外文文献—WEB环境下SQL Server数据库安全策略研究.doc

附录一WEB environment SQL Server database security strategy researchAlong with the development of the Internet network and expands, more and more application system uses Windows series of operating system as the Server, SQL Server for the backed database Server. According to WEB environment SQL Server various security problems are analyzed, and the effective solution.Keywords: WEB SQL Server database security strategyMicrosoft SQL server security involved user configuration id and password, audit system, priority model and control of the database directory special permission, built-in command, script and programming language, network protocol, patch and service pack, database management utility and development tool. In the design of SQL Server database, want to consider the database security mechanism, when installation should pay attention to more of the whole system security Settings. Starting from the first operating system, want to undertake the right security Settings, clear operating system user permissions, using file driver file operations to filter, the database libraries, log files, such as backup file the operation of limited access to database process and specified process to operation, the process by other operation will fail.1 SQL Server database access control strategySQL Server are usually installed in NTFS, NTFS than FAT file system more stable and more easy to recover, can to file, folder ACL and file encryption (EFS) setting, etc. Through the database files will be EFS operation SQL Server account under the identity for encryption, and only the account to decrypt the documents.1.1 The password security strategySecurity password database management strategy is the first step of configuring security, dont let sa account password written in application or scripts. SQL Server 2000 installation, if is to use mixed model, then need to enter sa password, the proposal does not use empty password and regularly change the password. Database administrators should be periodically to check whether there is not in conformity with the requirements of the account password.1.2 The security of the account strategyThe database security not only to prevent sensitive data is spy on, and to prevent any interference users the database of the operation. The database system safety management of the first step is in the user into the information system user identity authentication. Microsoft SQL Server to provide corresponding security authentication mechanism, can create the database account, any user to the operation of the proposed database must be forced through the system security checks.SQL Server does not allow change sa super user names, cant delete super users, so have to account for the protection of the strict sa. Database administrators should set up a have and as the super user permissions sa to management database. If the database administrator does not expect to operate the system administrator through the operating system on contact database, can be in the account management system account BUILTIN Administrators delete.1.3 To strengthen the record of database logSQL Server use of database transaction log to restore affairs. Affairs to the database is log has happened all change and execute every change affairs of a string of records. Log records of every business affairs start, and in each of the data change during the affairs and undo changes information, strengthen the database records of the data to log safety have a vital role. In case the choice in the attributes security, will be one of the audit level selected for all, so that in the database system and operating system log in, detailed record all account login events.1.4 Storage process management control and isolationStorage process is higher rank application, it is in the server running on routine and process, and the user call spruces can directly access unauthorized table or view. Due to the storage process has a number of advantages, the commercial database use storage process.Isolation control technology in the database is a very important security technology. Through the middle mechanism, will the user and access object isolation. Users cant directly on the access object isolation. Users cant direct access object to operate, but through the middle institutions indirectly. Microsoft SQL Server provide views and storage process two middle organization accomplish isolation control.1.5 use agreement encryptionSQL Server use Tabular Data Stream agreement to network Data exchange, all the network transmission are expressly, the existence of certain security hidden danger, had better use SSL encryption agreement. At the same time, modify TCP/IP use port, SQL Server use commonly port is 1433, in actual choice in the configuration of the network configuration of TCP/IP protocol attribute, the TCP/IP using the default port into other port.2 WEB environment SQL Server security strategies2.1 The database development security strategyDuring development, to establish a proper access database account is important. According to the application system login system of different role, in the database to create different permissions to login name for different database permission is important. At the same time to make full use of storage process, can effectively prevent some SQL injection to attack. In order to protect data to the greatest extent of safety, the general sensitive data using encryption methods, such as MD5 or DES encryption algorithm.2.2 application system development security strategyIn general, the programmer will database connection information stored in a configuration file, in use convenient while brought system security. To ensure the database security eye, as far as possible the database connection information encryption stocks after the source code, and at the same time compiler among generated code, such as the c #.dll files or Java. Class files.SQL injection attack are the main cause is the user can free input symbols, therefore, to filter the user input sensitive characters, such as single quotation marks and various database related key word, especially may be serious consequences delete, drop etc, in order to protect the security of database. At the same time also can effectively protect data prevent accidental leakage.In the program appear mistake, in order to effectively protect the server data and information, can go wrong information from the definition. From the definition of the meaning that is designated new error page instead of IIS the default error message, and the SQL injection invasion is given according to the IIS error ASP information to invasion, if you put the IIS set to no matter what ASP mistake, give only a error message that HTTP 500 error, further protect the safety of the application system.In short, in WEB environment, besides to SQL Server of the file system, accounts, and passwords and other than planning, but also pay attention to the end and the database application system development security strategy, the maximum guarantee the Internet environment in the database security.3. Security database designThe children from main storage library information reconnaissance agent gathered and support the goal of artificial fixed the basic information of the network. Among them, contains configuration information table (CInfo), service information table (SInfo), loophole information table (VInfo) and security dependence on table (SDR).CInfo table of the key is hosts IP address attributes; The key is SInfo table (hosts IP address, main port); The key is VInfo table (hosts IP address, host loophole ID); Watch the keys are SDR (energy, may hosts IP hosts IP, host holes purpose ID). CInfo and SInfo is a more relationship, because each hosts can also open multiple ports; CInfo and VInfo is a more relations, each node may have multiple holes; SInfo and VInfo is also a more relations, each operation service there may be multiple holes. CInfo and SDR, VInfo and are more than a pair of the SDR is relationship.Standard loophole son library designThe son by the loophole information table library (VulInfo) and holes affect system information table (VulSys) composition. The former mainly records of every loophole BugID, release/update time, loophole category, specific description, repair methods and so on; The latter article records each loopholes of influence operating system or application software information.VulInfo table and VulSys key value are holes ID properties, they are a pair of relationship between more, because the same vulnerabilities may affect the multiple systems.In VulInfo table, we use the Bugtraq as the logo loophole only ID, because Bugtraq ID is about to become the industry standard, each software suppliers also have started to their products loophole announcement for Bugtraq Numbers mapping, the Numbers provide a unified, consensus and comparable vulnerability management mechanism.As a result of these two organizations of vulnerability database are not provide direct access, so the design of a loophole data acquisition plugin.According to the URL information each holes open multiple threads, send corresponding HTTP GET request, and then read the Web Server response. Due to the number of holes quite a lot, if by each thread finish at the same time read the response, analyze data and fill in the database, not only will consume large amounts of system resources, and could lead to a large GET request failed. Therefore, we take the original holes for real-time thread with simple format and data storage, and then on the main thread and data analysis, and complete the task of writing database. In addition, because there may be GET malfunction request, will lead to some holes of information missing or incomplete. In order to ensure that all the information for vulnerabilities get, we also take the log records system, that is, the main line ChengKaiQi a batch of thread grab information and wait for all of its end, according to each and every thread of log entry to find the need to grab errors, and to open a number of threads and so on and so on, until all the holes data are for success.Due to the actual situation of the current limit, can only in international security organization site passive update vulnerability database. If can build domestic unified emergency corresponding center vulnerability database, so center can regularly to various network risk assessment management system standard loophole son library update the data released holes.Visible, executing the corresponding risk control measures, the risk level down to an acceptable level.WEB环境下SQL Server数据库安全策略研究随着互联网络的日益发展和壮大,越来越多的应用系统采用Windows系列的操作系统作为服务器、SQL Server为后台数据库服务器。针对WEB环境下SQL Server各种安全问题进行分析,提出有效的解决方案。关键词:WEB SQL Server 数据库 安全策略Microsoft SQL服务器安全配置涉及用户帐号及密码、审计系统、优先级模型和控制数据库目录的特别许可、内置式命令、脚本和编程语言、网络协议、补丁和服务包、数据库管理实用程序和开发工具。在设计SQL Server数据库时,要考虑数据库的安全机制,在安装时更要注意整个系统的安全设置。首先从操作系统出发,要进行正确的安全设置、明确操作系统用户权限后,使用文件驱动程序对文件操作进行过滤,即对数据库库文件、日志文件、备份文件等的操作权限限定为数据库进程和指定进程才能操作,由其他进程来进行的操作将失败。 1 SQL Server数据库访问控制策略SQL Server一般要安装在NTFS文件系统,NTFS文件系统比FAT文件系统更稳定且更容易恢复,可以对文件、目录ACL及文件加密(EFS)等进行设置。通过EFS的数据库文件将在运行SQL Server的账户身份下进行加密,也只有这个账户才能解密这些文件。1.1 密码的安全策略安全的密码策略是数据库管理安全配置的第一步,不要让sa账号的密码写于应用程序或者脚本中。SQL Server 2000安装的时候,如果是使用混合模式,那么就需要输入sa的密码,建议不要使用空密码并定期修改密码。数据库管理员应该定期查看是否有不符合密码要求的账号。1.2 账号的安全策略数据库的安全性不仅要防止敏感数据被窥探,而且要防止用户进行任何干扰数据库的操作。数据库系统安全管理的第一步就是在用户进入信息系统时的用户身份验证。Microsoft SQL Server提供相应安全认证机制,可创建数据库帐户,任何用户向数据库提出的操作都必须强制通过系统的安全检查。SQL Server不允许更改sa超级用户名称,也不能删除超级用户,所以必须对sa账号进行严格的保护。数据库管理员应该建立一个拥有与sa一样权限的超级用户来管理数据库。如果数据库管理员不希望操作系统管理员通过操作系统登陆接触数据库,可以在账号管理中把系统账号“BUILTINAdministrators”删除。1.3 加强数据库日志的记录SQL Server使用数据库的事务日志来恢复事务。事务日志是对数据库中已发生的所有修改和执行每次修改的事务的一连串记录。事务日志记录每个事务的开始,以及在每个事务期间对数据的更改和撤消所做的更改信息,加强数据库日志的记录对数据的安全有着至关重要的作用。在实例属性中选择“安全性”,将其中的审核级别选定为全部,这样在数据库系统和操作系统日志里面,就详细记录了所有帐号的登录事件。1.4 存储过程管理和隔离控制存储过程是级别更高的应用程序,它是在服务器上运行的例行程序及过程,用户调用存储过程可直接访问未授权的表或视图。由于存储过程具有许多优点,目前商业数据库都使用存储过程。隔离控制技术在数据库中是一项很重要的安全技术。通过中间机制,将用户与存取对象隔离。用户不能直接对存取对象隔离。用户不能直接对存取对象进行操作,而是通过中间机构间接进行。Microsoft SQL Server提供视图和存储过程两种中间机构实现隔离控制。1.5 使用协议加密SQL Server使用Tabular Data Stream 协议来进行网络数据交换,所有的网络传输都是明文的,存在一定的安全隐患,最好使用SSL加密协议。同时,修改TCP/IP使用的端口,SQL Server一般使用的端口是1433,在实际配置中选择网络配置中的TCP/IP协议的属性,将TCP/IP使用的默认端口变为其他端口。2 WEB环境下SQL Server的安全策略2.1 数据库端的开发安全策略在开发过程中,建立恰当权限的数据库账户是很重要的。根据应用系统中登录系统的角色不同,在数据库中创建不同权限的登录名来对应不同的数据库权限也同样重要。同时要充分利用存储过程,可以有效地防止某些“SQL 注入”的攻击。为了最大程度地保护数据的安全,一般对敏感数据采用加密的方法,如MD5或DES加密算法。2.2 应用系统的开发安全策略一般情况下,程序员会将数据库连接信息存放于配置文件中,在使用方便的同时带来了系统安全问题。为保证数据库安全眼,尽量把数据库连接信息加密以后存入源码中,并同时编译生成中间代码,如C#的.dll文件或Java的.class文件。“SQL注入攻击”存在的主要原因是用户可以自由输入各种符号,因此,要过滤用户输入的敏感字符,如单引号以及各种数据库相关的关键字,尤其是