網(wǎng)絡(luò)數(shù)據(jù)庫安全外文文獻(xiàn)翻譯

網(wǎng)絡(luò)數(shù)據(jù)庫安全外文文獻(xiàn)翻譯(含：英文原文及中文譯文)文獻(xiàn)出處：KBertino.DatabaseSecurity[J]IEEETransactionsonSoftwareEngineering,2015,13(2):129-140.英文原文DatabaseSecurityKarlBertino“WhydoIneedtosecuremydatabaseserver?Noonecanaccessit—it’sinaDMZprotectedbythefirewall!”Thisisoftentheresponsewhenitisrecommendedthatsuchdevicesareincludedwithinasecurityhealthcheck.Infact,databasesecurityisparamountindefendingorganizationsinformation,asitmaybeindirectlyexposedtoawideraudiencethanrealized.Databasesecurityhasbecomeahottopicrecently.Asmoreandmorepeopleareconcernedaboutcomputersecurity,wehavefoundthatfirewallsandwebserversaremoresecurethanever(althoughthisdoesnotmeanthattherearenolongermanyinsecurenetworks).Therefore,theemphasisisonincreasingthetechnicalconsiderations,suchastreatingthedatabasewithamoremeticulousreview.◆GeneralsafetyawarenessBeforewediscussdatabasesecurityissues,itisprudentandnecessarytoensurethattheunderlyingoperatingsystemandsupportingtechnologiesaresecure.Ifavanillaoperatingsystemcannotprovideareliableandsecurefoundationforthedatabase,itisnotworththeefforttoensurethatthedatabaseissecure.Wheninstallingtheoperatingsystem,therearemanygoodliteraturereferences.AcommonproblemoftenencounteredistheapplicationofadatabaseonthesameserverasawebserverhostingtheInternet(orIntranet).Althoughthismaysavethepurchaseofaseparateserver,thisseriouslyaffectssecurityissues.Ifthisisthecase,thisisconfirmedwhenthedatabaseisopenlyconnectedtotheInternet.ArecentexampleIrememberisanApachewebserversystemserviceorganizationprovidedontheInternet,withtheOracledatabaseprovidingtheport1521ontheInternet.Wheninvestigatingthisissue,itwasfurtherdiscoveredthataccessingtheOracleserverwasaprotectionmeasure(includingalackofapassword)withoutaservertostopit.FromtheperspectiveofthedevelopmentoftheInternet,thisdatabaseisnotrespected,buttheuseofdefaultsettingsandroughsecuritymeasuresmaketheservermorevulnerable.Theissuesmentionedabovearenotstrictlydatabaseissues.Theycanalsobeclassifiedasbuildingmechanismsandfirewallprotectionissues,butintheenditisadatabase,whichisuncompromising.Securityconsiderationswereforcedfromthepointofviewofthevariouspartsofthenetwork.Youcan'trelyonanyoneelseoranythingelsetoprotectyourdatabase.◆ThevulnerabilitydevelopedbySQLandOraclegivesattacktoolsaspacetouse.Istumbleduponadatabasesecurityaspectinarecentsecurityassessmentforaclient.Interestingly,wearetestinginternalenterpriseapplicationsthatuseadatabasebackend(SQL)toholdthedetailsoftheclient.ThesecurityreviewprocesswentwellandaccesscontrolwasbasedonWindowscertification.OnlyauthenticatedWindowsuserscanseetheirowndata.Theapplicationitselfseemstoprocessinputrequestsandrejectallattemptstoaccessthedatabasedirectly.Thenweaccidentallydiscoveredabackupoftheapplicationintheofficeofthework.ThismediaisequippedwithabackupoftheSQLdatabase,whichwere-storedonthelaptop.Allsecuritycontrolsgotolocationswherethedatabasewasnotoriginallyrecovered,andwecanbrowsethecompletedatabasewithoutanyrestrictionsinplacetoprotectsensitivedata.Thismaybelikeacompromisesystemsecurity,butitisreallyimportant.Oftenitisnotadirectapproachtoattackagoal,andtheendresultisthesame;thesystemcompromises.Databasebackupscanbestoredontheservertofacilitateindirectaccesstodata.Thereisasimplesolutiontotheaboveproblem.InSQL2000,passwordprotectioncanbeusedforbackupsettings.Ifthebackupusespasswordprotection,thepasswordmustbeusedwhencreatingthepassword.Thisisaneffectiveandlesscomplexwaytopreventsimplecaptureofbackupdata.Howeverthismeansthepasswordmustberemembered!◆CurrenttrendTherearemanycurrenttrendsinITsecurity,manyofwhicharetiedtodatabasesecurity.Thefocusondatabasesecurityisdrawingtheattentionofattackers.DuetothevulnerabilitiesdevelopedbySQLandOracle,thereisaspaceavailableforattacktools.Theemergenceofthesetoolshasraisedthestakes,andwehaveseenthatattacksareprimarilydirectedatspecificdatabaseportswheretheserverisexposedtotheInternet.Acommonproblemthatrunsthroughthesecurityindustryisapplicationsecurity,especiallycustomizedWebapplications.AsthecapabilitiesofWebapplicationsbecomemoresophisticated,itposesagreaterpotentialthreattothesecuritygapsinapplicationcoding.Inordertomeetthefunctionalrequirementsofapplicationsoftware,back-enddatastorageisusuallyusedtoarrangetheformatofwebcontent.Thisrequiresmorecomplexbackenddataencoding.Developersusedifferentstylesofcodedevelopment,someofwhicharenotsecurityaware,whichmaybethesourceofdevelopmenterrors.SQLinjectionisahottopicinthecurrentITsecurityindustry.Withtheever-increasingnumberofwaysandmeansofshorteningthetimetodevelopdatabases,thecurrentdebateintechnicalsecurityforumsisverycommon.SQLinjectionisamisleadingtermbecausetheconceptalsoappliestootherdatabases,includingOracle,DB2,andSybasesystems.◆WhatisSQLinjection?SQLinjectionisamethodofcommunicationthatthesoftwaredeveloperdoesnotwishtousewiththedatabasetousecodeorinstructions.Thisisthemostcommonformofwebapplicationsoftwarefound.Anycontentthatanyuserentersintotheapplicationisacommonsourceofattacks.Manyfriendsherehavealreadyseentheusualerrormessageboxwhenaccessingthewebsite,andoftenshowthattheuserinputhasnotbeenhandledcorrectly.Oncethistypeoferroroccurs,theattackerwillfocusonamorespecificinputstring.Specificsecurity-relatedcodingtechniquesshouldincorporatecodingstandardswhenusingtheorganization.Thedamagecausedbythistypeofvulnerabilitycanbeprofound,althoughthiswilldependonthelevelofprivilegeassociatedwiththeapplicationandthedatabase.Ifthesoftwareaccessesdatawithadministratortyperights,thenmaliciouslyrunningcommandswillalsobethislevelofaccessrights,andatthistime,systemcompromiseisinevitable.Thisproblemissimilartotheoperatingsystem'ssecurityrules,wheretheprojectshouldrunwiththelowestprivilege,anditisnecessary.Ifitisnormaluseraccess,thenenablethisrestriction.Thesameproblem,SQLsecurityisnotentirelyadatabaseproblem.Specificdatabasecommandsorrequirementsshouldnotbeallowedthroughtheapplicationlayer.Thiscanbepreventedby"securitycode".Thisisanoff-topictopic,butthedetaileddesignofsomebasicstepsthatshouldbeappliedisnecessary.Thefirststepistoverifyandcontroluserinputwhenacquiringanyapplication.Wherepossible,stricttypesshouldbesettocontrolspecificdata(eg,expectedvaluedata,stringtypedata,etc.),andwherepossible,ifthedataischaracter-based,Banspecificnon-alphanumericcharacters.Ifthisisnotpossible,considerationshouldbegiventotheuseofalternativecharacters(forexample,singlequotes,whicharecommonlyusedinSQLcommands).Specificsecurity-relatedcodingtechniquesshouldbeaddedtothecodingstandardwhenusingyourorganization.Ifalldevelopersusethesamebaselinestandards,specificspecificsecuritymeasures,thiswillgreatlyreducetheriskofSQLinjectioncompromises.Anothersimplemethodthatcanbeusedistoclearallprogramsthatarenolongerneededinthedatabase.Theselimitthedegreeofmalicioususethatisnolongerneededinthedatabaseorismorethanexcessive.Thisissimilartoeliminatingunnecessaryserviceprogramsintheoperatingsystemandisacommonsecuritypractice.◆SummaryInshort,mostoftheaboveviewpointsIhavemadearegeneralawarenessofsecurityconceptsandarenotspecifictoadatabase.However,alloftheseareindeedappliedtothedatabase,andifthesebasicsecuritymeasuresareapplied,yourdatabasesecuritypropertieswillbegreatlyimproved.Inthenextarticleondatabasesecurity,wewillfocusonspecificSQLandOraclesecurityissues,andprovidedetailedexamplesandopinionsforDBAsanddevelopers.Intheabove,wediscussedthegeneraldatabasesecurityconceptsandcommonproblems.InthisarticlewewillfocusonthespecificsecurityissuesofMicrosoftSQLandOracle,andequallyimportantaresolutionstomitigatetheseissues.DatabasesecurityhasmanysimilaritieswithgeneralITsecurityissues.Therearesomesimplesecuritymeasuresandstepsthatcanbeeasilyimplementedtogreatlyincreasesecurity.Althoughtheseseemtobecommonsense,itissurprisingthatwehaveseenhowmanytimesthecommonsecuritymeasureshavenotbeenimplementedsoastocreatesecurityrisks.◆UseraccountandpasswordsecurityOneofthefirstbasicrulesinITsecurityisto"ensureyouhaveareliablepassword."Inthisstatement,Ihaveassumedthatthefirstpasswordhasbeenset,althoughthisisoftennotthecase.Inlastyear’sarticle,Ispokealittleaboutgeneralsecurityawareness,butIthinkit’snecessarytore-emphasizethisissueandit’sveryimportant.Justliketheoperatingsystem,thefocusofattentionisontheaccountsecurityoftheinternaldatabase.Itspurposeistomanageaccounts.InSQL,thiswillbetheSAaccount.InOracle,thiscanbeSYSDBAoranOracleaccount.ItisalsocommonforaSQLSAserviceaccounttouse"SA"asapassword,whichisverycommon,orevenworse,ablankpassword.Eventhemostbasicsecurityrulesforsuchpasswordsarelazytolimit.Userswillnotbeallowedtohaveablankpasswordontheirowndomainaccount,sowhyvaluablesystemresources,suchasdatabases,aretolerated.Forexample,ablank"SA"passwordallowsanyuser(suchasMicrosoft'sQueryAnalyzerorEnterpriseManagerto"manage"SQLServeranddatabase)tocontainclientsoftware.Thedatabaseisusedasthebackendofwebapplicationsoftware.Thelackofpasswordcontrolwillleadtoacompletecompromiseofsensitivedata.Withthesystemlevelaccesstothedatabase,notonlytoperformthequerytothedatabase,create/modify/deletethetable,butalsotoperformwhatiscalledstoredprocedures.中文譯文數(shù)據(jù)庫安全作者：卡爾·伯蒂諾“為什么要確保數(shù)據(jù)庫服務(wù)安全呢?任何人都不能訪問-這是一個非軍事區(qū)的保護(hù)防火墻”,當(dāng)我們被建議使用一個帶有安全檢查機(jī)制的裝置時,這是通常的反應(yīng)。事實(shí)上,在防護(hù)一個組織的信息方面,數(shù)據(jù)庫的安全是至高無上的,因?yàn)樗赡軙g接接觸比我們意識到的更廣泛的用戶。這是兩篇研究數(shù)據(jù)庫安全文章中的第一篇。在這篇文章中我們將討論一般數(shù)據(jù)庫安全概念和和比較普遍的問題。在下篇文章,我們將把焦點(diǎn)放在特定的MicrosoftSQL和Oracle的安全關(guān)注上。近來數(shù)據(jù)庫安全已成為一個熱門話題。隨著越來越多的人關(guān)注計算機(jī)安全,我們發(fā)現(xiàn),防火墻和網(wǎng)絡(luò)服務(wù)器比以前都更加安全化了(雖然這并不等于說現(xiàn)在不再有許多不安全的網(wǎng)絡(luò)存在)。因此,重點(diǎn)是加大對技術(shù)的考慮力度,譬如以更細(xì)膩的審查態(tài)度對待數(shù)據(jù)庫?！粢话惆踩庾R在我們討論有關(guān)數(shù)據(jù)庫安全問題之前,確保底層操作系統(tǒng)和支撐技術(shù)的安全是審慎而且必要的。如果一個vanilla操作系統(tǒng)無法為數(shù)據(jù)庫提供一個穩(wěn)妥可靠的安全基礎(chǔ),花費(fèi)太多努力去確保數(shù)據(jù)庫安全是不值得的。當(dāng)安裝操作系統(tǒng)時,有許多好的文獻(xiàn)資料可以參考。經(jīng)常遇到的一個普遍問題,就是作為網(wǎng)絡(luò)服務(wù)器托管Internet(orIntranet)的同一服務(wù)器上數(shù)據(jù)庫的應(yīng)用。雖然這可能節(jié)省的購買一個單獨(dú)的服務(wù)器費(fèi)用,但這嚴(yán)重影響了安全問題。如果這是確定的,當(dāng)數(shù)據(jù)庫開放地連接到互聯(lián)網(wǎng)這種情況被證實(shí)了。最近的一個例子,我記得是一個Apache網(wǎng)絡(luò)服務(wù)器系統(tǒng)服務(wù)組織在互聯(lián)網(wǎng)上提供的,與Oracle數(shù)據(jù)庫在互聯(lián)網(wǎng)上提供有關(guān)端口1521。在調(diào)查這個問題時進(jìn)一步被發(fā)現(xiàn),訪問該Oracle服務(wù)器是沒有服務(wù)器加以制止之類的保護(hù)措施的(包括缺乏密碼)。從互聯(lián)網(wǎng)發(fā)展前景看,這個數(shù)據(jù)庫是不被推崇的,但默認(rèn)設(shè)置的使用以及粗糙的安全措施,使服務(wù)器更加脆弱。上面提到的問題并不是嚴(yán)格地數(shù)據(jù)庫問題,還可以被歸類為構(gòu)建機(jī)制和防火墻保護(hù)問題,但最終它確是數(shù)據(jù)庫,這是毫不妥協(xié)的。安全方面的考慮從面向網(wǎng)絡(luò)的各部分來看而被迫做出的。你不能依靠任何他人或任何別的事以保護(hù)你的數(shù)據(jù)庫安全?！粲捎赟QL和Oracle開發(fā)的漏洞給攻擊工具一個得以使用的空間。我在最近為客戶做的一項(xiàng)安全評估中偶然發(fā)現(xiàn)一個數(shù)據(jù)庫安全方面的。有趣的是，我們正在進(jìn)行對使用一個數(shù)據(jù)庫后端(SQL)以存放客戶端的細(xì)節(jié)的企業(yè)內(nèi)部應(yīng)用軟件的測試。安全審查過程進(jìn)展順利,訪問控制基于Windows認(rèn)證。只有通過認(rèn)證的Windows用戶能夠看到屬于他們的數(shù)據(jù)。這個應(yīng)用軟件本身好像對輸入要求進(jìn)行處理,拒絕直接進(jìn)入資料庫的所有嘗試。之后我們在工作的辦公室偶然發(fā)現(xiàn)一個該應(yīng)用軟件的備份。這個媒體裝有SQL數(shù)據(jù)庫的備份,這是我們重新存儲到筆記本電腦上的。所有安全控制均到那些原先并未恢復(fù)數(shù)據(jù)庫的位置上,而且我們能夠在適當(dāng)?shù)奈恢脽o任何限制地瀏覽完整的數(shù)據(jù)庫,以保護(hù)敏感的數(shù)據(jù)。這可能像是一種妥協(xié)的系統(tǒng)安全的方式,但確實(shí)是重要的。往往并不是采取直接的方法攻擊一個目標(biāo),并且最終結(jié)果是相同的;系統(tǒng)妥協(xié)。數(shù)據(jù)庫備份可以存儲在服務(wù)器上,從而有利于間接地訪問數(shù)據(jù)。以上問題有一個簡單的辦法來解決。在SQL2000可以為備份設(shè)定使用密碼保護(hù)。如果備份使用了密碼保護(hù),當(dāng)創(chuàng)建密碼時就必須使用密碼。這是一種有效而且不太復(fù)雜的方法阻止備份數(shù)據(jù)的簡單捕獲。然而這意味著密碼必須記住!◆當(dāng)前趨勢在IT安全方面有許多當(dāng)前趨勢,這些中的不少都與數(shù)據(jù)庫安全聯(lián)系起來。數(shù)據(jù)庫安全方面的焦點(diǎn)正吸引著攻擊者的注意力。由于SQL和Oracle開發(fā)的漏洞給攻擊工具一個得以使用的空間。這些工具的出現(xiàn)提高了賭注,我們已經(jīng)看到,攻擊主要是針對服務(wù)器暴露到互聯(lián)網(wǎng)的特定數(shù)據(jù)庫端口。貫穿安全業(yè)的一個普遍問題是應(yīng)用軟件安全,特別是定制的Web應(yīng)用程序。隨著Web應(yīng)用程序的功能變得越來越復(fù)雜,它帶來了應(yīng)用程序編碼方面的安全漏洞的更大的潛在威脅。為了滿足應(yīng)用軟件的功能性要求,后端數(shù)據(jù)存儲通常被用來安排網(wǎng)頁內(nèi)容的格式。這就需要更復(fù)雜的后端數(shù)據(jù)編碼。開發(fā)者使用不同風(fēng)格的代碼開發(fā),其中一部分沒有安全意識,這也許是開發(fā)錯誤的源頭。SQL注入就是當(dāng)前IT安全業(yè)的一個熱門話題。隨著愈來愈多的以期縮短時間的開發(fā)數(shù)據(jù)庫的方式和手段的出現(xiàn),目前在技術(shù)安全論壇中,爭論是很平常的。SQL注入是一個容易讓人誤導(dǎo)的術(shù)語,因?yàn)樵摳拍钜策m用于其他的數(shù)據(jù)庫,包括Oracle,DB2和Sybase系統(tǒng)。◆什么是SQL注入?SQL注入的是軟件開發(fā)人員所不希望出現(xiàn)的與資料庫使用代碼或指令發(fā)送手段的交流方法。這是發(fā)現(xiàn)在Web應(yīng)用軟件最常見的形式。任何用戶輸入應(yīng)用軟件所不允許的內(nèi)容是攻擊的一個常見來源。在座很多朋友已經(jīng)看到了當(dāng)訪問網(wǎng)站時通常的錯誤消息框,而且往往顯示用戶輸入沒有得到正確處理。一旦出現(xiàn)這種類型的錯誤,攻擊者將把焦點(diǎn)放在更具體的輸入字符串上。具體的與安全有關(guān)的編碼技術(shù)在使用組織時應(yīng)加入編碼標(biāo)準(zhǔn)。由于這種類型的脆弱性所造成的損害,可以很深刻的,盡管這會取決于該應(yīng)用軟件與數(shù)據(jù)庫關(guān)聯(lián)的特權(quán)級別。如果該