10_les_09_Proxy数据库安全审计.ppt

Using Proxy Authentication Objectives After completing this lesson, you should be able to do the following: Describe how proxy authentication works Manage users authenticated by proxy authentication Audit users authenticated by proxy User Authentication Identify the user in the following ways: Basic authentication Database user identified by a password Database user identified by the operating system Strong authentication Enterprise User Security Proxy authentication Security Challenges ofThree-Tier Computing Identify the real user Authenticate the end user to the database Restrict the privileges of the middle tier Identifying the Real User The database needs the end-user identity for the following security functions: Authentication Data access control Auditing Application-level security requires that: Security must be coded in every application Applications must be the only method to access the data Identifying the Real User (continued) Common Implementations of Authentication Pass through: The user is unknown to the application. One big-application user: The user is unknown to the database. Other methods: The user is reauthenticated to the database. The user is identified to the database. The user is proxied. User Reauthentication Types of authentication in three-tier systems: Middle tier-to-database authentication Client-to-middle tier authentication Client reauthentication through the middle tier to the database: Does the end user need to log in multiple times? Can the end user’s database account information be stored in the application? Can the user be authenticated by using Lightweight Directory Access Protocol (LDAP)? Point-to-point protocols, such as secure sockets layer (SSL), can authenticate to only one node. Single authentication Restricting the Privileges of the Middle Tier Middle tier with high privileges: Connects with one database user for all application users Has all privileges for all application users for all connections Does not identify