A database protection method

Abstract

The invention discloses a database protection method. According to the database protection method, data loss control is performed on a database terminal management program which access database examples to guarantee safety of database data during a utilization process of a terminal; data outflow control is performed on the database terminal management program which access the database examples and the database data is allowed to examine but is forbidden to be guided out to the terminal; data using range control not confining to the current access database examples is guaranteed, data guiding-in and guiding-out between different databases are convenient due to guiding out of a data forced encryption mode, and safe of the data which separates the database during a propagation process is guaranteed; network transmission safety of the data from the database examples to the terminal which the database terminal management program is in is guaranteed through a safe channel encryption mode.

Description

technical field [0001] The invention relates to the technical field of computer information security, in particular to the protection of data information in a database system. [0002] Background technique, [0003] As a typical form of centralized storage of structured data, the security of the database has always been concerned by security vendors, colleges and research institutes. The existing database data security protection measures mainly include the following aspects: database access authentication, user authorization and fine-grained access control, database audit, database storage file isolation or encryption, etc. Although these protection measures are helpful to the centralized storage database protection, the above protection measures cannot solve the following problems. [0004] Unintentional data loss by insiders: Insiders will come into contact with various data information during the operation process. When the information is exported to the local in plain t...

AI Technical Summary

Problems solved by technology

Although these protective measures are helpful to the centralized storage database protection, the above protective measures cannot solve the following problems

[0004] Unintentional data loss by insiders: Insiders will come into contact with various data information during the operation process. When the information is exported to the local in plain text, the scope of use of these data can no longer be controlled through traditional protection measures. Data is easily lost. Existing Safeguards are ineffective for protecting database data reaching endpoints

[0005] Malicious data leakage by insiders: Insiders, especially database administrators, have all access rights to the database. Insiders can export database data information to cause data leakage. However, the existing security protection can only be audited after the event, and cannot fundamentally To prevent data leakage in the database;

[0006] Take the operation of the internal database administrator as an example; one situation is that the administrator directly saves the data obtained from the database to the terminal for the convenience of viewing, and in this case other personnel can view the data as long as they obtain the right to use the terminal; there is another The second situation is that the administrator maliciously operates, resulting in the complete leakage of the entire database data information

Images