| The access control method is one of the most important aspects in measuring the security of a database system. Nowadays most database systems are using client/password authentication method as their access control security strategy, which has poor security preservation and has been suffering varieties attacks, such as passive sniffing attack, active man-in-the-middle attack and password guess attack. Further more, once clients have logged into database systems and while the clients and servers are exchanging their data, how to protect the confidentiality and integrity of data from intercepting and modifying on the wire has caught a great deal of attention.Modified for many times, SSL has become the most widely used secure protocol in the world. Although it is usually used to secure network communications, SSL is actually a common protocol, which is suitable for protecting the security of varieties of communication data. In reality, just simply transferring data on SSL usually causes unexpected security and function problems. The SSL protocol requires a good understanding of security principles to apply securely so that the application protocol developers can make their designs work well. Through profoundly studying on the work principles of SSL and its security features, we realize that the certificate-based authentication method can solve the problems existing in client/password-based authentication method mentioned above. For themore, if we use certificates combined with ACL, we can well control database clients with different access authorities. In addition, SSL requires the data transferred between clients and servers should be encrypted. Further more, not only does SSL provide us data confidentiality, it also preserves the integrity of data by its special way of data package. Therefore, we can use this to build up a cipher text communication pipe for data transferring between clients and servers of database systems.In this paper, we discuss the shortcomings of client/password-based database access control method, and we also talk about digital certificate, cryptographic algorithms and function improvement in SSL application. After all these work, we recommend that the SSL-based certificate authentication can be used as client access control method in database systems, and we can also use SSL to set up a safe secret communication channel. Based on above specification, we developed and realized a simple database plug system.It proves that the tentative idea of using SSL in database systems is desirable. It not only can provide us reliable authentication, but also can satisfy our demands in both access controlling and secret communication.
|
PDF Full Text Request