外文文献—WEB环境下SQL Server数据库安全策略研究.docVIP

附录一 WEB environment SQL Server database security strategy research Along with the development of the Internet network and expands, more and more application system uses Windows series of operating system as the Server, SQL Server for the backed database Server. According to WEB environment SQL Server various security problems are analyzed, and the effective solution. Keywords: WEB SQL Server database security strategy Microsoft SQL server security involved user configuration id and password, audit system, priority model and control of the database directory special permission, built-in command, script and programming language, network protocol, patch and service pack, database management utility and development tool. In the design of SQL Server database, want to consider the database security mechanism, when installation should pay attention to more of the whole system security Settings. Starting from the first operating system, want to undertake the right security Settings, clear operating system user permissions, using file driver file operations to filter, the database libraries, log files, such as backup file the operation of limited access to database process and specified process to operation, the process by other operation will fail. 1 SQL Server database access control strategy SQL Server are usually installed in NTFS, NTFS than FAT file system more stable and more easy to recover, can to file, folder ACL and file encryption (EFS) setting, etc. Through the database files will be EFS operation SQL Server account under the identity for encryption, and only the account to decrypt the documents. 1.1 The password security strategy Security password database management strategy is the first step of configuring security, dont let sa account password written in application or scripts. SQL Server 2000 installation, if is to use mixed model, then need to enter sa password, the proposal does not use empty password and regularly change the password. Database administrat