计算机外文翻译--数据库安全(编辑修改稿)

计算机外文翻译--数据库安全(编辑修改稿)内容摘要：

of a database on the same server as a web server hosting an Inter (or Intra) facing application. Whilst this may save the cost of purchasing a separate server, it does seriously affect the security of the solution. Where this is identified, it is often the case that the database is openly connected to the Inter. One recent example I can recall is an Apache Web server serving an organizations Inter offering, with an Oracle database available on the Inter on port 1521. When investigating this issue further it was discovered that access to the Oracle server was not protected (including lack of passwords), which allowed the server to be stopped. The database was not required 毕业设计（文献翻译） 第 6 页 from an Inter facing perspective, but the use of default settings and careless security measures rendered the server vulnerable. The points mentioned above are not strictly database issues, and could be classified as architectural and firewall protection issues also, but ultimately it is the database that is promised. Security considerations have to be made from all parts of a public facing work. You cannot rely on someone or something else within your organization protecting your database from exposure. ◆ Attack tools are now available for exploiting weaknesses in SQL and Oracle I came across one interesting aspect of database security recently while carrying out a security review for a client. We were performing a test against an intra application, which used a database back end (SQL) to store client details. The security review was proceeding well, with access controls being based on Windows authentication. Only authenticated Windows users were able to see data belonging to them. The application itself seemed to be handling input requests, rejecting all attempts to access the data base then happened to e across a backup of the application in the office in which we were working. This media contained a backup of the SQL database, which we restored onto our laptop. All security controls which were in place originally were not restored with the database and we were able to browse the plete database, with no restrictions in place to protect the sensitive data. This may seem like a contrived way of promising the security of the system, but does highlight an important point. It is often not the direct approach that is taken to attack a target, and ultimately the endpoint is the same。 system promise. A backup copy of the database may be stored on the server, and thus facilitates access to the data indirectly. There is a simple solution to the problem identified above. SQL 2020 can be configured to use password protection for backups. If the backup is created with password protection, this password must be used when restoring the password. This is an effective and unplicated method of stopping simple capture of backup data. It does however mean that the password must be remembered! ◆ Current trends There are a number of current trends in IT security, with a number of these being linked to 毕业设计（文献翻译） 第 7 页 database security. The focus on datab。