The Research And Application Of Web Database Security Technology

With the rapid development of computer technology, the database has been extensively deep into the various fields, of course, the opportunity applied to the Web is more and more ,then web database subsequently appeared, the issue followed by of data security is increasingly prominent. Web database as a base for network storage of information is the core of the computer application system, its safety is especially important.Well,What is the web database and database security? Web database is the so-called Web + database, also known as web-based database, its essence is based on the traditional relational database technology, into the latest network technology, database technology, storage and retrieval technology as a whole , a new database of database structure and data model which entirely Internet-based applications. It opened up a new era of Web databases. Whether e-commerce ,or network information retrieval systems,or information management systems are inseparable from the Web database technology. There are many web databases such as SQL SERVER 2000, Mysql, etc.. the most representative of database security is overseas CPPfleeger's definition and widely used. The definition is describe the integrity of the physical database, the integrity of logical database, security of elements, auditability, access control, authentication and availability and so on. And at home, the definition is to ensure the data confidentiality, integrity, consistency and availability.Compared to traditional databases,web database uses a lot of new technologies and make a great breakthrough in the functional aspects. It is mainly shown off in the following areas: 1) Web database can accommodate all the information resources, not only can contain structured information resources, also can contain unstructured resources. 2) The database structure are flexible, using multi-dimensional processing of table and the word, variable-length storage. 3) Web Database supports Active X, XML and other new programming tools, supports the rapid development of complex transaction processing system, thereby it simplifies the difficults of system development and management, shortens the development cycle. 4) Extends the type of data,can easily process the graphics, sound, video, large text, animation and other multimedia information. 5) Improves the indexing mechanism, improves the query speed, precision and recall.Since the Web database so good, there must be a lot of application, but no matter how good things ,it also has its inadequacies, that is the security issues are hardly undertake. To ensure Web database security is to ensure data confidentiality, integrity, consistency and availability. And there are many technologies for the security of Web database,which commonly used are: access control, user identification and authentication, database audit, database encryption technology and so on.In this article, I focus on the encryption on the database. Refer to the encryption, it is relate to cryptography. The cryptography is a subject closely in relation to information security , as long as the reference to information security, we must be mention cryptography.Well, What is the cryptography? The cryptography is a technical science which studies coding and deciphering the code, Studies the objective laws of password changes, applies to coding to conservative secret communications, called coding; applied to deciphering to obtain the information of communication, called the deciphering science, Collectively called cryptography. Data encryption algorithm is usually divided into two categories: "symmetric" and "non-symmetric." DES and RSA are typical representatives.DES is the Data Encryption Standard (Data Encryption Standard) abbreviation. DES is a block encrypt algorithm to provide users a two-way channel A and B to share a key, the two sides can use the key to encrypt information and send it out, meanwehile,decrypt the received ciphertext with the same key. RSA is a non-symmetric(public key) cryptmetric based of number theory,it is also a block cipher system. Its security is based on that the largest intergers devide into prime factor is difficult, and large integer factorization problem is well-known mathematical problem, there has been no effective way to be resolved, thus,it can ensure the security of RSA algorithm. Both of them have their own advantages and disadvantages,so we combinate the both,bring forward mixed-password algorithm, made up deficiency of the two.For the data in the database, there are certain requirements:①After database encryption, the data should not be significantly increased;②After encryption of a data, the length of the data unchanged;③The speed of encryption and decryption should as quickly as enough, the response time of data manipulation should allow users to accept. The choice of encryption methods is in accordance with specific circumstances.In the web database, the choice of encryption methods has the following categories:1) Encryption technology of the file in database2) Encryption technology of the recorded in the database3) Encryption technology based on field4) Encryption technology of sub-key databaseMore satisfactory encryption object is the fields. The sub-key database encryption is encrypted on the fields, which take advantage of China's grandson theorem (Chinese Remainder Theorem) to encrypt and decrypt for the field.Finally, as for management information system to students, I made a simple design and development, in the system use three-tier architecture. In a number of modules, I relatively detaile analysis and design the student's information management modules,furthermore, in this module, I encrypt the sensitive data(No.,address and telephone number)which in basic information table, the encrypted algorithm is sub-key encryption algorithm, thus ensuring the relative safety of the data. At last, I give a brief account management for the key,that is to establish a non-system database, and then hide the key into the depth,not easy to find.In short, the research and applications for the safety of web database, I just did a very simple to explore through an example, there are many deficiencies, which is my working and learning for by my own efforts.