the control file, which is generally used to store the state of the physical structure of the database, and some state information in the control file is used to boot the Oracle database during instance recovery and media recovery.
Oracle database backup
In daily work, database backup is an ongoing task for database administrators. Database backup of Oracle 7 can be done in the following ways:
1. Logical backup
Logical backup is to read out the records of a database and write them to a file. This is a frequently used backup method.
● export (export) : this command can back up a data file, a user's data file, or the entire database.
● import (import) : this command reads the dump file created by export into the database system, or to a data file, user, or the entire database.
[NextPage]
2. The physical backup
Physical backup is also a backup method often used by database administrators. It can copy all contents of the Oracle database in a variety of ways, including offline backup and online backup, each with its own advantages, which should be selected in practice according to the specific situation and the state.
● offline backup
The operation is to backup the Oracle database after the normal shutdown of the Oracle database. The backup contents include: database files and tables of all users; All control documents; All log files; Database initialization files, etc. You can take different backup approaches, such as dumping all files onto tape using the tape dump command (tar), or copying all files as-is (copy,rcp) to another backup disk or to another host disk.
● online backup
This backup method is also effective in the sense that it dumps the online log back into the Oracle database and establishes a complete and detailed record of all processes and jobs.
Another benefit of physical backup is that it can dump the Oracle database management system in its entirety. Once a failure occurs, it can be recovered easily and in a timely manner, so as to reduce the trouble caused by the database administrator to reinstall Oracle.
Recovery of the database system
With the above several backup methods, even if the computer failure, such as media damage, software system abnormalities, and other circumstances, also need not panic, can be carried out through the backup of varying degrees of recovery, so that Oracle database system as soon as possible to restore to the normal state.
1. Data file corruption
In this case, you can restore with a recent database file backup, restore the corresponding file in the backup to its original location, and reload the database.
2. Control file corruption
If the control file in the database system is damaged, the database system will not work normally, so just shut down the database system, and then restore the corresponding control file to its original location from the backup, and restart the database system.
3. The entire file system is corrupt
In large operating systems, such as UNIX, unreliable or corrupt media for disks or arrays of disks is a frequent occurrence, resulting in a crash of the entire Oracle database system, which can only:
● reinitialize the disk or disk array to remove invalid or unreliable bad blocks.
● recreate the file system.
● restore the database system completely with a backup.
● start the database system.
The above aspects are the author through the daily work of Oracle database system management and application of 1 point of understanding and experience, in short, there are a lot of security technology and measures to be summarized, so that our database system can be more efficient and safe operation.
[NextPage]
On 1 page