有关数据库，sql，asp方面的外文资料以及翻译，过程材料资源-CSDN文库

共7个文件

pdf：5个

doc：2个

数据库安全

sql

asp

4星 · 超过85%的资源需积分: 10 182 浏览量 2010-04-19 14:43:30 上传评论 2 收藏 1.22MB RAR 举报

资源推荐

资源详情

资源评论

收起资源包目录

Desktop.rar （7个子文件）

Effective timestamping in databases.pdf 193KB

fulltext.pdf 394KB

SQL Server Security.pdf 394KB

关于数据库的外文翻译.doc 51KB

翻译.doc 24KB

Security and privacy for multimedia database management systems.pdf 201KB

asp技术的web网站安全措施分析.pdf 210KB

C H A P T E R 1 4

■ ■ ■

327

SQL Server Security

Understanding the SQL Server security model and how to effectively implement and manage a secure

SQL environment is important for a DBA. If your employer’s data gets compromised, it’s not just your

job that is lost; it could also affect the lives of many people outside your company. You have probably

heard stories of hackers obtaining credit card information for thousands of helpless consumers. All these

thefts could have been prevented had proper security measures been in place. SQL Server comes with a

well-tested security model that enables DBAs to delegate access control from the server level down to

the column level and, with the help of native encryption capabilities, to the individual column entries. In

this chapter, you will learn how users are authenticated and authorized within SQL Server, and you’ll

learn some best practices to follow with respect to the security of your SQL Server instances.

Terminology

Before we dive deep into the security topic, it’s important to first define some key concepts. To help in

this discussion, imagine the scenario where you want to access your valuables that are in a safety deposit

box. Safety deposit boxes, if you’re not familiar, are metal boxes of different sizes that store valuables

and are located in a vault at a bank. They usually require a key to open them. In addition, a bank will

often ask for identification before allowing you to get your box.

Authentication

The bank needs to make sure you are who you claim you are. They do this by asking for identification,

traditionally a driver’s license. This action is called authentication. SQL Server makes sure you are who

you claim you are by asking for credentials. You give SQL Server credentials in one of two ways. You can

give SQL Server a username and password combination. SQL Server will take a hash of the password you

supplied and compare it with a hash of the password that is stored in its internal tables. If the two hashes

match for the given username, you are authenticated. This type of authentication is known as SQL

Server authentication.

The other way to authenticate to SQL Server is through Windows authentication. With this type, you

do not need to type in a password; rather, since you are logged into Windows, SQL Server asks Windows

to verify your identity via your Windows security token.

CHAPTER 14 ■ SQL SERVER SECURITY

328

Authentication Mode

In an ideal world, you would use only Windows authentication, but the world is hardly ever ideal. The

main advantage with a pure Windows authentication environment is a streamlined administration

experience—you don’t have to manage yet another set of credentials. To tell SQL Server what

authentication modes to support, there is a server property called Server Authentication. It has one of

two possible settings: Windows Authentication and SQL Server and Windows Authentication mode

(which is also referred to as Mixed Mode). When SQL Server is in Windows Authentication mode, users

will not be able to log in using SQL Server authentication. If Mixed Mode is selected, SQL Server will

accept both Windows-authenticated and SQL Server–authenticated logins. Since it is easier to show

examples using SQL Server–authenticated accounts vs. having to create a Windows user, this book’s

examples will use SQL Server in SQL Server and Windows Authentication mode. To see which

authentication mode your server is using, launch the Server Properties dialog box in SSMS by selecting

Properties from the context menu of a SQL Server instance. Click the Security page within the Server

Properties dialog box to see the authentication mode setting, as shown in Figure 14-1.

Figure 14-1. Portion of Server Properties dialog box showing the Security page

Authorization

Getting back to the safety deposit box example, now that the bank has validated your identity using your

driver’s license, they give you the box. The box is locked with a key. Possessing this key authorizes you to

open the box. In SQL Server, just because you have authenticated yourself and have a SQL Server login

account, you do not necessarily have access to items contained within the server. The DBA has to

explicitly authorize a user’s access to objects within SQL Server. The DBA can grant access to one or

more objects to a group of users or to a single user. You will learn more about granting permissions later

in this chapter.

Server Instance vs. the Database

Databases within SQL Server are their own unique entities. Databases are designed to be easily detached

from one server environment and reattached to another server without any extra work being done by a

DBA. This concept is slightly different from what other database vendors implement, which is typically

to marry the database and server instance more closely. With this independence come some additional

security concepts to understand.

Databases have their own users called database users and their own roles called database roles. You

will learn more about database roles later in this chapter. To authorize a SQL Server login access to a

CHAPTER 14 ■ SQL SERVER SECURITY

329

particular database, DBAs need to create a database user within the requested database, which maps to

a SQL Server login. Database users are not shared between any databases on the server instance, but a

single SQL Server login can map to one or more database users with each database user being in a

different database. In Figure 14-2, there is a single SQL Server login called Howard_Login. This login is

mapped to two different database users. In the Sales database, Howard_Login is mapped to

Howard_Sales_User. In the HR database, Howard_Login is mapped to Howard_HR_User.

Figure 14-2. Representation of server login and database users

Since databases are their own unique entities, the permissions defined for Howard_Sales_User and

Howard_HR_User can be different. In Figure 14-2’s scenario, Howard logs in to SQL Server just once. He

then has access to both the Sales and HR databases, with whatever permissions he has been given on

each of those.

CHAPTER 14 ■ SQL SERVER SECURITY

330

SQL Server Instance Security

Now that you have been introduced to the difference between a server instance and database with

respect to a “database user,” it is time to dive into more detail around the security at the server instance

level. A SQL Server login is also known as a principal, which is a generic term used to describe any entity

that can request server resources. You may see the word principal being used throughout other

publications including SQL Server Books Online. Some other principals within SQL Server include server

roles, database users, database user roles, and application roles. In the Windows world, a principal can

be a Windows domain group, a local group, a domain user, or a local user.

Creating a SQL Server Login

To create a new SQL Server login from SQL Server Management Studio (SSMS), navigate down the

Object Explorer tree to the Logins node, which is a child of the Security node. Right-click, and select the

New Login context menu item. This will launch the Login – New dialog box, as shown in Figure 14-3.

CHAPTER 14 ■ SQL SERVER SECURITY

331

Figure 14-3. Login – New dialog box

The Login – New dialog box allows you to create four different types of logins. They are as follows:

Windows authentication, SQL Server authentication, mapped to certificate, and mapped to asymmetric

key. If you wanted to create a SQL Server login mapped to a Windows account, you select the “Windows

authentication” radio button and type the Windows user account in the text box provided. This option

does not require you to provide any password for the user. If you wanted to create a SQL Server–

authenticated login, simply supply a login name and type a password. When you select the SQL Server

Authentication radio button, you will notice three additional check boxes become available. “Enforce

password policy” tells SQL Server to honor any Active Directory group policy configuration for

passwords. “Enforce password expiration” tells SQL Server to remind users to change old passwords and

to lock out expired logins. “Users must change password at next login” is self-explanatory. SSMS has a

评论收藏

内容反馈

ysyabc

2014-03-14

不错，我用于毕设中的英文翻译的介绍！
myjinhuang

2013-01-11

嗯，可以使用
diligentForLife

2013-03-28

还行吧，作为参考文件了最后。。。
匆匆的烟斗

2014-05-22

very nice!帮我大忙！

xiaoshu021

粉丝: 0
资源: 3

有关数据库，sql，asp方面的外文资料以及翻译，过程材料

在CSDN里收集的一些毕业设计外文翻译

计算机外文翻译大集合（整理的20几篇外文翻译）

毕业论文-源代码- ASP.NET学生选课系统(SQLServer数据库、开题报告、外文翻译、代码清单)论.zip

基于ASP.NET的客户关系管理系统设计与实现毕业设计(项目报告+源代码+文献综述+外文翻译+答辩PPT)

[计算机毕设]基于asp.net的客户关系管理系统设计与实现(项目报告+源代码+文献综述+外文翻译+答辩PPT).zip

原创网上电子相册系统的设计(ASP.NET+MySQL)(ASP.NET)(程序,毕业论文,外文翻译,文献综述)-SQL附选题表

ASP.NET基于WEB的选课系统(源代码+毕设+开题报告+外文翻译+任务书+答辩PPT).zip

VB+SQL自动点歌系统(源代码+系统+外文翻译).rar

ASP.NET基于WEB的选课系统(源代码+毕设文档+开题报告+外文翻译+任务书+答辩PPT).zip

学生成绩信息管理系统（源码+论文+文献综述+外文翻译+开篇报告）

JAVA+SQL办公自动化系统(源代码+论文+外文翻译).rar

基于ASP.NET的选课系统设计与实现毕业设计(源代码+项目报告+开题报告+外文翻译+答辩PPT).zip

[计算机毕设]基于asp.net的选课系统设计与实现(源代码+项目报告+开题报告+外文翻译+答辩PPT).zip

JAVA+SQL离散数学题库管理系统(源代码+论文+外文翻译).rar

JSP+SQL机房自由上机收费管理软件的设计与实现(源代码+论文+外文翻译).rar

ASP.NET基于WEB的选课系统(源代码+论文+开题报告+外文翻译+任务书+答辩PPT).zip

基于ASP+数据库网上购物&人事管理系统&成绩信息管理系统&二手商品发布设计（包含源代码+论文）共五套资料

vb+sql汽车配件管理系统(系统+论文+外文翻译+任务书+开题报告+中期检查表).rar

Qt 5实现串口调试助手 （源工程文件、0积分下载）

【SystemVerilog】路科验证V2学习笔记（全600页）.pdf

AutoSAR标准协议4.2.2

光伏-储能并网系统仿真.rar

NPPJSONViewer.zip

GD32替换STM32注意事项.pdf

XCP协议的规范文档

VS2015安装证书，JavaScript_ProjectSystem.msi，JavaScript_LanguageService.msi

CANoe通过CAPL脚本实现自动测试

蓝牙BLE协议中文版.pdf

BaiduOCR.zip

最新资源

Qt 5实现串口调试助手（源工程文件、0积分下载）