集输大队报表数据迁移-外文翻译-03083107刘骞.doc

中国石油大学（华东）本科毕业设计（论文）外文翻译 3  PAGE 2 中国石油大学（华东） 本科毕业设计（论文）外文翻译 学生姓名：刘 骞 学 号专业班级：软件工程03-1班 指导教师：郑秋梅 2007年6月20日  PAGE 16 Database Security in a Web Environment Introduction Databases have been common in government departments and commercial enterprises for many years. Today, databases in any organization are increasingly opened up to a multiplicity of suppliers, customers, partners and employees - an idea that would have been unheard of a few years ago. Numerous applications and their associated data are now accessed by a variety of users requiring different levels of access via manifold devices and channels – often simultaneously. For example: ? Online banks allow customers to perform a variety of banking operations - via the Internet and over the telephone – whilst maintaining the privacy of account data. ? E-Commerce merchants and their Service Providers must store customer, order and payment data on their merchant server - and keep it secure. ? HR departments allow employees to update their personal information – whilst protecting certain management information from unauthorized access. ? The medical profession must protect the confidentiality of patient data – whilst allowing essential access for treatment. ? Online brokerages need to be able to provide large numbers of simultaneous users with up-to-date and accurate financial information. This complex landscape leads to many new demands upon system security. The global growth of complex web-based infrastructures is driving a need for security solutions that provide mechanisms to segregate environments; perform integrity checking and maintenance; enable strong authentication and non-repudiation; and provide for confidentiality. In turn, this necessitates comprehensive business and technical risk assessment to identify the threats, vulnerabilities and impacts, and from this define a security policy. This leads to security definitions throughout the infrastructure - operat