如何从数据挖掘和Web提取器软件中保护数据库?
大家好,
我被委托一项任务,我需要确保我的新项目的数据库不会被任何数据提取挖掘或数据提取器软件或SQL查询。我想探索并为数据库防盗和保护提供一些想法和具体解决方案。
是否有任何代码可以禁用所有软件或查询和命令来访问并从数据库中记录或提取数据?
如果没有这样的代码那么什么是限制数据提取器从数据库中提取数据的其他替代方法?
请快速分享您的观点。
提前致谢。
Hello everyone,
I am entrusted a task where I need to make sure that my new project''s database should not get extracted by any of the data mining or data extractor software or a sql query. I want to explore and have some ideas and concrete solution for database theft proofing and protection.
Is there any code which can disable all the software or queries and commands to access and record or extract the data from the database?
If there is not such code then what are other alternatives to restrict data extractors to pull the data from the database?
Please share your view quickly.
Thanks in advance.
加密数据!
.NET Framework具有加密类,您可以在将数据放入数据库并从数据库中检索数据时对其进行加密和解密。
Encrypt the data!
The .NET Framework has crypto classes that you can use to encrypt and decrypt data as you put it into and retrieve it from the database.
一种解决方案是在计算机上设置此数据库。没有连接到互联网。 (您甚至可以限制它在公司内部的本地连接。)或者,如果绝对需要与客户联系,您可以使用租用线路而不是互联网来连接。进一步的安全性可以采用黑盒技术的形式实现,这种技术基本上是一种硬件加密/解密设备,它能够如此快速地工作,您的客户永远不会注意到差异,尽管他们必须拥有这样的设备。也结束了。
如果有问题的电脑绝对必须连接互联网,那么你永远不会有100%可靠的安全解决方案。横向方法是使用像TrueCrypt这样的程序来加密整个硬盘。这至少会阻止那些黑客更加懒惰。
另一种解决方案就是让自己成为一个外接的硬盘驱动器,你可以简单地拔掉它当你不需要数据库时。当你这样做..只需删除你的互联网连接,连接驱动器和访问你的数据库。这仍然有木马黑客的漏洞,但如果你小心,那么大多数黑客可能永远不会知道你正在隐藏你的数据库。
One solution is to set up this database on a computer that is not connected to the internet. (You may even limit it''s connectivity locally within your company.) Or, if it absolutely needs to be connected with customers, you could use leased lines instead of the internet for your connectivity. Further security can be implemented in the form of black-box technology which is basically a hardware encryption/decryption device that does it''s work so fast your client will never notice the difference, though they would have to have such a device at their end also.
If the computer in question absolutely has to be internet connected then you will never have a security solution that will be 100% dependable. A sideways approach would be to use a program like TrueCrypt to encrypt your entire hard-drive. This would at least discourage the more lazy of the hackers out there.
Even another solution is to get yourself a external hard-drive that you can simply have un-plugged when you do not need the database. When you do.. just drop your internet connectivity, connect the drive and access your db. This still has the vulnerability to * hacks, but if you are careful then most hackers may never even know you are hiding your database that way.
嗯,从我知道的很少,似乎您可能希望使用对称加密,AES可以降低性能,RSA可能更强。据我所知,两者都相对较强。您可以加密所有敏感数据,并将解密密钥提供给对该数据具有有效访问权限的客户端。密钥可以嵌入到您提供的客户端中,该客户端连接到数据库并读取数据,对其进行解密,然后将其提供给他们正在使用的任何前端。您可以为不同的数据集使用不同的密钥来控制哪些客户端可以访问解密的数据集。
我建议每隔一段时间旋转一次密钥,每2周或更短时间。这不会让黑客远离黑客,但它可能会让他们更容易接受。我看到的每一个其他建议似乎都有所帮助,但没有一个是100%安全的。
Well, from what little I know, it seems that you may want to go with symmetric encryption, AES would be less of a performance hit and RSA could be stronger. Both are relatively strong as far as I know. You could encrypt all sensitive data and provide the decryption keys to the clients who have valid access to that data. The keys could be embedded in a client you provide them with that connects to the database and reads the data, decrypts it and then serves it to whatever front-end they are using. You can use different keys for different data-sets to control which clients get access to the decrypted data-sets.
I''d recommend rotating the keys every so often, like every 2 weeks or less. That won''t keep hackers away but it might make them go after easier pickings. Every other suggestion I saw seemed helpful one way or another but none will be 100% secure.