NetWare/FOXPRO数据库应用系统的安全

SECURITY OF NetWare/FOXPRO APPLICATIONS

FOXPRO RDBMS是一种安全性很弱的关系数据库管理系统,而一般的FOXPRO数据库应用系统除了口令字机制之外,也很少有其它的保护措施。为此,本文提出一种称为“角色-视图”关系的适应于办公室环境的数据库访问控制策略。在这种策略的指导下,利用NO-VELL NetWare网络操作系统的安全机制,设计了一个在应用层上的FOXPRO数据库系统安全体系。本文所做的研究工作有两个特点:一是数据库系统安全的关键功能利用操作系统的机制来实现,所以系统整体在安全性、性能和开发费用上有较好的平衡;二是整个安全体系的设计符合安全工程的一般开发流程。

For the poor security of FOXPRO RDBMS, usual FOXPRO applications do little to improve it except for password. In this paper, a database access policy based on so - called Role - View relation is presented. By the guide of this policy, we design a security architecture of FOXPRO applications utilizing the security mechanism of NOVELL NetWare. Our results have two advantages: the first is that critical security functions of database applications are implemented by network operating systems, so the performance and are balanced against developing cost while security of entire system is improved. The second, the work is done as standard security engineering methodology requirements.