Technology of SQL Server database (94)
Tuesday, March 03, 2009 by rain
To any industry organizations,The security of data is most important.Security basically is to show the user that allows those to have relevant data to visit attributive can log onto SQL Server and visit data and logarithm occupy library object to carry out the operation inside all sorts of attributive limits,But the illegal operation that should reject all blame accredit users.Because of this,Security management and user management are inseparable.SQL Server 2000 was offerred inside the security of buy and data protection,And this is planted management is active and easy.
This chapter basically discusses how to be founded with date of administrative user Zhang,And how come true and supervise security,Include a lot of skill and note at the same time,These skill and note will make your job more comfortable,Efficient.
The security management of SQL Server 2000 is to build in attestation (Authentication) permit with the visit (Permission) the attestation on both mechanism is the entry Zhang date that points to the user that will log onto SQL Server certainly and password correct,Come with this whether do its have test and verify the attributive of join SQL Server.But,Do not represent the data in can visitting SQL Server through attestation phase,The user has only after getting the limits of authority that visits a database,All sorts of operations that the database that just can go up to the server has attributive license falls (basically be in the light of database object,Wait like process of watch, view, memory) ,The setting of attributive of database of visit of this kind of user is will come true through user Zhang date.It is at the same time in SQL Server,The fungible that the part regards user group as simplified greatly security management.
Include the following shares in the safe model of SQL Server so:
? SQL Server logins
? ? Database user
? ? Attributive
? ? Part
14.1.1SQL Server logs onto attestation brief introduction
MS SQL Server can move below two kinds of safe mode:
Mode of WINDOWS attestation
Mixture mode
(1) mode of WINDOWS attestation
System of database of SQL Server moves on platform of NT server or the WINDOWS 2000 that are based on NT structural frame normally,And NT regards a network as the operating system,Itself has management to login,User of test and verify is lawful sexual ability,The mechanism that so mode of attestation of WIN- DOWS uses security of this one user and Zhang mark government just about,The user name that allows SQL Server to also can use NT and countersign.Below this mode,The attestation that the user wants to pass WINDOWS only can receive SQL Server repeatedly,And itself of SQL Server also was not necessary to manage an entry data.
Mode of WINDOWS attestation has a lot of advantages compared with mode of attestation of SQL Server,The reason depends on mode of WNDOWS attestation compositive the safe system of NT or WINDOWS 2000,And NT safety manages have numerous feature,Like safe and lawful sex,Countersign is added close,The smallest to the password length undertakes limitative waiting.So when the user tries to log onto SQL Server,The Zhang bugle call that its network safety from NT or WNDOWS 2000 gets entry user in attribute and password,The mechanism that uses NT or date of Zhang of test and verify of WINDWOS 2000 and code will examine entry lawful sex,The security that enhanced SQL Server thereby.
User form was used in WINDOWS NT,When should using WINDOWS attestation so,We always are the group of NT user with user certain classify,When so that become,undertaking to group of NT user in SQL Server the database visits attributive to install,Can deliver setting of this kind of attributive to onefold user,And when new when increasing an entry user,Total also group of user of NT of its classify some,This kind of method can be used door more in adding a system conveniently,The needless workload that eliminated one by one to undertake a database visit attributive is installed and be brought for each user.
Notice:If the user is in,the user did not give out to land a name when ascending border SQL Server,Criterion SQL Server uses oneself NT attestation pattern,And if SQL Server is installed to be NT attestation mode,Criterion the user is like an input when login a specific entry when the name, SQL Server should login oversight the name.
If SQL Server is the desktop edition that moves on WINDOWS95/98,Criterion NT attestation mode is invalid.
(2) mixture attestation mode
Below mixture attestation mode,WINDOWS attestation and attestation of SQL Server mode of these two kinds of attestation is practicable.The user of NT can use NT attestation already,Also can use attestation of SQL Server.The meaning that WINDOWS attestation had introduced in front,Mode of attestation of SQL Server introduces to the reader below.
(3) attestation of SQL Server
Below this attestation mode,The user must be offerred when join SQL Server entry name with entry password,These entry information store in systematic watch Syslogins,Have nothing to do with the entry Zhang date of NT.Him SQL Server carries out attestation to handle,If the entry information of the input and system express Syslogins,some medium record matchs,Indicate entry success.
14.1.2The setting of mode of attestation of SQL Server
Before undertaking addition deleting waiting operating to loginning,The attestation pattern that must set SQL Server above all.The setting that will have attestation pattern through SQL Server Enterprise Manager basically implements the following measure:
(1) the SQL Server EnterpriseManager that start chooses,The server that should undertake attestation mode is installed.
(2) right attack this server,In Properties of the choice in playing a menu,SQL Server will shoot a dialog box of SQL Server Properties.
(3) Security option chooses in dialog box of SQL Server Properties.Place of the 14-1 that be like a graph is shown.
(4) the attestation mode that chooses to want to install in the Authentication place of column of Security option,Can choose random in place of Audit Level at the same time a sheet chooses pushbutton,Will decide to dog which kinds of information when record user logins,The information that log onto a success for example or fails.
(5) which user in the acquiescent when setting of Starup Service Account should start SQL Server Enterprise Manager person that login.