数据库安全外文翻译

中英文对照外文翻译Database Management SystemsA database (sometimes spelled data base) is also called an electronic database , referring to any collection of data, or information, that is specially organized for rapid search and retrieval by a computer. Databases are structured to facilitate the storage, retrieval , modification, and deletion of data in conjunction with various data-processing operations .Databases can be stored on magnetic disk or tape, optical disk, or some other secondary storage device.A database consists of a file or a set of files. The information in these files may be broken down into records, each of which consists of one or more fields. Fields are the basic units of data storage , and each field typically contains information pertaining to one aspect or attribute of the entity described by the database . Using keywords and various sorting commands, users can rapidly search , rearrange, group, and select the fields in many records to retrieve or create reports on particular aggregate of data.Complex data relationships and linkages may be found in all but the simplest databases .The system software package that handles the difficult tasks associated with creating ,accessing, and maintaining database records is called a database management system(DBMS).The programs in a DBMS package establish an interface between the database itself and the users of the database.. (These users may be applications programmers, managers and others with information needs, and various OS programs.)A DBMS can organize, process, and present selected data elements form the database. This capability enables decision makers to search, probe, and query database contents in order to extract answers to nonrecurring and unplanned questions that aren’t available in regular reports. These questions might initially be vague and/or poorly defined ,but people can “browse” through the database until they have the needed information. In short, the DBMS will “manage” the stored data items and assemble the needed items from the common database in response to the queries of those who aren’t programmers.A database management system (DBMS) is composed of three major parts:(1)a storage subsystemthat stores and retrieves data in files;(2) a modeling and manipulation subsystem that provides the means with which to organize the data and to add , delete, maintain, and update the data;(3)and an interface between the DBMS and its users. Several major trends are emerging that enhance the value and usefulness of database management systems;Managers: who require more up-to-data information to make effective decisionCustomers: who demand increasingly sophisticated information services and more current information about the status of their orders, invoices, and accounts.Users: who find that they can develop custom applications with database systems in a fraction of the time it takes to use traditional programming languages.Organizations : that discover information has a strategic value; they utilize their database systems to gain an edge over their competitors.The Database ModelA data model describes a way to structure and manipulate the data in a database. The structural part of the model specifies how data should be represented(such as tree, tables, and so on ).The manipulative part of the model specifies the operation with which to add, delete, display, maintain, print, search, select, sort and update the data.Hierarchical ModelThe first database management systems used a hierarchical model-that is-they arranged records into a tree structure. Some records are root records and all others have unique parent records. The structure of the tree is designed to reflect the order in which the data will be used that is ,the record at the root of a tree will be accessed first, then records one level below the root ,and so on.The hierarchical model was developed because hierarchical relationships are commonly found in business applications. As you have known, an organization char often describes a hierarchical relationship: top management is at the highest level, middle management at lower levels, and operational employees at the lowest levels. Note that within a strict hierarchy, each level of management may have many employees or levels of employees beneath it, but each employee has only one manager. Hierarchical data are characterized by this one-to-many relationship among data.In the hierarchical approach, each relationship must be explicitly defined when the database is created. Each record in a hierarchical database can contain only one key field and only one relationship is allowed between any two fields. This can create a problem because data do not always conform to such a strict hierarchy.Relational ModelA major breakthrough in database research occurred in 1970 when E. F. Codd proposed a fundamentally different approach to database management called relational model ,which uses a table asits data structure.The relational database is the most widely used database structure. Data is organized into related tables. Each table is made up of rows called and columns called fields. Each record contains fields of data about some specific item. For example, in a table containing information on employees, a record would contain fields of data such as a person’s last name ,first name ,and street address.Structured query language(SQL)is a query language for manipulating data in a relational database .It is nonprocedural or declarative, in which the user need only specify an English-like description that specifies the operation and the described record or combination of records. A query optimizer translates the description into a procedure to perform the database manipulation.Network ModelThe network model creates relationships among data through a linked-list structure in which subordinate records can be linked to more than one parent record. This approach combines records with links, which are called pointers. The pointers are addresses that indicate the location of a record. With the network approach, a subordinate record can be linked to a key record and at the same time itself be a key record linked to other sets of subordinate records. The network mode historically has had a performance advantage over other database models. Today , such performance characteristics are only important in high-volume ,high-speed transaction processing such as automatic teller machine networks or airline reservation system.Both hierarchical and network databases are application specific. If a new application is developed ,maintaining the consistency of databases in different applications can be very difficult. For example, suppose a new pension application is developed .The data are the same, but a new database must be created.Object ModelThe newest approach to database management uses an object model , in which records are represented by entities called objects that can both store data and provide methods or procedures to perform specific tasks.The query language used for the object model is the same object-oriented programming language used to develop the database application .This can create problems because there is no simple , uniform query language such as SQL . The object model is relatively new, and only a few examples of object-oriented database exist. It has attracted attention because developers who choose an object-oriented programming language want a database based on an object-oriented model. Distributed DatabaseSimilarly , a distributed database is one in which different parts of the database reside on physically separated computers . One goal of distributed databases is the access of informationwithout regard to where the data might be stored. Keeping in mind that once the users and their data are separated , the communication and networking concepts come into play .Distributed databases require software that resides partially in the larger computer. This software bridges the gap between personal and large computers and resolves the problems of incompatible data formats. Ideally, it would make the mainframe databases appear to be large libraries of information, with most of the processing accomplished on the personal computer.A drawback to some distributed systems is that they are often based on what is called a mainframe-entire model , in which the larger host computer is seen as the master and the terminal or personal computer is seen as a slave. There are some advantages to this approach . With databases under centralized control , many of the problems of data integrity that we mentioned earlier are solved . But today’s personal computers, departmental computers, and distributed processing require computers and their applications to communicate with each other on a more equal or peer-to-peer basis. In a database, the client/server model provides the framework for distributing databases.One way to take advantage of many connected computers running database applications is to distribute the application into cooperating parts that are independent of one anther. A client is an end user or computer program that requests resources across a network. A server is a computer running software that fulfills those requests across a network . When the resources are data in a database ,the client/server model provides the framework for distributing database.A file serve is software that provides access to files across a network. A dedicated file server is a single computer dedicated to being a file server. This is useful ,for example ,if the files are large and require fast access .In such cases, a minicomputer or mainframe would be used as a file server. A distributed file server spreads the files around on individual computers instead of placing them on one dedicated computer.Advantages of the latter server include the ability to store and retrieve files on other computers and the elimination of duplicate files on each computer. A major disadvantage , however, is that individual read/write requests are being moved across the network and problems can arise when updating files. Suppose a user requests a record from a file and changes it while another user requests the same record and changes it too. The solution to this problems called record locking, which means that the first request makes others requests wait until the first request is satisfied . Other users may be able to read the record, but they will not be able to change it .A database server is software that services requests to a database across a network. For example, suppose a user types in a query for data on his or her personal computer . If the application is designed with the client/server model in mind ,the query language part on the personal computer simple sends the query across the network to the database server and requests to be notified when the data are found.Examples of distributed database systems can be found in the engineering world. Sun’s Network Filing System(NFS),for example, is used in computer-aided engineering applications to distribute data among the hard disks in a network of Sun workstation.Distributing databases is an evolutionary step because it is logical that data should exist at the location where they are being used . Departmental computers within a large corporation ,for example, should have data reside locally , yet those data should be accessible by authorized corporate management when they want to consolidate departmental data . DBMS software will protect the security and integrity of the database , and the distributed database will appear to its users as no different from the non-distributed database .In this information age, the data server has become the heart of a company. This one piece of software controls the rhythm of most organizations and is used to pump information lifeblood through the arteries of the network. Because of the critical nature of this application, the data server is also the one of the most popular targets for hackers. If a hacker owns this application, he can cause the company's "heart" to suffer a fatal arrest.Ironically, although most users are now aware of hackers, they still do not realize how susceptible their database servers are to hack attacks. Thus, this article presents a description of the primary methods of attacking database servers (also known as SQL servers) and shows you how to protect yourself from these attacks.You should note this information is not new. Many technical white papers go into great detail about how to perform SQL attacks, and numerous vulnerabilities have been posted to security lists that describe exactly how certain database applications can be exploited. This article was written for the curious non-SQL experts who do not care to know the details, and as a review to those who do use SQL regularly.What Is a SQL Server?A database application is a program that provides clients with access to data. There are many variations of this type of application, ranging from the expensive enterprise-level Microsoft SQL Server to the free and open source mySQL. Regardless of the flavor, most database server applications have several things in common.First, database applications use the same general programming language known as SQL, or Structured Query Language. This language, also known as a fourth-level language due to its simplistic syntax, is at the core of how a client communicates its requests to the server. Using SQL in its simplest form, a programmer can select, add, update, and delete information in a database. However, SQL can also be used to create and design entire databases, perform various functions on the returned information, and even execute other programs.To illustrate how SQL can be used, the following is an example of a simple standard SQL query and a more powerful SQL query:Simple: "Select * from dbFurniture.tblChair"This returns all information in the table tblChair from the database dbFurniture.Complex: "EXEC master..xp_cmdshell 'dir c:\'"This short SQL command returns to the client the list of files and folders under the c:\ directory of the SQL server. Note that this example uses an extended stored procedure that is exclusive to MS SQL Server.The second function that database server applications share is that they all require some form of authenticated connection between client and host. Although the SQL language is fairly easy to use, at least in its basic form, any client that wants to perform queries must first provide some form of credentials that will authorize the client; the client also must define the format of the request and response.This connection is defined by several attributes, depending on the relative location of the client and what operating systems are in use. We could spend a whole article discussing various technologies such as DSN connections, DSN-less connections, RDO, ADO, and more, but these subjects are outside the scope of this article. If you want to learn more about them, a little Google'ing will provide you with more than enough information. However, the following is a list of the more common items included in a connection request.Database sourceRequest typeDatabaseUser IDPasswordBefore any connection can be made, the client must define what type of database server it is connecting to. This is handled by a software component that provides the client with the instructions needed to create the request in the correct format. In addition to the type of database, the request type can be used to further define how the client's request will be handled by the server. Next comes the database name and finally the authentication information.All the connection information is important, but by far the weakest link is the authentication information—or lack thereof. In a properly managed server, each database has its own users with specifically designated permissions that control what type of activity they can perform. For example, a user account would be set up as read only for applications that need to only access information. Another account should be used for inserts or updates, and maybe even a third account would be used for deletes.This type of account control ensures that any compromised account is limited in functionality. Unfortunately, many database programs are set up with null or easy passwords, which leads to successful hack attacks.译文数据库管理系统介绍数据库（database,有时拼作data base）又称为电子数据库，是专门组织起来的一组数据或信息，其目的是为了便于计算机快速查询及检索。

Developing a Database Encryption StrategyI. IntroductionThe networked database is the heart of the enterprise. It is where your most valuable assets reside the information that is the foundation of your business, transaction records, financial data, customer information. Protecting this data is increasingly important and increasingly difficult.This data’s critical business value makes it an obvious target for attackers. Successful attacks can wreak massive damage to company finances and corporate image. The media spotlight falls most often on high-profile cases involving consumer transactions and credit card numbers. Public concerns, fueled by adverse news coverage, are giving rise to new regulations and legislation on data management and privacy.But public-relations problems are not the only risk .Revelations of data gathered from Web-based transactions can damage a company’s credibility and customer relationships. Database attacks can have direct and severe economic consequences. Database attacks are rising and they can result in the loss or compromise of information critical to running your business day-to-day, from inventory and billing data to Customer Relationship Management applications and human-resources information.Consequently, databases are also likely to be holding increasing amounts of sensitive information on behalf of your customers financial records, healthcare histories,order histories, credit card and Social Security numbers.To protect your company’s database assets, there are security measures you should take today. These include encrypting data as it moves across your enterprise networks and as it sits at rest, in storage on database systems. Extra steps and precautions should be taken to carefully control access this data. This paper will focus on how to protect data at rest.Protecting Data with EncryptionWhile laws and regulations interpret “protecting privacy” in a number of ways, any enterprise solution for protecting data especially data at rest must involve two things:secure encryption technology to protect confidential data and careful management of access to the cryptography keys that unlock the encrypted data. Only then has your company done due diligence to protect the privacy of its customers.Where will you perform the data encryption inside or outside of the database? Your answer can affect the data’s security. How do you create a system that minimizes the number of people who have access to the keys? Storing the encryption keys separately from the data they encrypt renders information useless if an attacker found a way into the database through a backdoor in an application. In addition, separating the ability of administers to access or manage encryption keys builds higher layers of trust and control over your confidential information infrastructure.There should be limited access to the means to decrypt sensitive information and this access should be locked down and monitored with suspicious activity logged.II. Planning a Database Encryption StrategyBefore you can begin to design a database encryption strategy that is secure, you need to understand three things:how encryption works, how data flows in your application,and how database protection fits into your company’s overall security policy.Once you’re assessed the security and encryption needs of the sensitive data being gathered in your application, you will need to pick a course of action to ensure it is protected once it reaches the database. There are two strategies you can use —using encryption features of your DBMS, or performing encryption and decryption outside the database. Each of these approaches has its advantages and disadvantages. In this section we will outline the two different strategies for encrypting stored data so you can make the decision that is best for your environment.III. Implementing a Database Encryption StrategyTo effectively secure your databases using encryption, three issues are of primary importance: where to perform the encryption, where to store encryption keys and who has access to encryption keys. The process of encryption can be performed either 1) within the database, if your DBMSsupports the encryption features you need, or 2) outside the DBMS, where encryption processing and key storage is offloaded to centralized Encryption Servers. These two strategies will be covered in more detail below, but first some general comments: DBMS Features and LimitationsWhile encrypting inside the database may be beneficial because it has the least impact on your application environment, there are performance trade-offs and security implications to consider. Depending on the algorithms used and their implementation, some encryption can degradeDBMS performance. If your DBMS includes encryption, it is important to understand what algorithms it uses, the performance and strength of those algorithms, and how much flexibility you have in selecting what data you encrypt.Some general guidelines are DES is insecure, 3DES is slow and any symmetric ciphers should use 128-bit keys at a minimum.An inherent vulnerability of DBMS-based encryption is the encryption key used to encrypt data likely will be stored in a database table inside the database, protected by native DBMS access controls. Frequently, the users who can have access rights to the encrypted data also have access rights to the encryption key. This can create a security vulnerability because the encrypted text is not separated from the meansto decrypt it. Nor does this solution provide adequate tracking or monitoring of suspicious activities.Many enterprise IT managers have found the out-of-the-box encryption features offered by their DBMS have weaknesses of performance and key management sufficiently severe that they decide not to use them.Off-loading Encryption Outside of the DatabaseRSA Security recommends that companies, especially those that need to complywith Gramm-Leach-Bliley or HIPAA,consider database architectures that off-load encryption processing and secure key management to a separate,centralized Encryption Server. The Encryption Server will calculate the computation required by encryption or decryption. This has two benefits. It removes the computational overhead of cryptography from the DBMS or application servers. And perhaps even more importantly, it allows separation of encrypted data from encryption keys. The keys in this architecture never leave the encryption server. Locking down access and monitoring the Encryption Server is important in this scenario as well,but easily achievable.Let’s review each solution in more detail.Solution One: Implementing encryption inside the DBMS If encryption features are available within your DBMS product, you can encrypt and decrypt data within the database and the process will be transparent to your applications. The data is encrypted as soon as it is stored in the database. Any data that enters or leaves the database, though, will be transported as clear text. This is one of the simplest database encryption strategies, but it presents performance trade-offs and security considerations that must be evaluated.Encryption generally is implemented within the database through a “database procedure call” . Some vendors support limited encryption capabilities through database add-ons. Other vendors may only provide all-or-nothing support for encryption either the entire database is encrypted, or nothing is. While this may make sense for protecting your backup copies, encryption of the entire database means additional processing is expended on non-sensitive data an overkill situation resulting in unnecessary performance A major drawback to encrypting inside the database is the extra processing load. Because encryption and decryption are performed within the database, the DBMS is asked to perform additional processing – not only when the data is stored, but each time it is accessed. This additional processing can add up.Encrypting data when it is stored in the database using a database procedure call is shown in the diagram below. The procedure has to locate the stored encryption key and query it. The DBMS must verify the procedure can access the key. The database procedure then uses the keyin the encryption algorithm and returns the encrypted result. Reading the data requires the same procedure in reverse. Consider, for example, an application that does a sorted report based on credit card data and accesses a database containing encrypted card numbers. The database procedure for decrypting an item is executed against each encrypted data item. If it’s a large report, that can add up to a lot of extra processing. On the other hand, applications that depend on indexes built on encrypted data make the process even slower. For performance, it is advisable to architect the data so that encrypted data is not indexed. But, if you mustencrypt indexed data, encrypt the search value before performing the search. This means that the search procedure must be changed, and will require access to the encryption function as well as the encryption key.The strongest argument in favor of encrypting data within the DBMS is that applications are unaffected by the encryption. You can implement DBMS-basedencryption without making any changes in legacy applications, e-commerce applications, or any other applications that usethe data. However, this solution results in some equally compelling negatives: unless you use encrypted communications between the database and your applications, the data will be at risk of exposure while in transit. Also, if encryption keys are stored within the database, or even in other databases managed by the DBMS, the database administrators may have access to them and thus to any of your encrypted data.When evaluating database products, make sure you understand the performance of the encryption ciphers and strength of cipher based on key size. Many databases offer only the DES or 3DES algorithms which are generally regarded as slow performing. Another cipher, AES is preferable from a security perspective, or for higher performance and security evaluate the RC5® block cipher.Encryption keys are based on pseudo random number generation. Thus the security of your data depends on how truly random the base numbers are. You should understand how random keys are generated in your DBMS. What type of pseudo random number generation is used? It may help to talk to outside security experts about random number generation in database products before making a purchase decision. For example, RSA Security’s cryptography products are designed to provide random number generation in both software and hardware.If you do not want to store your keys in a table in the database, plan how you will store keys separately. The strongest key protection is with separate hardware that inter operates with the database. Depending on the level of security required, this often means purchasing a hardware security module (HSM), a device that provides secure storage for encryption keys and, depending on the device, additional features such as a co-processor to perform cryptographic functions and hardware acceleration. HSM are also a great way to back up encryption keys.Solution Two: Applying Encryption Outside the Database If the potential for data exposure in the database or in transit between client and server concerns you, a more secure solution is moving the encryption to the applications that generate the data.When you use client/server application security protocols like SSL, sensitive data is in clear text form for the shortest possible time. Encryption is performed within the application that introduces the data into the system; it travels encrypted and can be stored encrypted at its final destination. This approach can provide good end-to-end data protection, but may require changes to your applications to add or modify encryption and decryption capabilities.This type of a solution and optimize your investment is to build an Encryption Server to provide centralized encryption services for your entire database environment. This simplifies management and provides more control in a multi-application environment using many databases. This server can be optimized to perform cryptographic operations requested by your applications, giving you the flexibility to allow applications to make multiple requests for cryptographic operations, while consolidating and implementing the cryptography in a consistent way. Here is a diagram of an encryption process that includes an encryption server to providecryptography processing and key storageOne great benefit of this solution is it offers one of the best secure key management strategies. This solution separates encryption keys from the encrypted data stored in the database providing another layer of protection for the database. By contrast,Scenario One stores keys in the database with the encrypted data allowing an attacker easy access to both the keys and encrypted data. In Scenario Two outlined by the diagram above, the Encryption Server adds another layer of protection between the database and the attacker. The keys in the Encryption Server must be found before the hacker can decrypt data. The goal is to harden the Encryption ServerIV. RSA Security SolutionsRSA Security offers a full range of security products and services designed to assess the database application, provide strong authentication of users, deliver Web-based access control for end users or administrators, and simplify the art of building high-performing encryption applications.Assessment, Planning and ImplementationRSA Professional Services offers a database assessment service to review application architecture and design a database strategy. The goal is to identify key sensitive data, analyze the flow of data for potential vulnerabilities and threats, and make design recommendations. Further planning and implementation services are available for companies wishing to deploy the recommended solution. Benefits to customers include access to specialized encryption consultants and knowledge transfer or training of staff.AuthenticationRSA Security products are designed to provide the strong authentication required to protect access to the encryption keys stored in the database or on an Encryption Server. Using these authentication products, companies can reduce the threat of external attacks on their database.Access ManagementFor organizations seeking to control access and simplify administration of their Unix environment, RSA Keon® Unix Control software is a simple way to help lock down access to these servers. This is especially important for organizations who want to deploy a Unix Encryption Server in front of their database. RSA Keon Unix Control software employs a unique, non-intrusive architecture to help centrally manage a UNIX environment. RSA Keon Unix Control software is designed to perform the following functions. It hardens the Encryption Server against intrusion. It can centrally manage the identification and authentication of users , and establish access control while also providing data privacy and integrity monitoring of the entire process. It simplifies administration by propagating changes such as deleted or added user accounts across the entire UNIX enterprise in a single step. In short, RSA Keon Unix Control software helps simplify UNIX management while enforcing a strict enterprise-wide security policy without limiting productivity. Other features include file integrity checking and operating system vulnerability testing. In addition, RSA Keon Unix Control software is designed to proactively log changes to securityparameters, access attempts, and administrative activities to create a complete audit trail.V. ConclusionDatabase attacks are on the rise even as the risks of data disclosure are increasing. Already the financial services and health care industries must deal with legislation and regulation on data privacy. Consumer concerns about data disclosure and misuse will inevitably expand the responsibility of your enterprise to secure customer information. Failure could expose you to legal liability, negative publicity, lost public trust, as well as cost you money and lost productivity. In this environment, your security planning must include a strategy for protecting sensitive databases against attack or misuse by encrypting key data elements. Whether you decide to implement encryption inside or outside the database, RSA Security recommends:• Encrypted inform ation should be stored separately from encryption keys.• Strong authentication should be used to identify users before they decrypt sensitive information.• Access to keys should be monitored, audited and logged.• Sensitive data should be encrypted end-to-end —while in transit in the application and while in storage in enterprise databases.。

DatabaseA database may be defined as a collection of interrelated data stored together with as little redundancy as possible to serve one or more applications in an optimal fashion; the data are stored so that they are independents of programs which use the data; a common and controlled approach is used in adding new data and in modifying and retrieving existing data within the data base one system is said to contain a collection of databases if they are entirely separate in structure.The restructuring should be possible without having to rewrite the application program and in general should cause as little upheaval as possible the ease with which a database can be changed will have a major effect on the rate at which data-processing application can be developed in a corporation.The term data independence is often quoted as being one of the main attributes of a database int implies that the data and the may be changed without changing the other, when a single setoff data items serves a variety of applications, different application programs perceive different relationships between the data items, to a large extent database organization is concerned with the as how and where the data are stored.A database used for many applications can have multiple interconnection referred to as entities. An entity may be a tangible object or no tangible if it has various properties which we may wish to record. It can describe the real world. The data item represents an attribute and the attribute must be associated which the relevant entity. We relevant entity we design values to the attributes one attribute has a special significance in that it identifies the entity.Logical data description is called a model.We must distinguish a record and a record examples, when talking about all personnel records when it is really a record type, not combined with its data value.A model is used to describe the database used storage in the database data item type and record types of general charts, subschema paragraph refers to an application programmer view of data, many different patterns can get from one mode. The schemaand the subschema are both used by the database management system the primary function of which is to serve the application programs by execution their data operations.A DBMS will usually be handling multiple data calls concurrently, it must organize its system buffers so that different data operations can be in process together, it provides a data definition language to specify the conceptual schema and most likely some of the details regarding the implementation of the conceptual schema by the physical schema the describe the conceptual schema in terms for a “data model”.The choice of a data model is a difficult one, since it must be such enough in structure to describe significant aspects of the real world, yet it must be possible to determine fairly automatically an efficient implementation of the conceptual conceptual schema by a physical schema. It should be emphasized that while a DBMS might be used to build small databases many databases involve millions of bytes and an inefficient implementation can be disastrous.The hierarchical and network structures have been used for DBMS since the 1960’s . the relational structure was introduced in the early 1970’s.In the relational model two-dimensional tables represent the entities and their relationships every table represents an entities are represented by common columns containing values from a domain or range of possible values .The end user is presented with a simple data model his and her request and don not reflect any complexities due to system-oriented aspects a relational data model is what the user sees , but it is mot necessarily what will be implemented physically.The relational data model removes the details of storage structure and access strategy from the user inter-face the model providers a relatively higher degree of data to make use of this property of the relational data model however, the design of the relations must be complete and accurate. Although some DBMS based on the relational data model are commercially available today it is difficult to provide a complete set of operational capabilities with required efficiency on a large scale it appears today that technological improvements in providing faster and more reliable hardware may answer the question positively.The hierarchical data model is based no a tree-like structure made up of nodes and branches a node is a collection of data attributes describing the entity at that opine the highest node of the hierarchical.A hierarchical data model always starts with a root node every node consists of one or more attributes describing the entity at that node dependent nodes can follow the succeeding levels the mode in the receding level becomes the parent node of the new dependent nodes a parent node can have one child node as a dependent or many children nodes the major advantage of the hierarchical data model is the existence of proven database management systems that use the hierarchical data model as the basic structure there is a reduction of data dependency but any child mode is accessible only in a clumsy way this often results in a redundancy in stored data.The database concept has evolved since the 1960s to ease increasing difficulties in designing, building, and maintaining complex information systems (typically with many concurrent end-users, and with a large amount of diverse data). It has evolved together with database management systems which enable the effective handling of databases. Though the terms database and DBMS define different entities, they are inseparable: a database's properties are determined by its supporting DBMS and vice-versa. With the progress in technology in the areas of processors, computer memory, computer storage and computer networks, the sizes, capabilities, and performance of databases and their respective DBMSs have grown in orders of magnitudes. For decades it has been unlikely that a complex information system can be built effectively without a proper database supported by a DBMS. The utilization of databases is now spread to such a wide degree that virtually every technology and product relies on databases and DBMSs for its development and commercialization, or even may have such embedded in it. Also, organizations and companies, from small to large, heavily depend on databases for their operations.No widely accepted exact definition exists for DBMS. However, a system needs to provide considerable functionality to qualify as a DBMS. Accordingly its supported data collection needs to meet respective usability requirements (broadly defined by therequirements below) to qualify as a database. Thus, a database and its supporting DBMS are defined here by a set of general requirements listed below. Virtually all existing mature DBMS products meet these requirements to a great extent, while less mature either meet them or converge to meet them.Database researchDatabase research has been an active and diverse area, with many specializations, carried out since the early days of dealing with the database concept in the 1960s. It has strong ties with database technology and DBMS products. Database research has taken place at research and development groups of companies (e.g., notably at IBM Research, who contributed technologies and ideas virtually to any DBMS existing today), research institutes, and Academia. Research has been done both through Theory and Prototypes. The interaction between research and database related product development has been very productive to the database area, and many related key concepts and technologies emerged from it. Notable are the Relational and the Entity-relationship models, related Concurrency,control,techniques,Query,languages,and Query,optimization metho ds, RAID, and more. Research has provided deep insight to virtually all aspects of databases, though not always has been pragmatic, effective (and cannot and should not always be: research is exploratory in nature, and not always leads to accepted or useful ideas). Ultimately market forces and real needs determine the selection of problem solutions and related technologies, also among those proposed by research. However, occasionally, not the best and most elegant solution wins (e.g., SQL). Along their history DBMSs and respective databases, to a great extent, have been the outcome of such research, while real product requirements and challenges triggered database research directions and sub-areas.The database research area has several notable dedicated academic journals and annual conferences(e.g.,ACM PODS, VLDB, IEEE ICDE, and more), as well as an active and quite heterogeneous (subject-wise) research community all over the world. Functional requirementsCertain general functional requirements need to be met in conjunction with a database. They describe what is needed to be defined in a database for any specific application.Defining the structure of data: Data modeling and Data definition languagesThe database needs to be based on a data model that is sufficiently rich to describe in the database all the needed respective application's aspects. A data definition language exists to describe the databases within the data model. Such language is typically data model specific.Manipulating the data: Data manipulation languages and Query languagesA database data model needs support by a sufficiently rich data manipulation language to allow all database manipulations and information generation (from the data) as needed by the respective application. Such language is typically data model specific. Protecting the data: Setting database security types and levelsThe DB needs built-in security means to protect its content (and users) from dangers of unauthorized users (either humans or programs). Protection is also provided from types of unintentional breach. Security types and levels should be defined by the database owners.Database designDatabase design is done before building it to meet needs of end-users within a given application/information-system that the database is intended to support. The database design defines the needed data and data structures that such a database comprises. A design is typically carried out according to the common three architectural levels of a database (see Database architecture above). First, the conceptual level is designed, which defines the over-all picture/view of the database, and reflects all the real-world elements (entities) the database intends to model, as well as the relationships among them. On top of it the external level, various views of the database, are designed according to (possibly completely different) needs of specific end-user types. More external views can be added later. External views requirements may modify the design of the conceptual level (i.e., add/remove entities and relationships), but usually a welldesigned conceptual level for an application well supports most of the needed external views. The conceptual view also determines the internal level (which primarily deals with data layout in storage) to a great extent. External views requirement may add supporting storage structures, like materialized views and indexes, for enhanced performance. Typically the internal layer is optimized for top performance, in an average way that takes into account performance requirements (possibly conflicting) of different external views according to their relative importance. While the conceptual and external levels design can usually be done independently of any DBMS (DBMS-independent design software packages exist, possibly with interfaces to some specific popular DBMSs), the internal level design highly relies on the capabilities and internal data structure of the specific DBMS utilized (see the Implementation section below).A common way to carry out conceptual level design is to use the Entity-relationship model (ERM) (both the basic one, and with possible enhancement that it has gone over), since it provides a straightforward, intuitive perception of an application's elements and semantics. An alternative approach, which preceded the ERM, is using the Relational model and dependencies (mathematical relationships) among data to normalize the database, i.e., to define the ("optimal") relations (data record or tupple types) in the database. Though a large body of research exists for this method it is more complex, less intuitive, and not more effective than the ERM method. Thus normalization is less utilized in practice than the ERM method.The ERM may be less subtle than normalization in several aspects, but it captures the main needed dependencies which are induced bykeys/identifiers of entities and relationships. Also the ERM inherently includes the important inclusion dependencies (i.e., an entity instance that does not exist (has not been explicitly inserted) cannot appear in a relationship with other entities) which usually have been ignored in normalization..Another aspect of database design is its security. It involves both defining access control to database objects (e.g., Entities, Views) as well as defining security levels and methods for the data itself.数据库一个数据库可以被定义成一个相关数据的集合，这个集合尽可能小的冗余为一个或多个应用程序在最理想的方式下服务，存贮数据的目的是使他们与使用数据的程序独立，一种相同的控制方法用于数据库更新数据和修改，恢复已存在的数据，如果一个系统在结构上完全分离，则他们被称为一个数据库集合。

DatabaseA database consists of an organized collection of data for one or more uses, typically in digital form. One way of classifying databases involves the type of their contents, for example: bibliographic, document-text, statistical. Digital databases are managed using database management systems, which store database contents, allowing data creation and maintenance, and search and other access. ArchitectureDatabase architecture consists of three levels, external, conceptual and internal. Clearly separating the three levels was a major feature of the relational database model that dominates 21st century databases.The external level defines how users understand the organization of the data. A single database can have any number of views at the external level. The internal level defines how the data is physically stored and processed by the computing system. Internal architecture is concerned with cost, performance, scalability and other operational matters. The conceptual is a level of indirection between internal and external. It provides a common view of the database that is uncomplicated by details of how the data is stored or managed, and that can unify the various external views into a coherent whole.Database management systemsA database management system (DBMS) consists of software that operates databases, providing storage, access, security, backup and other facilities. Database management systems can be categorized according to the database model that they support, such as relational or XML, the type(s) of computer they support, such as a server cluster or a mobile phone, the query language(s) that access the database, such as SQL or XQuery, performance trade-offs, such as maximum scale or maximum speed or others. Some DBMS cover more than one entry in these categories, e.g., supporting multiple query languages.Components of DBMSMost DBMS as of 2009[update] implement a relational model. Other DBMS systems, such as Object DBMS, offer specific features for more specialized requirements. Their components are similar, but not identical.RDBMS components•Sublanguages—Relational DBMS (RDBMS) include Data Definition Language (DDL) for defining the structure of the database, Data Control Language (DCL) for defining security/access controls, and Data Manipulation Language (DML) for querying and updating data.•Interface drivers—These drivers are code libraries that provide methods to prepare statements, execute statements, fetch results, etc. Examples include ODBC, JDBC, MySQL/PHP, FireBird/Python.•SQL engine—This component interprets and executes the DDL, DCL, and DML statements.It includes three major components (compiler, optimizer, and executor).•Transaction engine—Ensures that multiple SQL statements either succeed or fail as a group, according to application dictates.•Relational engine—Relational objects such as Table, Index, and Referential integrity constraints are implemented in this component.•Storage engine—This component stores and retrieves data from secondary storage, as well asmanaging transaction commit and rollback, backup and recovery, etc.ODBMS componentsObject DBMS (ODBMS) has transaction and storage components that are analogous to those in an RDBMS. Some ODBMS handle DDL, DCL and update tasks differently. Instead of using sublanguages, they provide APIs for these purposes. They typically include a sublanguage and accompanying engine for processing queries with interpretive statements analogous to but not the same as SQL. Example object query languages are OQL, LINQ, JDOQL, JPAQL and others. The query engine returns collections of objects instead of relational rows.TypesOperational databaseThese databases store detailed data about the operations of an organization. They are typically organized by subject matter, process relatively high volumes of updates using transactions. Essentially every major organization on earth uses such databases. Examples include customer databases that record contact, credit, and demographic information about a business' customers, personnel databases that hold information such as salary, benefits, skills data about employees, manufacturing databases that record details about product components, parts inventory, and financial databases that keep track of the organization's money, accounting and financial dealings.Data warehouseData warehouses archive historical data from operational databases and often from external sources such as market research firms. Often operational data undergoes transformation on its way into the warehouse, getting summarized, anonymized, reclassified, etc. The warehouse becomes the central source of data for use by managers and other end-users who may not have access to operational data. For example, sales data might be aggregated to weekly totals and converted from internal product codes to use UPC codes so that it can be compared with ACNielsen data. Analytical databaseAnalysts may do their work directly against a data warehouse, or create a separate analytic database for Online Analytical Processing. For example, a company might extract sales records for analyzing the effectiveness of advertising and other sales promotions at an aggregate level. Distributed databaseThese are databases of local work-groups and departments at regional offices, branch offices, manufacturing plants and other work sites. These databases can include segments of both common operational and com mon user databases, as well as data generated and used only at a user’s own site. End-user databaseThese databases consist of data developed by individual end-users. Examples of these are collections of documents in spreadsheets, word processing and downloaded files, or even managing their personal baseball card collection.External databaseThese databases contain data collect for use across multiple organizations, either freely or via subscription. The Internet Movie Database is one example.Hypermedia databasesThe Worldwide web can be thought of as a database, albeit one spread across millions of independent computing systems. Web browsers "process" this data one page at a time, while web crawlers and other software provide the equivalent of database indexes to support search and otheractivities.ModelsPost-relational database modelsProducts offering a more general data model than the relational model are sometimes classified as post-relational. Alternate terms include "hybrid database", "Object-enhanced RDBMS" and others. The data model in such products incorporates relations but is not constrained by E.F. Codd's Information Principle, which requires that all information in the database must be cast explicitly in terms of values in relations and in no other way.Some of these extensions to the relational model integrate concepts from technologies that pre-date the relational model. For example, they allow representation of a directed graph with trees on the nodes.Some post-relational products extend relational systems with non-relational features. Others arrived in much the same place by adding relational features to pre-relational systems. Paradoxically, this allows products that are historically pre-relational, such as PICK and MUMPS, to make a plausible claim to be post-relational.Object database modelsIn recent years[update], the object-oriented paradigm has been applied in areas such as engineering and spatial databases, telecommunications and in various scientific domains. The conglomeration of object oriented programming and database technology led to this new kind of database. These databases attempt to bring the database world and the application-programming world closer together, in particular by ensuring that the database uses the same type system as the application program. This aims to avoid the overhead (sometimes referred to as the impedance mismatch) of converting information between its representation in the database (for example as rows in tables) and its representation in the application program (typically as objects). At the same time, object databases attempt to introduce key ideas of object programming, such as encapsulation and polymorphism, into the world of databases.A variety of these ways have been tried for storing objects in a database. Some products have approached the problem from the application-programming side, by making the objects manipulated by the program persistent. This also typically requires the addition of some kind of query language, since conventional programming languages do not provide language-level functionality for finding objects based on their information content. Others have attacked the problem from the database end, by defining an object-oriented data model for the database, and defining a database programming language that allows full programming capabilities as well as traditional query facilities. Storage structuresDatabases may store relational tables/indexes in memory or on hard disk in one of many forms: •ordered/unordered flat files•ISAM•heaps•hash buckets•logically-blocked files•B+ treesThe most commonly used are B+ trees and ISAM.Object databases use a range of storage mechanisms. Some use virtual memory-mapped files tomake the native language (C++, Java etc.) objects persistent. This can be highly efficient but it can make multi-language access more difficult. Others disassemble objects into fixed- and varying-length components that are then clustered in fixed sized blocks on disk and reassembled into the appropriate format on either the client or server address space. Another popular technique involves storing the objects in tuples (much like a relational database) which the database server then reassembles into objects for the client.Other techniques include clustering by category (such as grouping data by month, or location), storing pre-computed query results, known as materialized views, partitioning data by range (e.g., a data range) or by hash.Memory management and storage topology can be important design choices for database designers as well. Just as normalization is used to reduce storage requirements and improve database designs, conversely denormalization is often used to reduce join complexity and reduc e query execution time.IndexingIndexing is a technique for improving database performance. The many types of index share the common property that they eliminate the need to examine every entry when running a query. In large databases, this can reduce query time/cost by orders of magnitude. The simplest form of index is a sorted list of values that can be searched using a binary search with an adjacent reference to the location of the entry, analogous to the index in the back of a book. The same data can have multiple indexes (an employee database could be indexed by last name and hire date.)Indexes affect performance, but not results. Database designers can add or remove indexes without changing application logic, reducing maintenance costs as the database grows and database usage evolves.Given a particular query, the DBMS' query optimizer is responsible for devising the most efficient strategy for finding matching data. The optimizer decides which index or indexes to use, how to combine data from different parts of the database, how to provide data in the order requested, etc.Indexes can speed up data access, but they consume space in the database, and must be updated each time the data are altered. Indexes therefore can speed data access but slow data maintenance. These two properties determine whether a given index is worth the cost.TransactionsMost DBMS provide some form of support for transactions, which allow multiple data items to be updated in a consistent fashion, such that updates that are part of a transaction succeed or fail in unison. The so-called ACID rules, summarized here, characterize this behavior:•Atomicity: Either all the data changes in a transaction must happen, or none of them. The transaction must be completed, or else it must be undone (rolled back).•Consistency: Every transaction must preserve the declared consistency rules for the database. •Isolation: Two concurrent transactions cannot interfere with one another. Intermediate results within one transaction must remain invisible to other transactions. The most extreme form of isolation is serializability, meaning that transactions that take place concurrently could instead be performed in some series, without affecting the ultimate result.•Durability: Completed transactions cannot be aborted later or their results discarded. They must persist through (for instance) DBMS restarts.In practice, many DBMSs allow the selective relaxation of these rules to balance perfect behavior with optimum performance.ReplicationDatabase replication involves maintaining multiple copies of a database on different computers, to allow more users to access it, or to allow a secondary site to immediately take over if the primary site stops working. Some DBMS piggyback replication on top of their transaction logging facility, applying the primary's log to the secondary in near real-time. Database clustering is a related concept for handling larger databases and user communities by employing a cluster of multiple computers to host a single database that can use replication as part of its approach.SecurityDatabase security denotes the system, processes, and procedures that protect a database from unauthorized activity.DBMSs usually enforce security through access control, auditing, and encryption:•Access control manages who can connect to the database via authentication and what they can do via authorization.•Auditing records information about database activity: who, what, when, and possibly where. •Encryption protects data at the lowest possible level by storing and possibly transmitting data in an unreadable form. The DBMS encrypts data when it is added to the database and decrypts it when returning query results. This process can occur on the client side of a network connection to prevent unauthorized access at the point of use.ConfidentialityLaw and regulation governs the release of information from some databases, protecting medical history, driving records, telephone logs, etc.In the United Kingdom, database privacy regulation falls under the Office of the Information Commissioner. Organizations based in the United Kingdom and holding personal data in digital format such as databases must register with the Office.LockingWhen a transaction modifies a resource, the DBMS stops other transactions from also modifying it, typically by locking it. Locks also provide one method of ensuring that data does not c hange while a transaction is reading it or even that it doesn't change until a transaction that once read it has completed.GranularityLocks can be coarse, covering an entire database, fine-grained, covering a single data item, or intermediate covering a collection of data such as all the rows in a RDBMS table.Lock typesLocks can be shared or exclusive, and can lock out readers and/or writers. Locks can be created implicitly by the DBMS when a transaction performs an operation, or explic itly at the transaction's request.Shared locks allow multiple transactions to lock the same resource. The lock persists until all such transactions complete. Exclusive locks are held by a single transaction and prevent other transactions from locking the same resource.Read locks are usually shared, and prevent other transactions from modifying the resource. Write locks are exclusive, and prevent other transactions from modifying the resource. On some systems, write locks also prevent other transactions from reading the resource.The DBMS implicitly locks data when it is updated, and may also do so when it is read.Transactions explicitly lock data to ensure that they can complete without a deadlock or other complication. Explic it locks may be useful for some administrative tasks.Locking can significantly affect database performance, especially with large and complex transactions in highly concurrent environments.IsolationIsolation refers to the ability of one transaction to see the results of other transactions. Greater isolation typically reduces performance and/or concurrency, leading DBMSs to provide administrative options to reduce isolation. For example, in a database that analyzes trends rather than looking at low-level detail, increased performance might justify allowing readers to see uncommitted changes ("dirty reads".)DeadlocksDeadlocks occur when two transactions each require data that the other has already locked exclusively. Deadlock detection is performed by the DBMS, which then aborts one of the transactions and allows the other to complete.From: Wikipedia, the free encyclopedia。

外文资料Database Management SystemsA database (sometimes spelled data base) is also called an electronic database , referring to any collection of data, or information, that is specially organized for rapid search and retrieval by a computer. Databases are structured to facilitate the storage, retrieval , modification, and deletion of data in conjunction with various data-processing operations .Databases can be stored on magnetic disk or tape, optical disk, or some other secondary storage device.A database consists of a file or a set of files. The information in these files may be broken down into records, each of which consists of one or more fields. Fields are the basic units of data storage , and each field typically contains information pertaining to one aspect or attribute of the entity described by the database . Using keywords and various sorting commands, users can rapidly search , rearrange, group, and select the fields in many records to retrieve or create reports on particular aggregate of data.Complex data relationships and linkages may be found in all but the simplest databases .The system software package that handles the difficult tasks associated with creating ,accessing, and maintaining database records is called a database management system(DBMS).The programs in a DBMS package establish an interface between the database itself and the users of the database.. (These users may be applications programmers, managers and others with information needs, and various OS programs.)A DBMS can organize, process, and present selected data elements form the database. This capability enables decision makers to search, probe, and query database contents in order to extract answers to nonrecurring and unplanned questions that aren’t available in regular reports. These questions might initially be vague and/or poorly defined ,but people can “browse”through the database until they have the needed information. In short, the DBMS will “manage” the stored data items and assemble the needed itemsfrom the common database in response to the queries of those who aren’t programmers.A database management system (DBMS) is composed of three major parts:(1)a storage subsystem that stores and retrieves data in files;(2) a modeling and manipulation subsystem that provides the means with which to organize the data and to add , delete, maintain, and update the data;(3)and an interface between the DBMS and its users. Several major trends are emerging that enhance the value and usefulness of database management systems;Managers: who require more up-to-data information to make effective decisionCustomers: who demand increasingly sophisticated information services and more current information about the status of their orders, invoices, and accounts.Users: who find that they can develop custom applications with database systems in a fraction of the time it takes to use traditional programming languages.Organizations : that discover information has a strategic value; they utilize their database systems to gain an edge over their competitors.The Database ModelA data model describes a way to structure and manipulate the data in a database. The structural part of the model specifies how data should be represented(such as tree, tables, and so on ).The manipulative part of the model specifies the operation with which to add, delete, display, maintain, print, search, select, sort and update the data.Hierarchical ModelThe first database management systems used a hierarchical model-that is-they arranged records into a tree structure. Some records are root records and all others have unique parent records. The structure of the tree is designed to reflect the order in which the data will be used that is ,the record at the root of a tree will be accessed first, then records one level below the root ,and so on.The hierarchical model was developed because hierarchical relationships are commonly found in business applications. As you have known, an organization char often describes a hierarchical relationship: topmanagement is at the highest level, middle management at lower levels, and operational employees at the lowest levels. Note that within a strict hierarchy, each level of management may have many employees or levels of employees beneath it, but each employee has only one manager. Hierarchical data are characterized by this one-to-many relationship among data.In the hierarchical approach, each relationship must be explicitly defined when the database is created. Each record in a hierarchical database can contain only one key field and only one relationship is allowed between any two fields. This can create a problem because data do not always conform to such a strict hierarchy.Relational ModelA major breakthrough in database research occurred in 1970 when E.F. Codd proposed a fundamentally different approach to database management called relational model ,which uses a table as its data structure.The relational database is the most widely used database structure. Data is organized into related tables. Each table is made up of rows called and columns called fields. Each record contains fields of data about some specific item. For example, in a table containing information on employees, a record would contain fields of data such as a person’s last name ,first name ,and street address.Structured query language(SQL)is a query language for manipulating data in a relational database .It is nonprocedural or declarative, in which the user need only specify an English-like description that specifies the operation and the described record or combination of records. A query optimizer translates the description into a procedure to perform the database manipulation.Network ModelThe network model creates relationships among data through a linked-list structure in which subordinate records can be linked to more than one parent record. This approach combines records with links, which are called pointers. The pointers are addresses that indicate the location of a record. With the network approach, a subordinate record can be linked to a key record and at the same time itself be a key record linked to other sets of subordinate records. The network mode historically has had a performanceadvantage over other database models. Today , such performance characteristics are only important in high-volume ,high-speed transaction processing such as automatic teller machine networks or airline reservation system.Both hierarchical and network databases are application specific. If a new application is developed ,maintaining the consistency of databases in different applications can be very difficult. For example, suppose a new pension application is developed .The data are the same, but a new database must be created.Object ModelThe newest approach to database management uses an object model , in which records are represented by entities called objects that can both store data and provide methods or procedures to perform specific tasks.The query language used for the object model is the same object-oriented programming language used to develop the database application .This can create problems because there is no simple , uniform query language such as SQL . The object model is relatively new, and only a few examples of object-oriented database exist. It has attracted attention because developers who choose an object-oriented programming language want a database based on an object-oriented model.Distributed DatabaseSimilarly , a distributed database is one in which different parts of the database reside on physically separated computers . One goal of distributed databases is the access of information without regard to where the data might be stored. Keeping in mind that once the users and their data are separated , the communication and networking concepts come into play .Distributed databases require software that resides partially in the larger computer. This software bridges the gap between personal and large computers and resolves the problems of incompatible data formats. Ideally, it would make the mainframe databases appear to be large libraries of information, with most of the processing accomplished on the personal computer.A drawback to some distributed systems is that they are often based on what is called a mainframe-entire model , in which the larger host computeris seen as the master and the terminal or personal computer is seen as a slave. There are some advantages to this approach . With databases under centralized control , many of the problems of data integrity that we mentioned earlier are solved . But today’s personal computers, departmental computers, and distributed processing require computers and their applications to communicate with each other on a more equal or peer-to-peer basis. In a database, the client/server model provides the framework for distributing databases.One way to take advantage of many connected computers running database applications is to distribute the application into cooperating parts that are independent of one anther. A client is an end user or computer program that requests resources across a network. A server is a computer running software that fulfills those requests across a network . When the resources are data in a database ,the client/server model provides the framework for distributing database.A file serve is software that provides access to files across a network. A dedicated file server is a single computer dedicated to being a file server. This is useful ,for example ,if the files are large and require fast access .In such cases, a minicomputer or mainframe would be used as a file server. A distributed file server spreads the files around on individual computers instead of placing them on one dedicated computer.Advantages of the latter server include the ability to store and retrieve files on other computers and the elimination of duplicate files on each computer. A major disadvantage , however, is that individual read/write requests are being moved across the network and problems can arise when updating files. Suppose a user requests a record from a file and changes it while another user requests the same record and changes it too. The solution to this problems called record locking, which means that the first request makes others requests wait until the first request is satisfied . Other users may be able to read the record, but they will not be able to change it .A database server is software that services requests to a database across a network. For example, suppose a user types in a query for data on his or her personal computer . If the application is designed with the client/server model in mind ,the query language part on the personal computer simplesends the query across the network to the database server and requests to be notified when the data are found.Examples of distributed database systems can be found in the engineering world. Sun’s Network Filing System(NFS),for example, is used in computer-aided engineering applications to distribute data among the hard disks in a network of Sun workstation.Distributing databases is an evolutionary step because it is logical that data should exist at the location where they are being used . Departmental computers within a large corporation ,for example, should have data reside locally , yet those data should be accessible by authorized corporate management when they want to consolidate departmental data . DBMS software will protect the security and integrity of the database , and the distributed database will appear to its users as no different from the non-distributed database .In this information age, the data server has become the heart of a company. This one piece of software controls the rhythm of most organizations and is used to pump information lifeblood through the arteries of the network. Because of the critical nature of this application, the data server is also the one of the most popular targets for hackers. If a hacker owns this application, he can cause the company's "heart" to suffer a fatal arrest.Ironically, although most users are now aware of hackers, they still do not realize how susceptible their database servers are to hack attacks. Thus, this article presents a description of the primary methods of attacking database servers (also known as SQL servers) and shows you how to protect yourself from these attacks.You should note this information is not new. Many technical white papers go into great detail about how to perform SQL attacks, and numerous vulnerabilities have been posted to security lists that describe exactly how certain database applications can be exploited. This article was written for the curious non-SQL experts who do not care to know the details, and as a review to those who do use SQL regularly.What Is a SQL Server?A database application is a program that provides clients with access todata. There are many variations of this type of application, ranging from the expensive enterprise-level Microsoft SQL Server to the free and open source mySQL. Regardless of the flavor, most database server applications have several things in common.First, database applications use the same general programming language known as SQL, or Structured Query Language. This language, also known as a fourth-level language due to its simplistic syntax, is at the core of how a client communicates its requests to the server. Using SQL in its simplest form, a programmer can select, add, update, and delete information in a database. However, SQL can also be used to create and design entire databases, perform various functions on the returned information, and even execute other programs.To illustrate how SQL can be used, the following is an example of a simple standard SQL query and a more powerful SQL query:Simple: "Select * from dbFurniture.tblChair"This returns all information in the table tblChair from the database dbFurniture.Complex: "EXEC master..xp_cmdshell 'dir c:\'"This short SQL command returns to the client the list of files and folders under the c:\ directory of the SQL server. Note that this example uses an extended stored procedure that is exclusive to MS SQL Server.The second function that database server applications share is that they all require some form of authenticated connection between client and host. Although the SQL language is fairly easy to use, at least in its basic form, any client that wants to perform queries must first provide some form of credentials that will authorize the client; the client also must define the format of the request and response.This connection is defined by several attributes, depending on the relative location of the client and what operating systems are in use. We could spend a whole article discussing various technologies such as DSN connections, DSN-less connections, RDO, ADO, and more, but these subjects are outside the scope of this article. If you want to learn more about them, a little Google'ing will provide you with more than enough information. However, the following is a list of the more common itemsincluded in a connection request.Database sourceRequest typeDatabaseUser IDPasswordBefore any connection can be made, the client must define what type of database server it is connecting to. This is handled by a software component that provides the client with the instructions needed to create the request in the correct format. In addition to the type of database, the request type can be used to further define how the client's request will be handled by the server. Next comes the database name and finally the authentication information.All the connection information is important, but by far the weakest link is the authentication information—or lack thereof. In a properly managed server, each database has its own users with specifically designated permissions that control what type of activity they can perform. For example, a user account would be set up as read only for applications that need to only access information. Another account should be used for inserts or updates, and maybe even a third account would be used for deletes. This type of account control ensures that any compromised account is limited in functionality. Unfortunately, many database programs are set up with null or easy passwords, which leads to successful hack attacks.译文数据库管理系统介绍数据库（database,有时拼作data base）又称为电子数据库，是专门组织起来的一组数据或信息，其目的是为了便于计算机快速查询及检索。

原文：Structure of the Relational database—《Database System Concepts》Part1: Relational Databases The relational model is the basis for any relational database management system (RDBMS).A relational model has three core components: a collection of obj ects or relations, operators that act on the objects or relations, and data integrity methods. In other words, it has a place to store the data, a way to create and retrieve the data, and a way to make sure that the data is logically consistent.A relational database uses relations, or two-dimensional tables, to store the information needed to support a business. Let's go over the basic components of a traditional relational database system and look at how a relational database is designed. Once you have a solid understanding of what rows, columns, tables, and relationships are, you'll be well on your way to leveraging the power of a relational database.Tables, Row, and ColumnsA table in a relational database, alternatively known as a relation, is a two-dimensional structure used to hold related information. A database consists of one or more related tables.Note: Don't confuse a relation with relationships. A relation is essentially a table, and a relationship is a way to correlate, join, or associate two tables.A row in a table is a collection or instance of one thing, such as one employee or one line item on an invoice. A column contains all the information of a single type, and the piece of data at the intersection of a row and a column, a field, is the smallest piece of information that can be retrieved with the database's query language. For example, a table with information about employees might have a column calledLAST_NAME that contains all of the employees' last names. Data is retrieved from a table by filtering on both the row and the column.Primary Keys, Datatypes, and Foreign KeysThe examples throughout this article will focus on the hypothetical work of Scott Smith, database developer and entrepreneur. He just started a new widget company and wants to implement a few of the basic business functions using the relational database to manage his Human Resources (HR) department.Relation: A two-dimensional structure used to hold related information, also known as a table.Note: Most of Scott's employees were hired away from one of his previous employers, some of whom have over 20 years of experience in the field. As a hiring incentive, Scott has agreed to keep the new employees' original hire date in the new database.Row:A group of one or more data elements in a database table that describes a person, place, or thing.Column:The component of a database table that contains all of the data of the same name and type across all rows.You'll learn about database design in the following sections, but let's assume for the moment that the majority of the database design is completed and some tables need to be implemented. Scott creates the EMP table to hold the basic employee information, and it looks something like this:Notice that some fields in the Commission (COMM) and Manager (MGR) columns do not contain a value; they are blank. A relational database can enforce the rule that fields in a column may or may not be empty. In this case, it makes sense for an employee who is not in the Sales department to have a blank Commission field. It also makes sense for the president of the company to have a blank Manager field, since that employee doesn't report to anyone.Field:The smallest piece of information that can be retrieved by the database query language. A field is found at the intersection of a row and a column in a database table.On the other hand, none of the fields in the Employee Number (EMPNO) column are blank. The company always wants to assign an employee number to an employee, and that number must be different for each employee. One of the features of a relational database is that it can ensure that a value is entered into this column and that it is unique. Th e EMPNO column, in this case, is the primary key of the table.Primary Key:A column (or columns) in a table that makes the row in the table distinguishable from every other row in the same table.Notice the different datatypes that are stored in the EMP ta ble: numeric values, character or alphabetic values, and date values.As you might suspect, the DEPTNO column contains the department number for the employee. But how do you know what department name is associated with what number? Scott created the DEPT table to hold the descriptions for the department codes in the EMP table.The DEPTNO column in the EMP table contains the same values as the DEPTNO column in the DEPT table. In this case, the DEPTNO column in the EMP table is considered a foreign key to the same column in the DEPT table.A foreign key enforces the concept of referential integrity in a relational database. The concept of referential integrity not only prevents an invalid department number from being inserted into the EMP table, but it also prevents a row in the DEPT table from being deleted if there are employees still assigned to that department.Foreign Key:A column (or columns) in a table that draws its values from a primary or unique key column in another table. A foreign key assists in ensuring the data integrity of a table. Referential Integrity A method employed by a relational database system that enforces one-to-many relationships between tables.Data ModelingBefore Scott created the actual tables in the database, he went through a design process known as data modeling. In this process, the developer conceptualizes and documents all the tables for the database. One of the common methods for mod eling a database is called ERA, which stands for entities, relationships, and attributes. The database designer uses an application that can maintain entities, their attributes, and their relationships. In general, an entity corresponds to a table in the database, and the attributes of the entity correspond to columns of the table.Data Modeling:A process of defining the entities, attributes, and relationships between the entities in preparation for creating the physical database.The data-modeling process involves defining the entities, defining the relationships between those entities, and then defining the attributes for each of the entities. Once a cycle is complete, it is repeated as many times as necessary to ensure that the designer is capturing what is important enough to go into the database. Let's take a closer look at each step in the data-modeling process.Defining the EntitiesFirst, the designer identifies all of the entities within the scope of the database application.The entities are the pers ons, places, or things that are important to the organization and need to be tracked in the database. Entities will most likely translate neatly to database tables. For example, for the first version of Scott's widget company database, he identifies four entities: employees, departments, salary grades, and bonuses. These will become the EMP, DEPT, SALGRADE, and BONUS tables.Defining the Relationships Between EntitiesOnce the entities are defined, the designer can proceed with defining how each of the entities is related. Often, the designer will pair each entity with every other entity and ask, "Is there a relationship between these two entities?" Some relationships are obvious; some are not.In the widget company database, there is most likely a relations hip between EMP and DEPT, but depending on the business rules, it is unlikely that the DEPT and SALGRADE entities are related. If the business rules were to restrict certain salary grades to certain departments, there would most likely be a new entity that defines the relationship between salary grades and departments. This entity wouldbe known as an associative or intersection table and would contain the valid combinations of salary grades and departments.Associative Table:A database table that stores th e valid combinations of rows from two other tables and usually enforces a business rule. An associative table resolves a many-to-many relationship.In general, there are three types of relationships in a relational database:One-to-many The most common type of relationship is one-to-many. This means that for each occurrence in a given entity, the parent entity, there may be one or more occurrences in a second entity, the child entity, to which it is related. For example, in the widget company database, the DEPT entity is a parent entity, and for each department, there could be one or more employees associated with that department. The relationship between DEPT and EMP is one-to-many.One-to-one In a one-to-one relationship, a row in a table is related to only one or none of the rows in a second table. This relationship type is often used for subtyping. For example, an EMPLOYEE table may hold the information common to all employees, while the FULLTIME, PARTTIME, and CONTRACTOR tables hold information unique to full-time employees, part-time employees, and contractors, respectively. These entities would be considered subtypes of an EMPLOYEE and maintain a one-to-one relationship with the EMPLOYEE table. These relationships are not as common as one-to-many relationships, because if one entity has an occurrence for a corresponding row in another entity, in most cases, the attributes from both entities should be in a single entity.Many-to-many In a many-to-many relationship, one row of a table may be related to man y rows of another table, and vice versa. Usually, when this relationship is implemented in the database, a third entity isdefined as an intersection table to contain the associations between the two entities in the relationship. For example, in a database used for school class enrollment, the STUDENT table has a many-to-many relationship with the CLASS table—one student may take one or more classes, and a given class may have one or more students. The intersection table STUDENT_CLASS would contain the comb inations of STUDENT and CLASS to track which students are in which classes.Once the designer has defined the entity relationships, the next step is to assign the attributes to each entity. This is physically implemented using columns, as shown here for th e SALGRADE table as derived from the salary grade entity.After the entities, relationships, and attributes have been defined, the designer may iterate the data modeling many more times. When reviewing relationships, new entities may be discovered. For exa mple, when discussing the widget inventory table and its relationship to a customer order, the need for a shipping restrictions table may arise.Once the design process is complete, the physical database tables may be created. Logical database design sessions should not involve physical implementation issues, but once the design has gone through an iteration or two, it's the DBA's job to bring the designers "down to earth." As a result, the design may need to be revisited to balance the ideal database implementation versus the realities of budgets andschedules.译文：关系数据库的结构—《数据库系统结构》第一章：关系数据库关系模型是任何关系数据库管理系统（RDBMS）的基础。

数据库外文参考文献及翻译数据库外文参考文献及翻译SQL ALL-IN-ONE DESK REFERENCE FOR DUMMIESData Files and DatabasesI. Irreducible complexityAny software system that performs a useful function is going to be complex. The more valuable the function, the more complex its implementation will be. Regardless of how the data is stored, the complexity remains. The only question is where that complexity resides. Any non-trivial computer application has two major components: the program the data. Although an application’s level of complexity depends on the task to be performed, developers have some control over the location of that complexity. The complexity may reside primarily in the program part of the overall system, or it may reside in the data part.Operations on the data can be fast. Because the programinteracts directly with the data, with no DBMS in the middle, well-designed applications can run as fast as the hardware permits. What could be better? A data organization that minimizes storage requirements and at the same time maximizes speed of operation seems like the best of all possible worlds. But wait a minute . Flat file systems came into use in the 1940s. We have known about them for a long time, and yet today they have been almost entirely replaced by database s ystems. What’s up with that? Perhaps it is the not-so-beneficial consequences。

Database Security“Why do I need to secure my database server? No one can access it —it’s in a DMZ protected by the firewall!” This is often the response when it is recommended that such devices are included within a security health check. In fact, database security is paramount in defending an organizations information, as it may be indirectly exposed to a wider audience than realized.This is the first of two articles that will examine database security. In this article we will discuss general database security concepts and common problems. In the next article we will focus on specific Microsoft SQL and Oracle security concerns.Database security has become a hot topic in recent times. With more and more people becoming increasingly concerned with computer security, we are finding that firewalls and Web servers are being secured more than ever(though this does not mean that there are not still a large number of insecure networks out there). As such, the focus is expanding to consider technologies such as databases with a more critical eye.◆Common sense securityBefore we discuss the issues relating to database security it is prudent to high- light the necessity to secure the underlying operating system and supporting technologies. It is not worth spending a lot of effort securing a database if a vanilla operating system is failing to provide a secure basis for the hardening of the data- base. There are a large number of excellent documents in the public domain detailing measures that should be employed when installing various operating systems.One common problem that is often encountered is the existence of a database on the same server as a web server hosting an Internet (or Intranet) facing application. Whilst this may save the cost of purchasing a separate server, it does seriously affect the security of the solution. Where this is identified, it is often the case that the database is openly connected to the Internet. One recent example I can recall is an Apache Web server serving an organizations Internet offering, with an Oracle database available on the Internet on port 1521. When investigating this issue further it was discovered that access to the Oracle server was not protected (including lack of passwords), which allowed the server to be stopped. The database was not required from an Internet facing perspective, but the use of default settings and careless security measures rendered the server vulnerable.The points mentioned above are not strictly database issues, and could be classified as architectural and firewall protection issues also, but ultimately it is the database that is compromised. Security considerations have to be made from all parts of a public facing net- work. You cannot rely on someone or something else within your organization protecting your database fr om exposur e.◆ Attack tools are now available for exploiting weaknesses in SQL and OracleI came across one interesting aspect of database security recently while carrying out a security review for a client. We were performing a test against an intranet application, which used a database back end (SQL) to store client details. The security review was proceeding well, with access controls being based on Windows authentication. Only authenticated Windows users were able to see data belonging to them. The application itself seemed to be handling input requests, rejecting all attempts to access the data- base directly.We then happened to come across a backup of the application in the office in which we were working. This media contained a backup of the SQL database, which we restored onto our laptop. All security controls which were in place originally were not restored with the database and we were able to browse the complete database, with no restrictions in place to protect the sensitive data. This may seem like a contrived way of compromising the security of the system, but does highlight an important point. It is often not the direct approach that is taken to attack a target, and ultimately the endpoint is the same; system compromise. A backup copy of the database may be stored on the server, and thus facilitates access to the data indirectly.There is a simple solution to the problem identified above. SQL 2000 can be configured to use password protection for backups. If the backup is created with password protection, this password must be used when restoring the password. This is an effective and uncomplicated method of stopping simple capture of backup data. It does however mean that the password must be remembered!◆Curr ent tr endsThere are a number of current trends in IT security, with a number of these being linked to database security.The focus on database security is now attracting the attention of the attackers. Attack tools are now available for exploiting weaknesses in SQL and Oracle. The emergence of these tools has raised the stakes and we have seen focused attacks against specific data- base ports on servers exposed to the Internet.One common theme running through the security industry is the focus on application security, and in particular bespoke Web applications. With he functionality of Web applications becoming more and more complex, it brings the potential for more security weaknesses in bespoke application code. In order to fulfill the functionality of applications, the backend data stores are commonly being used to format the content of Web pages. This requires more complex coding at the application end. With developers using different styles in code development, some of which are not as security conscious as other, this can be the source of exploitable errors.SQL injection is one such hot topic within the IT security industry at the moment. Discussions are now commonplace among technical security forums, with more and more ways and means of exploiting databases coming to light all the time. SQL injection is a misleading term, as the concept applies to other databases, including Oracle, DB2 and Sybase.◆ What is SQL Injection?SQL Injection is simply the method of communication with a database using code or commands sent via a method or application not intended by the developer. The most common form of this is found in Web applications. Any user input that is handled by the application is a common source of attack. One simple example of mishandling of user input is highlighted in Figure 1.Many of you will have seen this common error message when accessing web sites, and often indicates that the user input has not been correctly handled. On getting this type of error, an attacker will focus in with more specific input strings.Specific security-related coding techniques should be added to coding standard in use within your organization. The damage done by this type of vulnerability can be far reaching, though this depends on the level of privileges the application has in relation to the database.If the application is accessing data with full administrator type privileges, then maliciously run commands will also pick up this level of access, and system compromise is inevitable. Again this issue is analogous to operating system security principles, where programs should only be run with the minimum of permissions that is required. If normal user access is acceptable, then apply this restriction.Again the problem of SQL security is not totally a database issue. Specific database command or requests should not be allowed to pass through theapplication layer. This can be prevented by employing a “secure coding” approach.Again this is veering off-topic, but it is worth detailing a few basic steps that should be employed.The first step in securing any application should be the validation and control of user input. Strict typing should be used where possible to control specific data (e.g. if numeric data is expected), and where string based data is required, specific non alphanumeric characters should be prohibited where possible. Where this cannot be performed, consideration should be made to try and substitute characters (for example the use of single quotes, which are commonly used in SQL commands).Specific security-related coding techniques should be added to coding standard in use within your organization. If all developers are using the same baseline standards, with specific security measures, this will reduce the risk of SQL injection compromises.Another simple method that can be employed is to remove all procedures within the database that are not required. This restricts the extent that unwanted or superfluous aspects of the database could be maliciously used. This is analogous to removing unwanted services on an operating system, which is common security practice.◆ OverallIn conclusion, most of the points I have made above are common sense security concepts, and are not specific to databases. However all of these points DO apply to databases and if these basic security measures are employed, the security of your database will be greatly improved.The next article on database security will focus on specific SQL and Oracle security problems, with detailed examples and advice for DBAs and developers.There are a lot of similarities between database security and general IT security, with generic simple security steps and measures that can be (and should be) easily implemented to dramatically improve security. While these may seem like common sense, it is surprising how many times we have seen that common security measures are not implemented and so causea security exposure.◆User account and password securityOne of the basic first principals in IT security is “make su re you have a good password”. Within this statement I have assumed that a password is set in the first place, though this is often not the case.I touched on common sense security in my last article, but I think it is important to highlight this again. As with operating systems, the focus of attention within database account security is aimed at administrationaccounts. Within SQL this will be the SA account and within Oracle it may be the SYSDBA or ORACLE account.It is very common for SQL SA accounts to have a password of ‘SA’ or even worse a blank password, which is just as common. This password laziness breaks the most basic security principals, and should be stamped down on. Users would not be allowed to have a blank password on their own domain account, so why should valuable system resources such as databases be allowed to be left unprotected. For instance, a blank ‘SA’password will enable any user with client software (i.e. Microsoft query analyser or enterprise manager to ‘manage’ the SQL server and databases).With databases being used as the back end to Web applications, the lack of password control can result in a total compromise of sensitive information. With system level access to the database it is possible not only to execute queries into the database, create/modify/delete tables etc, but also to execute what are known as Stored Procedures.数据库安全“为什么要确保数据库服务安全呢？任何人都不能访问-这是一个非军事区的保护防火墙”，当我们被建议使用一个带有安全检查机制的装置时，这是通常的反应。

DBA词典：数据库设计常用词汇中英文对照表1. Access method（访问方法）：此步骤包括从文件中存储和检索记录。

2. Alias（别名）：某属性的另一个名字。

在SQL中，可以用别名替换表名。

3. Alternate keys（备用键，ER/关系模型）：在实体/表中没有被选为主健的候选键。

4. Anomalies（异常）参见更新异常（update anomalies）5. Application design（应用程序设计）：数据库应用程序生命周期的一个阶段，包括设计用户界面以及使用和处理数据库的应用程序。

6. Attribute（属性）（关系模型）：属性是关系中命名的列。

7. Attribute（属性）（ER模型）：实体或关系中的一个性质。

8. Attribute inheritance（属性继承）：子类成员可以拥有其特有的属性，并且继承那些与超类有关的属性的过程。

9. Base table（基本表）：一个命名的表，其记录物理的存储在数据库中。

10. Binary relationship（二元关系）：一个ER术语，用于描述两个实体间的关系。

例如，panch Has Staff。

11. Bottom-up approach（自底向上方法）：用于数据库设计，一种设计方法学，他从标识每个设计组建开始，然后将这些组件聚合成一个大的单元。

在数据库设计中，可以从表示属性开始底层设计，然后将这些属性组合在一起构成代表实体和关系的表。

12. Business rules（业务规则）：由用户或数据库的管理者指定的附加规则。

13. Candidate key（候选键，ER关系模型）：仅包含唯一标识实体所必须得最小数量的属性/列的超键。

14. Cardinality（基数）：描述每个参与实体的可能的关系数目。

15. Centralized approach（集中化方法,用于数据库设计）：将每个用户试图的需求合并成新数据库应用程序的一个需求集合16. Chasm trap（深坑陷阱）：假设实体间存在一根，但某些实体间不存在通路。

关于计算机网络数据库安全技术方案浅探On the computer network database security technology scheme of in English论文摘要：随着因特网和数据库技术的迅速发展，网络数据库的安全性问题显得尤为重要，并已经成为现今网络信息系统建设中的一个最为关键的问题。

本文简要概述了现今网络数据库技术所面临的安全性威胁，以此为出发点，对计算机网络数据库安全技术方案进行了相关探讨。

Abstract: with the advent of the Internet and the rapid development of database technology, network database security issues appear particularly important, and has become one of the network information system construction is one of the most critical problem. This article provides a brief overview of current network database technology facing security threats, as a starting point, on the computer network database security technology scheme of.计算机网络环境中的信息存储和管理都是由网络数据库来实现的，而随着计算机网络技术的广泛普及和快速发展，网络数据库的安全性已经成为整个计算机网络安全领域中的一个极为重要的问题。

网络数据库是一种开放环境下的信息仓库，存储着大量非常重要的数据信息，一旦遭受各个方面的不可预测的安全攻击，就将给用户带来不可估量的损失，如此大的安全隐患不得不让我们纳入考虑范畴并加以防范。

英文译文数据库安全Paul MorrisonAmericaPART 1“为什么要确保数据库服务安全呢？任何人都不能访问-这是一个非军事区的保护防火墙”，当我们被建议使用一个带有安全检查机制的装置时，这是通常的反应。

事实上，在防护一个组织的信息方面，数据库的安全是至高无上的，因为它可能会间接接触比我们意识到的更广泛的用户。

这是两篇研究数据库安全文章中的第一篇。

在这篇文章中我们将讨论一般数据库安全概念和和比较普遍的问题。

在下篇文章，我们将把焦点放在特定的Microsoft SQL和Oracle的安全关注上。

近来数据库安全已成为一个热门话题。

随着越来越多的人关注计算机安全，我们发现，防火墙和网络服务器比以前都更加安全化了（虽然这并不等于说现在不再有许多不安全的网络存在）。

因此，重点是加大对技术的考虑力度，譬如以更细腻的审查态度对待数据库。

◆一般安全意识在我们讨论有关数据库安全问题之前，确保底层操作系统和支撑技术的安全是审慎而且必要的。

如果一个vanilla操作系统无法为数据库提供一个稳妥可靠的安全基础，花费太多努力去确保数据库安全是不值得的。

当安装操作系统时，有许多好的文献资料可以参考。

经常遇到的一个普遍问题，就是作为网络服务器托管Internet(or Intranet)的同一服务器上数据库的应用。

虽然这可能节省的购买一个单独的服务器费用，但这严重影响了安全问题。

如果这是确定的，当数据库开放地连接到互联网这种情况被证实了。

最近的一个例子，我记得是一个Apache网络服务器系统服务组织在互联网上提供的，与Oracle 数据库在互联网上提供有关端口1521。

在调查这个问题时进一步被发现，访问该Oracle 服务器是没有服务器加以制止之类的保护措施的（包括缺乏密码）。

从互联网发展前景看，这个数据库是不被推崇的，但默认设置的使用以及粗糙的安全措施，使服务器更加脆弱。

上面提到的问题并不是严格地数据库问题，还可以被归类为构建机制和防火墙保护问题，但最终它确是数据库，这是毫不妥协的。

科技外文文献Microsoft Future "Soul" - SQL Server 2005 Exploration SecretAuthor : CHEN Bao-linSQL Server development "Brief History"At the beginning of this before, let us look at Microsoft SQL Server development "Brief History."1988 : SQL Server from Microsoft and Sybase common development, running on OS / 2 platform.1993-09-14 : SQL Server 4.2, a desktop database system contains less functional. Integration with Windows and to provide easy-to-use user interface.1994 : Microsoft and Sybase database in cooperation in the development of suspension.1995 : SQL Server 6.0, code-named "SQL95" Microsoft rewriting most of the core system. Provide a low-cost small business application database program.1996-04-16 : SQL Server 6.5, This version brings significant performance improvement and providing a wide variety of useful functions.1998-11-16 : SQL Server 7.0, code-named "Sphinx." Completely rewritten core database engine, providing small and medium business applications database program, contains the initial Web support. SQL Server starting from this version has been widely used.2000-08-07 : the birth of SQL Server 2000, code-named "Shiloh." Microsoft to produce the product has been defined as enterprise-class database system, which includes three components (DB, OLAP, English Query). Rich front-end tools, improved development tools, and XML support, the promotion of this version of the promotion and application. And contains the following several versions.Enterprise Edition : through the deployment of cluster TB-class support services giant databases and thousands of concurrent users online.Standard Edition : to support SMEs.Personal version : support desktop applications.Developer : staff development for enterprises and Windows CE build enterprise applications.Window CE Version : can be applied to any Windows CE mobile devices.2003-04-24 : SQL Server 2000, 64-bit version. Codenamed "Liberty" has been and Unix / Linux Oracle compete.2005-11-07 : SQL Server 2005, codenamed "Yukon" Microsoft SQL Server products to the latest version. Microsoft commented that the status of this product took five years of major changes, a landmark product. Microsoft SQL Server 4.2 to 2005. Microsoft since the early 1990s to enter the database market, SQL Server 2005 until the launch, behaved like an enterprise database from the market to lead the followers of the restructuring, sword was sharpened for 10 years, through many a storm, Microsoft already enterprises database management perspective extends to a broader and deeper realm, the paper attempts to explore the history, Aggregate Microsoft SQL Server formative history.1987 Sysbase developed Unix systems running SQL Server version. In 1988, Microsoft invited the then momentum in the database fields are busy Sysbase. joint development of SQL server. "Sima heart erased", Microsoft tried to enter the database market moves obviously, and, database market is bound to whip up some wind action. Sure enough, after 10 years of market access database for the intense period of the Warring States. 1993-04-12, Microsoft SQL Server version 4.2. And before the introduction of Windows NT echoed that Microsoft officially entered the enterprise applications market. And the SQL Server database and the enterprise is the most important. Although SQL Server 4.2 while still just a desktop version, but there has been considerablepotential. 1994, Microsoft and Sybase formal suspension of the database development cooperation This meaningfully.From 1995 to 2000, Microsoft has adopted 6.0, 6.5,7.0, 2000 Version 4. From the perspective view, SQL Server 2000 version has been able to provide the following services.Online Services (On-line services) : "On-Line" refers to real-time online users use data services.Online transaction processing OLTP (On-Line Transaction Processing) : OLTP operation by the order-processing services transactions, or transactions follow completion or undoes all the principles. It also did not include the type of services. This is a sector that is the most universal and most widely forms of service. Analysis of online services OLAP (On-Line Analytical Processing) : OLAP is a kind of multidimensional data display (such as data warehousing, data mart, data cube), usually to do data mining. As OLTP used to operate and SQL data definition, OLAP is used and MDX (MultiDimensional Expressions) visit and definitions of data. From the technical structure of SQL Server 2000, as follows.Data structure•physical structure of data structure.•logical framework : how to define Tables, ro ws, columns, and other data objectsData Processing• data processing storage engine : it is responsible for dealing with how the data retention.• engine : it is responsible for how the data for the visit and relations.• SQL Server Agent : it is respo nsible for task scheduling and events management.Data manipulation• DB APIs : ADO (ActiveX Data Objects).OLE DB (linking and embedding data objects).DB-Library for C + +.ODBC (Open Data Internet).ESQL (Embedded SQL.)• URLs (uniform resource locat or address).• English inquiries (English Query).SQL Server Enterprise Manager.Tools : Inquiry analyzers, DTS (Data Transformation Services), Backup and restore and replication, metadata services, storage expansion process, SQL tracking, can be used for performance tuning.Experiences from users, SQL Server 2000 version of a number of new characteristics, such as XML support, many examples of support, data warehouse and business intelligence to enhance performance and scalability will improve, operating guide, and the inquiries, DTS, Transact SQL enhancements.From the license price, Microsoft SQL Server 2000, the price and total cost of ownership (TCO) only to the Oracle or D B2 2 / 1 to 1 / 3.In summary, Microsoft high-performance low-cost access to the product concept on the market success SQL Server 2000 database can meet the OLTP and OLAP application deployment, and better performance, and prices relative Oracle, DB2 and other databases low. Meanwhile, SQL Server 2000 Enterprise Edition also includes the standard version and other versions to meet different levels of user demand, These factors prompted the SQL Server 2000 was a significant part of the SME market share Microsoft has the opportunity to enter the mainstream database vendors ranks.At the same time, we should realize that SQL Server 2000 and Oracle launched late in the G 10 high-end enterprise-level functions in surviving deficient, so bridging the gap to catch up on the historic mission to the code-named "Yukon," the new version.Killer code-named "Yukon"From the 1989 release of Microsoft SQL Server 1.0 is now a full 15 years. In that 15 years of SQL Server fromscratch, from small to large, experiencing a once legendary. It has not only eroded with IBM, Oracle database market share, and the next generation of SQL Server has begun to gradually become the next Windows operating system core. China and the Bill Gates mouth • The constant repetition of "seamless calculation" is the core of Yukon, The code-named "Yukon," the next generation of our database will be brought into what kind of world? Internet "soft" pillarIn today's era of the network, data searching,data storage, classification of data, etc. All this has become the Internet network constitutes the "soft" pillars, and the database system is the pillar of the most critical. If there is no database support, we would never be able to Google or Baidu in the search for the information they need. can not use the convenient electronic mailbox, but that Network World because it is a large database consisting of.According to IDC's latest data show that the global database software market seems to be stirring Tension 2003 total revenue reached 13.6 billion U.S. dollars, compared with 2002's 12.6 billion U.S. dollars have increased. Oracle, IBM and Microsoft now controls 75% market share. Oracle last year for a market share of 39.8%, 31.3% for IBM, Microsoft to 12.1%.What is the database? In the University's computer textbooks, the database is being interpreted in this way : The database is the computer application system in a specialized data resource management system. There are many forms of data, such as text, digital, symbols, graphics, images and voices, and so on. All computer data system to deal with the subject. People familiar approach of a document is produced, will soon compile a program processing documents, will be covered by the procedural requirements of data organized into data files, documentation of procedures to call. Data files and program files maintain a certain relationship. Computer Application in the rapid development of the situation, by means of such a document will highlight deficiencies. For example, it allows poor definitive data, facilitate transplantation, in different documents stored information much duplication and waste of storage space, Update inconvenience. Database system will solve this problem. Database systems from the application of specific procedures, but based on the data management, All data will be stored in a database, scientific organizations, and by means of the database management system, using it as an intermediary, with a variety of applications or application interface to make it easy access to the data in the database.This note describes is indeed very detailed, but you may not always seem dizziness, In fact, a simple database that is after a group of computer collation of data stored in one or more documents, and the management of the database software called on the database management system. A general database system (104217) can be divided into the database (Database ) and Data Management System (Database Management System, DBMS) in two parts, all of these constitute the Internet is a "soft" pillars all.Microsoft's SQL Server database software, as many of the upgrade from 6.5 to the 7.0 version, gradually become mainstream database software, and SQL Server 2000 also proved that the Windows operating system can bear the same high-end data application, as the mainstream business application of database management software. It broke the rule by the large Unix database software myth and the next generation of SQL Server 2005 there will be what kind of change?Live Yukon core secretsMicrosoft in the next version of SQL Server (codenamed "Yukon") at the planning stage , considered more of the future development of the database, and SQL Server programming capabilities. Microsoft's internal development staff had long been aware that the future must introduce a more unified programming model but for a different data model to provide more flexibility. The unified programming model means that the ordinary data access and operation tasks can be carried out through various channels. For example, you can choose to use XML or Framework, or Transact-S QL (T-SQL) code, and so on.Such planning will result is a new database programming platform, which in many ways a natural extension. First, host. NET Framework common language runtime (CLR) to the function of the process of expansion of database programming and managed code area. Secondly,. NET framework provides a host integration from within SQL Server powerful object database functions. XML is the in-depth support functions through the XML data typeto achieve, and It has a data type of relationship between all the functions. In addition, also added a pair of XML Query (XQuery) and XML structure definition language (XSD) standard server support. Finally, SQL Server Yukon includes T-SQL language to enhance the important function.XML in SQL Server Yukon's history really began with SQL Server 2000. SQL Server 2000 with the introduction of the XML format to relational data. large load and segmentation XML documents and databases will be open targets for XML-based Web services, and other functions, However Yukon provide a more senior XML Query function, After perfecting the Y ukon will be full play all of the advantages of XML. XML Why so critical? In fact, from the initial XML an alternative HTML said the technical development of a line format, now be seen as a storage format. XML lasting memory has drawn widespread attention, the Internet has also been a lot of XML data type applications. XML itself can be an across any platform data format, It started as a file format for use, as XML in the enterprise has been widely recognized, Users began to use XML to solve thorny business problems, such as data integration. This makes as a data storage format XML development today, Because XML can be displayed on any platform to produce the same results, XML has become a mainstream database storage format. This built-in the Yukon comprehensive XML support will trigger a new database technology revolution.These new programming models and enhanced common language to create a series of programmable, They complement and expand the current relational database model. This architecture has the ultimate aim is to build more scalable, more reliable, more robust applications, and to enhance the development of efficiency. These models Another result is a service called SQL Agent new application framework -- for Asynchronous sources delivering the Distributed Application Framework.Yukon joining century gambleConstantly talking before we say a string of technology advantages, then you may very curious, Why should we introduce this appears to be a high-end database application software technologies? Perhaps we should kick the answer.The richest on Earth doing computer predictions for the future, he believes, in the next world, every one ordinary computer will have a large enough super hard disks, At that time the hard disk is no longer simply an 80 GB is likely to be 80 TB, Although it is only a change GB TB, but that means hard disk capacity of a full upgrade of 1000 times. And the existing Windows disk data storage NTFS format, simply unable to cope with such a large capacity hard disk data search. Said an image of the example, if the 100 TB of disk space on your computer, At that time, or you use Windows XP, You collate debris disk of the time required is likely to be for two days and two nights, if you want to find a particular document, You will have waited for several hours. That feeling is like to return to 286 times.In order to solve this thorny problem, the next generation Windows operating system Longhorn decided with the previous non-Windows diametrically with the programming model. The core is Avalon (development code). Avalon is the new Windows GUI library. New Longhorn into the Indigo (Web services) and WinFS (file system) of the new function. Including Avalon, these three new function called hell. Longhorn is the founder of a new "local" API. Although now is to the Win32 API compatibility and grow, However, to use the new Longhorn functions, under normal circumstances the use of hell. Max belongs to the present. NET Framework in the city. Present. NET Framework used in the category, which has hell, DLL support for the procedural mechanisms and the operation. NET basically the same.. NET Framework in SQL Server Yukon Availability when major version upgrade ( Major VersionUp), the specific date is the end of 2004. In the Yukon. NET Framework to run. In the storage process (Stored Procedures) use. NET Framework The class library. Yukon operations. NET Framework version 2.0. Supplementary to the present. NET Framework 1.1 is no relevant category of multimedia. WinFS use Yukon engines. In other words, Longhorn, the file system will use database engine.This time you understand, the next generation Windows operating system, the whole document data management will be introduced SQL Server configuration management, when Our computer data querycapabilities, data integration capability will be greatly enhanced. This of course, that the rich keep saying that the "seamless calculation" is a critical step on Microsoft, Let database software and operating systems integration projects century is undoubtedly a gamble, which, if successful, Microsoft will gradually become the dominant database, but if it fails, The almost even harden the next generation Windows listing of the normal schedule.Microsoft has provided some tools for SQL server and client applications on the network between the transmission of data increases secret. However, the Microsoft product manager said Kirsten Ward, plans to release next year a new SQL Server database will be stored in the data encryption, Hacker attacks increase defense capabilities.Microsoft earlier this year "SQL Server 2005" release time postponed until the first half of next year. The database software will enhance the launch of Microsoft database computing power and better with Oracle and IBM compete. Microsoft will also introduce a unified storage concept, locating and retrieving data more convenient. Oracle in Windows and Unix database market has been in a leading position. However, the recently adopted this year, Microsoft SQL Server to increase more advanced functions have also made remarkable progress.In addition, Microsoft will also provide a service called "Best Practices Analyzer Tool" (best practice analyzer tool) software. Database administrators can use the software using Microsoft editor of the Guide database software debugging. This applies to software tools for Microsoft database software current version "SQL Server 2000" and to provide a database administrator in various fields Operations Guide, For example, how to improve performance and how to conduct more effective data backup and so on.Ward said that the software tool also includes an "Upgrade Advisor" procedure. This procedure can scan database programs and warned "SQL Server 2000" users to make the necessary amendments changed so that the procedures compatible with the upcoming launch of the "SQL Server 2005."(Source : China Computer Education)中文译文微软未来的“灵魂”—SQL Server 2005探密作者：陈宝林SQL Server的发展“简史”在开始本文之前，先让我们来看一下微软SQL Server的发展“简史”。

数据安全与评估英文Data Security and AssessmentData security refers to the protection of digital information from unauthorized access, use, disclosure, disruption, modification, or destruction. It encompasses various measures and technologies designed to safeguard sensitive data and mitigate the risks associated with data breaches and cyber threats.Assessing data security involves evaluating the effectiveness of an organization's security controls and practices to identify vulnerabilities and address them proactively. This process includes conducting risk assessments, vulnerability assessments, penetration testing, and security audits.Risk assessments involve identifying potential threats, analyzing their potential impact, and determining the likelihood of their occurrence. This assessment helps prioritize security efforts and allocate resources effectively.Vulnerability assessments are used to identify weaknesses in a system or network that could be exploited by attackers. These assessments involve scanning for security vulnerabilities, such as software bugs, misconfigurations, or weak passwords. Penetration testing, also known as ethical hacking, involves simulating real-world attacks to test the security of a system or network. Penetration testers attempt to exploit vulnerabilities and gain unauthorized access to demonstrate potential security weaknesses.Security audits evaluate an organization's security practices, policies, and procedures to ensure compliance with industry regulations and best practices. These audits can be conducted internally or by third-party auditors.The results of data security assessments provide insights into the effectiveness of security measures and help organizations prioritize areas for improvement. By addressing vulnerabilities and implementing robust security controls, organizations can enhance data protection and minimize the risks associated with data breaches and cyber threats.In conclusion, data security is a crucial aspect of protecting sensitive information. Regular assessments and evaluations are necessary to identify vulnerabilities, address them promptly, and ensure the effectiveness of security controls.。

附录1 外文原文Data warehouse techniqueThe data warehouse says allThe data warehouse is an environment, not a product. It provides the decision that customer used for current history data supports, these data is very difficult in traditional operation type database or can't get, say more tangibly, the data warehouse is a kind of system construction. Data warehouse than it customer relation the management is a concept that is been familiar with by person, it is 1991 the United States an information engineering learns what house W.H. Inmon Doctor put forward, its definition is" the data warehouse is a support decision the process faces to the topic of, gather of, at any time but change of, the last long data gathers".The technique system construction of the data warehouse The data of obtains mold piece: Used for obtaining the data from the source document with the source database, combine the proceeding sweep, delivering, adding it to data warehouse database inside.· Data management mold piece: Used for the movement of the management data warehouse.· Delivers mold piece: Used for the other warehouse in direction with assign the data warehouse data in the exterior system.· The data is in the center a mold piece: The end customer in direction tool that used for the method provides the interview data warehouse database.· Data interview mold piece: Used for providing the interview for the end customer of the business enterprise with the tool of the analysis data warehouse data.· Design mold piece: Used for the design data warehouse database.· Information catalogue mold piece: Used for governor to provide with the customer relevant saving contents in data warehouse data in the database with meaning information.How to establish the data warehouseCurrent, the internal calculator in business enterprise system is mutually independent, the data rule( legitimacy) demand of the system that have is affirmedfrom the other system, various data lacks to gather sex, conduct and actions trend, the data warehouse technique is an one of the most emollient way to makes these data gathered get ups, the data warehouse establishes can at logical realize various system interaction operation, this lay the foundation for the modern college in developments, also leads for the college layer science decision offering guarantees powerfully. The process that establish in the data warehouse needs below step: 1. Establish the data model to the end business need. The design of the data model not only consider only to the first topic, but also looks after both sides the need of the other management in college decision topic to searches the need of the topic with every kind of data, statement.2. The certain topic proceeding data sets up the mold. According to the decision need certain topic, choice data source, proceed logic construction design.3. The database of the design data warehouse. Put great emphasis on the saving construction in physics that apply in the topic development data warehouse inside data.4. Definition data source. According to the topic data model, choose different operation type database as the data source.5. Establish the model for a data. The model made sure into the data scope of the data warehouse, and with provision of relevant data. Complete a data, can let customer known, the data warehouse inside has actually what data, the data gathers the level of structure with how detailed degree is, can provide what information, how these information are carried calculates with organizes etc..6. Take( Extract), convert( Transmit), add from the operation type database inside take out the data that carry( Load) the database inside arrive the data warehouse.7. Choice data interview analysis tool, the customer will use the saving information within these toolses interview data warehouse, realizing decision support need.The data scoops out the techniqueAlong with the database technical develop continuously and extensive application in each profession in system in management in database, the backlog enlarges in the nasty play in amount of data in the database, but among them can use directly however opposite less in amount of information.People have been hoping can to conceal in the superficial information in these data, proceed many level of structures analyze, for the purpose of better land utilization acquire the benefit to operate in the business with these data, increase the information of the social competition ability.Current every kind of database management system although can realizes efficiently the data record into and search, statistics to wait the function, can't discover relation existed in the data with regulation, resulted in like this and then a kind of data Bang and knowledge needy keep both of phenomenon. According to the inquisition, the data collections increase with saving with every year 130% speed, but in the data only have 2% data to is analyzed availably. This exploitation that scoop out provided the vast space for the data .To the 2004, apply to attain USD 1,000,000,000 in the data of the electronic commerce market of scooping out the tool.附录2 外文资料译文数据仓库技术数据仓库概述数据仓库是一个环境，而不是一件产品。

databaseDatabase is in accordance with the data structure to organize, storage and management of data warehouse, which arises from fifty years ago, with the dating of information technology and the development of the market, especially since the 1990s, data management is no longer merely data storage and management, and transformed into user needs of the various data management way. The database has a variety of types, from the most simple storage have various data form to can be carried out mass data storage of large database systems are obtained in each aspect has extensive application.The birth of data managementDatabase's history can be traced back to fifty years ago, when the data management is very simple. Through a lot of classification, comparison and form rendering machine running millions of punched CARDS for data processing, its operation results on paper printed or punched card made new. While the data management is punched card for all these physical storage and handling. However, 1 9 5 1 year Remington Rand corporation (Remington Rand Inc.) an enzyme called Univac I computer launched a a second can input hundreds of recording tape drives, which has caused data management revolution. 1956 IBM produce the first disk drives -- the RAMAC Model 305. This drives have 50 blanks, each blanks diameter is 2 feet, can store 5 MB of data. The biggest advantage is use disk can be randomly access data, and punched CARDS and tape can order access data.Database system appears in the 1960s the bud. When computer began to widely used in data management, the sharing of data put forward more and more high demand. The traditional file system already cannot satisfy people's needs. Manage and share data can unify the database management system (DBMS) came into being. The data model is the core and foundation of database system, various DBMS software are based on a data model. So usually in accordance with the characteristics of the data model and the traditional database system into mesh database, the hierarchy database and relational database three types.Structured query language (SQL)commercial database systems require a query language that is more user friendly. In this chapter,we study SQL, themost influential commercially marketed query language, SQL. SQL uses a combination ofrelational-algebra and relational-calculus constructs.Although we refer to the SQL language as a “query language,” it can do much more than just query a database. It can define the structure of the data, modify data in the database, and specify security constraints.It is not our intention to provide a complete users’ guide for SQL.Rather,we present SQL’s fundamental constructs and concepts. Individual implementations of SQL may differ in details, or may support only a subset of the full language.2.1 BackgroundIBM developed the original version of SQL at its San Jose Research Laboratory (nowthe Almaden Research Center). IBM implemented the language, originally called Sequel, as part of the System R project in the early 1970s. The Sequel language hasevolved since then, and its name has changed to SQL (Structured Query Language). Many products now support the SQL language. SQL has clearly established itself as the standard relational-database language.In 1986, the American National Standards Institute (ANSI) and the International Organization for Standardization (ISO) published an SQL standard, called SQL-86.IBM published its own corporate SQL standard, the Systems Application Architecture Database Interface (SAA-SQL) in 1987. ANSI published an extended standard forSQL, SQL-89, in 1989. The next version of the standard was SQL-92 standard, and the most recent version is SQL:1999. The bibliographic notes provide references to these standards.Chapter 4 SQLIn this chapter, we present a survey of SQL, based mainly on the widely implemented SQL-92 standard. The SQL:1999 standard is a superset of the SQL-92 standard;we cover some features of SQL:1999 in this chapter, and provide more detailed coverage in Chapter 9. Many database systems support some of the new constructs inSQL:1999, although currently no database system supports all the new constructs. You should also be aware that some database systems do not even support all the features of SQL-92, and that many databases provide nonstandard features that we donot cover here.The SQL language has several parts:•Data-definition language (DDL). The SQL DDL provides commands for defining relation schemas, deleting relations, and modifying relation schemas.•Interactive data-manipulation language (DML). The SQL DML includes a query language based on both the relational algebra and the tuple relational calculus. It includes also commands to insert tuples into, delete tuples from,and modify tuples in the database.•View definition.The SQL DDL includes commands for defining views.•Transaction control. SQL includes commands for specifying the beginning and ending of transactions.•Embedded SQL and dynamic SQL. Embedded and dynamic SQL define how SQL statements can be embedded within general-purpose programming languages, such as C, C++, Java, PL/I, Cobol, Pascal, and Fortran.•Integrity.The SQL DDL includes commands for specifying integrity constraints that the data stored in the database must satisfy. Updates that violate integrity constraints are disallowed.•Authorization.The SQL DDL includes commands for specifying access rights to relations and views.In this chapter, we cover the DML and the basic DDL features of SQL.Wealso briefly outline embedded and dynamic SQL, including the ODBC and JDBC standards for interacting with a database from programs written in the C and Java languages.SQL features supporting integrity and authorization are described in Chapter 6,while Chapter 9 outlines object-oriented extensions to SQL.The enterprise that we use in the examples in this chapter, and later chapters, is abanking enterprise with the following relation schemas:Branch-schema = (branch-name, branch-city, assets)Customer-schema = (customer-name, customer-street, customer-city)Loan-schema = (loan-number, branch-name, amount)Borrower-schema = (customer-name, loan-number)Account-schema = (account-number, branch-name, balance)Depositor-schema = (customer-name, account-number)Note that in this chapter, as elsewhere in the text, we use hyphenated names for schema, relations, and attributes for ease of reading. In actual SQL systems, however,hyphens are not valid parts of a name (they are treated as the minus operator). A simple way of translating the names we use to valid SQL names is to replace all hy phens by the underscore symbol (“ ”). For example, we use branch name in place ofbranch-name.2.2 Basic StructureA relational database consists of a collection of relations, each of which is assigneda unique name. Each relation has a structure similar to that presented in Chapter3.SQL allows the use of null values to indicate that the value either is unknown or does not exist. It allows a user to specify which attributes cannot be assigned null values,as we shall discuss in Section4.11.The basic structure of an SQL expression consists of three clauses: select, from,and where.•The select clause corresponds to the projection operation of the relational algebra. It is used to list the attributes desired in the result of a query.•The from clause corresponds to the Cartesian-product operation of the relational algebra. It lists the relations to be scanned in the evaluation of the expression. •The where clause corresponds to the selection predicate of the relational algebra. It consists of a predicate involving attributes of the relations that appear in the fromclause.That the term select has different meaning in SQL than in the relational algebra is an unfortunate historical fact. We emphasize the different interpretations here to minimize potential confusion.A typical SQL query has the formselect A1,A2,...,Anfrom r1,r2,...,rmwhere PEach Ai represents an attribute, and each ri arelation. P is a predicate. The query isequivalent to the relational-algebra expressionΠA1,A2,...,An(σP (r1 × r2 × ··· × rm))If the where clause is omitted, the predicate P is true. However, unlike the result of a relational-algebra expression, the result of the SQL query may containmultiple copies of some tuples; we shall return to this issue in Section 4.2.8.SQL forms the Cartesian product of the relations named in the from clause,performs a relational-algebra selection using the where clause predicate, and then projects the result onto the attributes of the select clause. In practice, SQL may convert the expression into an equivalent form that can be processed more efficiently.However, we shall defer concerns about efficiency to Chapters 13 and 14.In 1974, IBM's Ray Boyce and Don Chamberlin will Codd relational database 12 rule mathematical definition with simple keyword grammar expression comes out, put forward the landmark Structured Query Language (SQL) Language. SQL language features include inquiry, manipulation, definition and control, is a comprehensive, general relational database language, and at the same time, a highly the process of language, only request users do not need pointed out how do pointed out. SQL integration achieved database of all life cycle operation. SQL database provides and relations interact with the method, it can work with standard programming language. The date of the produce, SQL language became the touchstone of inspection relational database, and SQL standard every variation of guidingthe relational database product development direction. However, until the twentieth century, the mid 1970s to the theory of relation in commercial database Oracle and SQL used in DB2.In 1986, the SQL as ANSI relational database language American standards, that same year announced the standard SQL text. Currently SQL standard has three versions. ANSIX3135 - is defined as the basic SQL Database Language - 89, "Enhancement" SQL. A ANS89] [, generally called SQL - 89. SQL - 89 defines the schema definition, data operation and the transaction. SQL - 89 and subsequent ANSIX3168-1989, "Language - Embedded SQL Database, constituted the first generation of SQL standard. ANSIX3135-1992 [ANS92] describes a enhancements of SQL, now called SQL - 92 standards. SQL - 92 including mode operation, dynamic creation and SQL statements dynamic executive, network environment support enhancement. Upon completion of SQL - 92 ANSI and ISO standard, they started SQL3 standards development cooperation. The main features SQL3 abstract data types support, for the new generation of object relational database provides standard.The nature of database data1. Data integrity: database is a unit or an application field of general data processing system, he storage is to belong to enterprise and business departments, organizations and individuals set of related data. Database data from a global view, he according to certain data model organization, description and storage. Based on the structure of data between natural relation, thus can provide all the necessary access route, and data no longer deal with a certain applications, but for total organization, with a whole structural features.2. Data sharing: database data is for many users sharing their information and the establishment, got rid of the specific procedures restrictions and restraint. Different users can use the database according to their respective usage the data; Multiple users can also Shared database data resource, i.e., different users can also access database in the same data. Data sharing each user not only meets the requirements of information, but also meet the various users of information communication between the requirements.Object-oriented databaseAlong with the development of information technology and the market, people found relational database system, while technology is mature, but its limitations is obvious: it can be a very good treatment of so-called "form of data", but of dominating the more and more complex appear helpless type of data. Since the 1990s, technology has been studying and seek new database system. But in what is the development direction of the new database system, industry once is quite confused. The influence of agitation by technology at the time, for quite some time, people put a lot of energy spent on research "object-oriented database system (object oriented database)" or simply as "OO database system". What is worth mentioning, the United States Stonebraker professor proposed object-oriented RDS theory once favored by industry. And in Stonebraker himself Informix spend big money was then appointed technology director always.However, several years of development, spatio-temporal object-oriented relational database system product market development situation is not good. Theoretically perfect sex didn't bring market warm response. The main reason of success, the main design thought database products with new database system is an attempt to replace the existing database system. This for many has been using database system for years and accumulated the massive job data, especially big customer for customers, is unable to withstand the conversion between old and new data that huge workload and big spending. In addition, object-oriented RDS system makes query language extremely complex, so whether database development businessman or application customers depending on the complicated application technology to be a dangerous road.Basic structureThe basic structure of database, reflects the three levels of observation database of three different Angle.(1) physical data layer.It is the most lining, is database on physical storage equipment actually stored data collection. These data are raw data, the object, the user isprocessed by internal model describing the throne of handled the instructions of string, character and word.(2) conceptual data layer.It is a layer of database, is among the whole logic said. Database Points out the logic of each data definition and the logical connection between data collection of storage and record, is. It is related to the database all objects logical relationship, not their physical condition, is under the database administrator concept of database.(3) logical data layer.It is the user sees and use the database, says one or some specific users use collections of data, namely the logical record set.Database different levels is the connection between conversion by mapping.Main features(1) to implement the data sharing.Data sharing contains all users can also access database data, including the user can use all sorts of ways to use the database through interfaces, and provide data sharing.(2) reduce data redundancy.Compared with the file system, because the database to achieve data sharing so as to avoid the user respective establish application documentation. Reduce a lot of repeating data, reduce the data redundancy, maintain the consistency of the data.(3) data of independence.Data independence including database database of logical structure and application independent, also including data physical structure change does not affect the data of the logical structure.(4) data realize central control.File management mode, data in a decentralized state, different user or same users in different treatment had no relation between the documents.Using the database of data can be concentrated control and management, and through the data model of data organization and said the relation between data.(5) the data consistency and maintainability, to ensure the safety and reliability of the data.Mainly includes: (1) the safety control: to prevent data loss, error updating and excessive use; (2) the integrity control: ensure data accuracy, effectiveness and compatibility; (3) the concurrent control: make in the same time period to allow data realization muli-access, and can prevent users of abnormal interaction between; (4) fault finding and recovery: the database management system provides a set of method, can isolate faults and repair fault, thereby preventing data breaches(6) fault recovery.The database management system provides a set of method, can isolate faults and repair fault, thereby preventing data breaches. Database system can restore database system is running as soon as possible, is probably the fault occurred in the physical or logical error. For instance, in system caused by incorrect operation data error, etc.Database classification1. The MaiJie openPlant real-time databaseReal-time database system is a new field in database theory expansion, in power, chemical, steel, metallurgy, papermaking, traffic control and securities finance and other fields has a very broad application prospect. It can provide enterprises with high speed, timely real-time data services, to the rapidly changing real-time data to carry on the long-term effective history storage, is a factory control layer (fieldbus, DCS, PLC, etc) and production management system of the connection between the bridge, also process simulation, advanced control, online optimization, fault diagnosis system data platform.OpenPlant real-time database system used in today's advanced technology and architecture, can realize safe, stable and field each control system of the interface, and collected data efficient data compression and China's longhistory of storage, meanwhile, we also provide convenient client application and general data interface (API/DDE/ODBC/JDBC/OPC, etc.), make the enterprise management and decision makers can prompt, and comprehensive understanding of the current production situation, also can look back at past production conditions, the timely discovery and the problems existing in the production, improve equipment utilization rate, reduce production cost, the enhancement enterprise's core competitive ability.2. IBM DB2As the pioneer and relational database fields, IBM pilot in 1977 completed System R System prototype, 1980 began to provide integrated database server - System / 38, followed by SQL/DSforVSE and VM, and its initial version is closely related with SystemR research prototype. In 1983 forMVSV1 DB2 launch. This version of the objective is to provide the new plan promised simplicity, data don't correlation and user productivity. 1988 DB2 for MVS provides a powerful online transaction processing (OLTP) support, 1989 and 1993 respectively to remote work unit and distributed work unit realized distributed database support. Recently launched Universal Database 6.1 is DB2 Database model gm, is the first online function with multimedia relational Database management system, support includes a series of platform, Linux.3. OracleOracle predecessor called SDL Ellison and another by a benchwarmer in 1977 founded two programmers, they have developed their own fist product in the market, a large sale, 1979, Oracle company introduces the first commercial SQL relational database management system. Oracle corporation is the earliest development relational database, its product support and producers of the most widely operating system platform. Now Oracle relational database products market share a front-runner.4. InformixInformix founded in 1980, the purpose is for Unix operating system to provide professional such open relational database products. The company's name from Information and Informix is the combination of Unix. Informix first truly support SQL database products is the relationship between Informix SE(StandardEngine). InformixSE is at the time of the microcomputer Unix environment main database products. It is also the first to be transplanted into the commercial database products on Linux.5. SybaseSybase company was founded in 1984, the company name "Sybase" from "the system" and "database" combination of meaning. One of the company's founder Bob Sybase Epstein is Ingres university edition (and System/R the same period the relational database model products) of main design personnel. The company's first a relational database products are launched in 1987 SQLServer1.0 Sybase may. Sybase are first proposed the structure of database system/Server thoughts, and took the lead in SQLServer Sybase realize.6. SQL ServerIn 1987, Microsoft and IBM cooperative development complete OS / 2, IBM in its sales OS / 2 ExtendedEdition system binding Manager, and 2Database OS/production line is still lack of database of Microsoft products. Therefore, Microsoft will Sybase, Sybase foreign-exchange signed cooperation agreements with the technical development, the use of Sybase based on OS / 2 platform relational database. In 1989, Microsoft released SQL Server version 1.0.7. PostgreSQLPostgreSQL is a characteristic very complete free software objects - relational database management system (ORDBMS), and many of its characteristic is many of today's commercial database predecessor. The earliest PostgreSQL Ingres project started in BSD the. The characteristics of PostgreSQL covering the SQL - 2 / SQL - 92 and SQL - 3. First, it includes can say to the world's most abundant data types of support; Second, at present PostgreSQL is the only support affairs, son query, multiple versions parallel control system, data integrity checking the only features such as a free software database management system.8. MySQLMySQL is a small relational database management system, developers for Sweden mySQL AB corporation. In January 2008, was 16 from takeover. Currently MySQL is widely used in the small and medium-sized websites on the Internet. Because of its small size, speed, overall has low cost, especially open-source this one characteristic, many small and medium-sized web site, in order to reduce the overall cost of ownership website and selected MySQL as website database9 in Access databasesAmerican Microsoft company in 1994 launched microcomputer database management system. It has friendly interface, easy easy to use, development is simple, flexible, and other features, is the interface typical of the new generation of desktop database management system. Its main features below:(1) perfect management, various database objects of strong data organization, user management, safety inspection functions.(2) strong data processing functions, in a group level of network environment, use Access development multi-user database management system have traditional XBASE (DBASE, FoxBASE collectively) database system can achieve client/Server (Cient/Server) structure and the corresponding database security mechanism, the Access has many advanced large database management system has the characteristics, such as transaction processing/error rollback ability, etc.(3) can be easily generate various data object, using the data stored build forms and statements, visibility.(4) as Office suite, and part of the integrated, realize seamless connection version.(5) can use Web searching and release data, realization and Internet connection. Access mainly suitable for small and medium application system, or as a client/server system of the client database.10. SQLiteThe ACID is to comply with SQLite relational databases management system, it contained within a relatively small C library. It is ichardHipp D.Restablished public domain project. Not as common client/server architecture examples, with SQLite engine is not a process of communication independent process, but connected to the program become a major part of it. So the main communication protocol is within the programming language direct API calls. This in gross consumption, time delay and overall simplicity have positive role. The entire database (definition, table, indexing and data itself) are both in the host host stored in a single file. It is through the simple design of starting a business in the whole data files and complete lock.11. FoxPro databaseAt first by American Fox 1988, 1992 Fox launched by Microsoft company, have introduced after the takeover FoxPro2.5, 2.6 and VisualFoxPro etc, its function and performance version has greatly improved. FoxPro2.5, 2.6 into DOS and Windows two versions, respectively in DOS and running Windows environment. FoxPro FoxBASE in function and performance than and have improved greatly, mainly introducing the window, button, list box and text box control such as to enhance the system development capabilities.Common databases1. MySQL is the most popular open source SQL database management system, the company develops by MySQL AB, issuing, and support. MySQL AB is founded by several MySQL developer a commercial company. It is a second-generation open-source company, combined with open source value orientation, method and successful business model.Features:MySql core program using fully multi-threaded programming. Threading is lightweight processes, it can be flexibly provides services for users, and the system resources. But manyMySql can run in different operating systems. Say simply, MySql can support Windows95/98 / NT / 2000 and UNIX, Linux and OS from various operating system platform.MySql have a very flexible and safe access and password system. When a customer and MySql server connection between all the password, theytransmit encrypted, and MySql support host authentication.Support ODBC for Windows. MySql support all the ODBC 2.5 function and many other functions, like this may use Access connections MySql server, thus make the MySql applications are greatly extend.MySql support large database. Although written in Php web page for it as long as can deposit hundreds of above record data is enough, but MySql can easily support millions of recorded database.MySql have a very rapid and stable memory allocation system based on the thread, can continue to use face don't have to worry about its stability.The strong search function. MySql support inquires the ramp of the SELECT and statements all operators and function, and can be in the same query from different database table mixes, thus make inquires the become quicker and easier.PHP provides strong support for MySql, provide a whole set of the PHP function to MySql MySql, carry on the omni-directional support.2. Based on the server is SQLServer database can be used for medium and large capacity data applications, on the function management is much more ambitious than Access. In handling mass data efficiency, backstage development aspects of flexibility, scalability is strong. Because now database are using standard SQL language to database management, so if it is standard SQL language, both basically can generic. 92HeZu nets all rent space can be used both double Access database, while supporting the SQL Server. SQL Server and more extended stored procedure, can use the database size without limit restrictions.Graphical user interface, make the system management and database management more intuitive and simple.The real client/server architecture.Rich programming interface tools for users to program designed to provide more choices.SQL Server with Windows NT, using a fully integrated many functions, suchas NT send and receive messages, management login security, etc. SQL Server can be a very good and Microsoft BackOffice product integration.Has the very good flexibility, can span from running Windows 95/98 laptop to run Windows 2000 large multiprocessor and so on many kinds of platform use.Technical support to the Web, users can easily will database data released on to the Web page.SQL Server provides the data warehouse function, this function only in Oracle and other more expensive DBMS is only found in.3. Access is a desktop database, is suitable only for data quantity is little, in dealing with the application of a database of data and single visit is very good, the efficiency is high. But it's also visit the client can't more than four. The access database has certain limit, if the data reach 100M or so, is very easy to create the server iis feign death, or consume server memory to crash the server.The future development trendWith the expansion of information management content, appeared to rich variety of data model (hierarchical model, meshy model, relation model, object-oriented model, half structural model and so on), the new technology also emerge in endlessly (data streams, Web data management, data mining, etc.). Now every few years, international senior database experts assembled, discusses database research status, problems and future needs the new technology focus attention. The past existing several similar reports include: 1989 The Future Directions inDBMS Laguna BeachParticipants true - DatabaseSystems: Achievements in 1990, Opportunities, 1995. Inmon W.H. Database 1991: constructing The publication of The data warehouse"。

数据库安全词典一. 安全通用词汇1.1 蜜罐蜜罐是网络管理员经过周密布置而设下的“黑匣子”。

设计蜜罐的初衷就是让黑客入侵，借此收集证据，同时隐藏真实的服务器地址，。

攻击者入侵后，你就可以随时了解针对服务器发动的最新攻击和漏洞。

1.2 0day漏洞信息安全意义上的0Day是指在系统商在知晓并发布相关补丁前就被掌握或者公开的漏洞信息。

1.3 APT攻击APT（Advanced Persistent Threat）--------高级持续性威胁，威胁着企业的数据安全。

APT 就是利用先进的攻击手段对特定目标进行长期持续性网络攻击的攻击形式。

主动挖掘被攻击对象受信系统和应用程序的漏洞，利用这些漏洞组建攻击者所需的网络，并利用0day漏洞进行攻击。

APT是黑客以窃取核心资料为目的，针对客户所发动的网络攻击和侵袭行为，是一种蓄谋已久的“恶意商业间谍威胁”。

1.4 木马“木马”与计算机网络中常常要用到的远程控制软件有些相似，通过特定的程序（木马程序）来控制一台计算机。

木马要达到的是“偷窃”性的远程控制，有很强的隐蔽性的话。

1.5 沙箱Sandboxie(又叫沙箱、沙盘)即是一个虚拟系统程序，允许你在沙盘环境中运行浏览器或其他程序，因此运行所产生的变化可以随后删除。

是一种按照安全策略限制程序行为的执行环境，用于测试可疑软件，比如：黑客的某种病毒或不安全产品，可以放到沙箱中运行。

1.6 震网病毒是第一个专门定向攻击真实世界中基础（能源）设施的“蠕虫”病毒，比如核电站，水坝，国家电网。

作为世界上首个网络“超级破坏性武器“，伊朗的核设施遭受攻击。

1.7 可信计算Trusted Computing，在计算和通信系统中广泛使用基于硬件安全模块支持下的可信计算平台，以提高系统整体的安全性。

可信计算包括5个关键技术概念：Endorsement key 签注密钥、Secure input and output 安全输入输出、Memory curtaining 储存器屏蔽、Sealed storage 密封储存、Remote attestation 远程认证。