Research And Realization Of Database Security Proxy Based On Security Socket Layer

Along with the rapid development of computer and network technology, information systems cover much wider range of areas, and data exchange is increasingly multifarious. So, it's such an important problem that how to protect information system security. Because database is a set of information, database system security plays a crucial role on the information system security.There are two aspects included in database system security, which is access control security strategy and communication channel security.Access control security strategy is to preserve the legality of the database users. Nowadays, most database systems are using client/password authentication method as their access control security strategy, which has poor security preservation and has been suffering varieties attacks, such as passive sniffing attack, active man-in-the-middle attack and password guess attack.Communication channel security means data transmission security in the database system. In most database systems, plaintext travels on the communication channel, and human attack from the network occur easily.From the above, it's not difficult to see the weakness of access control security strategy and the insecurity of communication pipe in most database systems. Therefore, it's a very important problem that how to preserve the legality of database users and communication channel security.SSL is a protocol that supports authentication and data encryption. Through study on SSL and its key technology, it is recommended that the SSL-based certificate authentication can be used as client access control method in database systems. Further more, not only does SSL provide us data confidentiality, it also preserves the integrity of data by its special way of data package. Therefore, we can use this to build up a cipher text communication pipe for data transferring between clients and servers of database systems to preserve data confidentiality and integrity.Thesis researches how to put together SSL and database security, and put forward a database security proxy model. Based on all the work, we developed and realized a simple database security proxy. It proves that the tentative idea of using SSL in database systems is desirable. It not only can provide us reliable authentication, but also can satisfy our demands in both access controlling and secret communication. From this we can see that database security proxy can attain the purpose of accessing and communicating safely, and the problem in accessing database and transferring data will be solved.