| The database technology has obtained the fast development and the widespread application from its productiong in the 60's until now. The database system (DBS) is undertaking the task of centralism processing mass datas information which grows day by day and its security problem highlights day after day. The security problem of database system mainly lies in data sharing question. The main function and mission of database management system (DBMS) are to provide the data information sharing, but the question lies in providing the data message to the authorized user and at the same time rejecting any access requriement of illegal visitor.As the preservation data information database management system, must provide the secure access service according to data information, namely guarantee data usability, integrity and uniformity under database management,thus protect database owner and user's legitimate rights and interests.The Oracle,Sybase,SQL Server and so on are extensively used in all kinds of enterprise,and this is hard to change in short time,at the same time,the shortcoming on data security of those produces is a fairly fact,for example,the attack to change the value of data.In order to promote the safety coefficient and protect the secret of the sensitive data, useing one kind of effective database security middleware to encrypt sensitive information in database is obviously having the special practical significance. This article proposes a scheme of through the using of middleware to enhance database security and designs a database security middleware(DBSAPI), its main work as follows:Firstly,this article proposed one kind improved sub-key encryption technology based on the sensitive field, which maked data element as the encrypting unit, which like this not only has enlarged the safety coefficient,simultaneously degraded the time cost of encryption/decryption to enhance the efficiency, which uses the working pattern of three levels of encryption keys, database's primary key is used to encrypt table key,table key is established by the user or is produced at random when founding table, which is used for producing the sub-key, the sub-key is produced through the key algorithm by the table key, which encrypt the data, it enhances the security of producing the sub-key and caused the same attribute value in the different record to use the different sub-key to carry on the encryption, so the same text information will have the different ciphertext information, this will may effectively resist the guess attack and the knowndefinite orders attack (Know Plaintext Attacks) when the text space is small;Secondly, this article proposed improved password scheme as status authentication, make the user ID and its password as parameter to hash it,then store the hash value into the system.If have more higher safety requirement,we use the Guillou-Quisquater status authentication;Thirdly, this article proposed a kind of improvement middleware development pattern that is four B/S development pattern, which has made up the insufficiency on security problems in the traditional three B/S pattern and the C/S pattern;Finally, this article has confirmed the usability and the validity of this database security middleware (DBSAPI) through a simple application example. |
PDF Full Text Request