1. Trang chủ
  2. » Công Nghệ Thông Tin

Lecture Database security and auditing - Protecting data integrity and accessibility - Chapter 8: Application Data Auditing

37 109 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 37
Dung lượng 339,97 KB

Nội dung

Lecture Database security and auditing - Protecting data integrity and accessibility - Chapter 8: Application Data Auditing presentation of content Create and implement Oracle triggers, create and implement SQL Server triggers, define and implement Oracle fine-grained auditing,... Mời các bạn cùng tham khảo.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter Application Data Auditing Objectives • • • • Understand the difference between the auditing architecture of DML Action Auditing Architecture and DML changes Create and implement Oracle triggers Create and implement SQL Server triggers Define and implement Oracle fine-grained auditing Database Security and Auditing Objectives (continued) • • • Create a DML statement audit trail for Oracle and SQL Server Generate a data manipulation history Implement a DML statement auditing using a repository Database Security and Auditing Objectives (continued) • • Understand the importance and the implementation of application errors auditing in Oracle Implement Oracle PL/SQL procedure authorization Database Security and Auditing DML Action Auditing Architecture • • Data Manipulation Language (DML): companies use auditing architecture for DML changes DML changes can be performed on two levels: – – • Row level Column level Fine-grained auditing (FGA) Database Security and Auditing DML Action Auditing Architecture (continued) Database Security and Auditing DML Action Auditing Architecture (continued) Database Security and Auditing Oracle Triggers • Stored PL/SQL procedure executed whenever: – – • • DML operation occurs Specific database event occurs Six DML events (trigger timings): INSERT, UPDATE, and DELETE Purposes: – – Audits, controlling invalid data Implementing business rules, generating values Database Security and Auditing Oracle Triggers (continued) Database Security and Auditing Oracle Triggers (continued) • • CREATE TRIGGER Executed in a specific order: – – • • STATEMENT LEVEL triggers before COLUMN LEVEL triggers BEFORE triggers before AFTER triggers USER_TRIGGERS data dictionary view: all triggers created on a table A table can have unlimited triggers: not overuse them Database Security and Auditing 10 DML Auditing Using Repository with Oracle (Simple 1) • • • Simple Auditing Model Flag users, tables, or columns for auditing Requires less database administrative skills: – – • • Application administrators can it User interface is built in top of the repository Auditing flags are flexible Does not record before or after column values; only registers type of DML operations Database Security and Auditing 23 DML Auditing Using Repository with Oracle (Simple 1) (continued) Database Security and Auditing 24 DML Auditing Using Repository with Oracle (Simple 1) (continued) • Steps: – – – – – Use any user other than SYSTEM or SYS Create triggers Create sequence object Build tables to use for applications Populate application tables Database Security and Auditing 25 DML Auditing Using Repository with Oracle (Simple 1) (continued) • Steps (continued): – – – – Populate auditing repository with metadata Create the stored package to be used with the trigger Create triggers for application tables Test your implementation Database Security and Auditing 26 DML Auditing Using Repository with Oracle (Simple 2) • • Simple Auditing Model 2: requires a higher level of expertise in PL/SQL Stores two types of data: – – Audit data: value before or after a DML statement Audit table: name of the tables to be audited Database Security and Auditing 27 DML Auditing Using Repository with Oracle (Simple 2) (continued) Database Security and Auditing 28 DML Auditing Using Repository with Oracle (Simple 2) (continued) • Steps: – – – – – Use any user other than SYSTEM or SYS; with privileges to create tables, and triggers Create the auditing repository Establish a foreign key in AUDIT_DATA table referencing AUDIT_TABLE table Create a sequence object Create the application schema Database Security and Auditing 29 DML Auditing Using Repository with Oracle (Simple 2) (continued) • Steps (continued): – – – – – Add data to tables A stored PL/SQL package will be used for auditing within the triggers Create triggers for audited tables Add auditing metadata Test your implementation Database Security and Auditing 30 Auditing Application Errors with Oracle • • • Application errors must be recorded for further analysis Business requirements mandate to keep an audit trail of all application errors Materials: – – Repository consisting of one table Methodology for your application Database Security and Auditing 31 Auditing Application Errors with Oracle (continued) • Steps: – – – – – Select any user other than SYSTEM or SYS; with privileges to create tables, and procedures Populate tables Create the ERROR table Create a stored package to perform the UPDATE statement Test your implementation: perform and update using the CREATE package Database Security and Auditing 32 Oracle PL/SQL Procedure Authorization • • Oracle PL/SQL stored procedures are the mainstay of implementing business rules Security modes: – – Invoker rights: procedure is executed using security credentials of the caller Definer rights: procedure is executed using security credentials of the owner Database Security and Auditing 33 Oracle PL/SQL Procedure Authorization (continued) • Steps: – – – – – – – Create a new user Select a user with CREATE TABLE and PROCEDURE privileges Populate tables Create stored procedure to select rows in a table Grant EXECUTE privileges on new procedure Log on as the new user and query the table Execute procedure Database Security and Auditing 34 Summary • Two approaches for DML auditing: – – • • Set up an audit trail for DML activities Register all column values before or after the DML statement (column-level auditing) Fine-grained auditing (Oracle) Triggers: – – Stored PL/SQL procedure automatically executed Oracle has six DML events Database Security and Auditing 35 Summary (continued) • • • Triggers are executed in order USER_TRIGGERS data dictionary view: shows all triggers SQL Server 2000: – – • CREATE TRIGGER DDL statement Conditional functions: UPDATE() and COLUMNS_UPDATED() FGA allows generation of audit trail of DML activities Database Security and Auditing 36 Summary (continued) • • FGA is capable of auditing columns or tables; Oracle PL/SQL-supplied package DBMS_FGA PL/SQL stored procedures security modes: – – Invoker rights Definer rights Database Security and Auditing 37 ... Fine-grained auditing (FGA) Database Security and Auditing DML Action Auditing Architecture (continued) Database Security and Auditing DML Action Auditing Architecture (continued) Database Security. .. ALTER and CREATE DATABASE DISK INIT and DISK RESIZE DROP DATABASE and LOAD DATABASE LOAD LOG RECONFIGURE RESTORE DATABASE RESTORE LOG Database Security and Auditing 13 Implementation of an Historical... value of the columns are not recorded Database Security and Auditing 18 DML Action Auditing with Oracle (continued) Database Security and Auditing 19 DML Action Auditing with Oracle (continued) •

Ngày đăng: 30/01/2020, 11:32

TỪ KHÓA LIÊN QUAN