Professional Documents
Culture Documents
Ti liu gii php Oracle Virtual Private Database Mc lc 1. Application Context .................................................................................................................... 3 2. Oracle Virtual Private Database.................................................................................................. 3 2.1 nh ngha v Oracle Virtual Private Database VPD ........................................................ 3 2.2 Cc thnh phn chnh ca VPD ............................................................................................ 4 2.2.1 Application Context ....................................................................................................... 4 2.2.2 PL/SQL Functions ......................................................................................................... 5 2.2.3 Security Policy ............................................................................................................... 5 2.3 To hm thc hin cc chnh sch an ton ca VPD ............................................................ 7 2.4 Ci t VPD mc dng ......................................................................................................... 7 2.5 Ci t VPD mc ct ............................................................................................................ 7 2.6 Nhm cc chnh sch an ton................................................................................................ 7 2.7 Nhng li th v hn ch khi p dng VPD ......................................................................... 7 3. p dng gii php Oracle Private Database cho d n V-Tracking ........................................... 8 4. Thng tin tham kho ................................................................................................................... 8
1. Application Context
USERENV Application Context Oracle cung cp mt ng cnh ng dng mc nh l USERENV cho php truy cp n cc thuc tnh c nh ngha sn. y l cc thuc tnh c bn m h qun tr c s d liu s t ng lu li mi khi c kt ni n v d nh a ch IP m t kt ni n database, Cc thuc tnh c nh ngha trc ny c s dng rt nhiu trong vic qun l quyn truy cp n cc i tng, mt trong nhng v d quan trng l trng CLIENT_IDENTIFIER dng xc nh nh danh ca ngi dng (ngi dng cui). truy nhp thng tin vo ng cnh ng dng ny c th dng SYS_CONTEXT('userenv', 'attribute') Danh sch cc thuc tnh ca ng cnh ng dng mc nh USERENV Ng cnh ng dng s c cc thuc tnh chnh nh trong bng sau:
AUDITED_CURSORID AUTHENTICATED_IDENTITY AUTHENTICATION_DATA AUTHENTICATION_METHOD BG_JOB_ID CLIENT_IDENTIFIER CLIENT_INFO CURRENT_BIND CURRENT_SCHEMA CURRENT_SCHEMAID CURRENT_SQL CURRENT_SQL1 to CURRENT_SQL7 CURRENT_SQL_LENGTH DB_DOMAIN DB_NAME ENTRYID ENTERPRISE_IDENTITY FG_JOB_ID GLOBAL_CONTEXT_MEMORY GLOBAL_UID HOST IDENTIFICATION_TYPE INSTANCE INSTANCE_NAME IP_ADDRESS ISDBA LANG LANGUAGE NETWORK_PROTOCOL NLS_TERRITORY NLS_CURRENCY NLS_CALENDAR NLS_DATE_FORMAT NLS_DATE_LANGUAGE NLS_SORT OS_USER POLICY_INVOKER PROXY_USER PROXY_USERID SERVER_HOST SESSION_USER SESSION_USERID SESSIONID SID STATEMENTID TERMINAL
Ti liu gii php Oracle Virtual Private Database Oracle VPD cho php nh ngha cc chnh sch an ton n mc tng i tng (Table, View, Synonym) tng ng vi tng thao tc (SELECT, INSERT, UPDATE, DELETE). Khi ngi dng trc tip hoc gin tip truy cp vo i tng c thit lp chnh sch an ton, h qun tr c s d liu s t ng thay i cu lnh SQL ca ngi dng bng cch thm vo cu lnh SQL ca ngi dng mnh WHERE hay cn gi l v ng (predicate) c tr v bi hm thc thi chnh sch an ton cho i tng . Vic thay i cu lnh SQL ny din ra trong sut vi ngi s dng cui (ngi thc hin cu lnh SQL). Hm thc thi chnh sch an ton c th gi mt hm khc hoc gi n on m C hoc Java nhng sinh ra mnh v ng t file ca h iu hnh hoc mt ni tp trung lu tr cc chnh sch an ton. Hm thc thi cng c th tr ra cc v ng khc nhau ty thuc vo tng ngi dng, nhm ngi dng hoc ng dng bng cch s dng ng cnh ng dng (Application Context).
Ti liu gii php Oracle Virtual Private Database Dng p dng cc chnh sch an ton cho tng loi i tng tham gia: Trong cch dng ny ta c th s dng ng cnh ng dng phn bi cc loi i tng. V d trong mt ng dng t hng, khch hng ch c th nhn thy cc n t hng ca h cn nhn vin bn hng c th nhn thy ton b cc n hng, y c hai chnh sch bo mt khc nhau cho hai i tng. Ta c th to mt ng cnh ng dng vi thuc tnh position v thuc tnh ny c th c truy nhp trong hm thc thi chnh sch an ton gip phn bit c l khch hng hay nhn vin t c th a ra v ng tng ng. V d trong trng hp ny ta c th vit sao cho hm thc thi s thc hin bin i cu truy vn trong trng hp i tng khch hng ng nhp t: SELECT * FROM Orders_tab Sang: SELECT * FROM Orders_tab WHERE Custno = SYS_CONTEXT ('order_entry', 'cust_num'); Cung cp cc bin s dng trong mnh WHERE: Cng tng t nh trong v d trn nhng y ta s dng ng cnh ng dng nh mt bin gip phn bit tng khch hng thng qua hm SYS_CONTEXT(namespace,attribute)
Khi thm mi mt chnh sch an ton ta c th xc nh loi ca chnh sch ny thuc mt trong cc trng hp sau:
Ti liu gii php Oracle Virtual Private Database Static: Hm thc thi chnh sch an ton s c thc hin ng mt ln v kt qu s c s dng li cho cc cu truy vn sau, v ng tr v c lu trong vng nh Shared Global Area (SGA). SHARED_STATIC: Tng t nh trng hp Static nhng cho php v ng c th s dng chung khi nhiu i tng dng chung mt hm thc thi chnh sch an ton. CONTEXT_SENSITIVE: Hm thc thi s lun c gi mi khi phn tch cu lnh. Hm ny s ch c gi li khi ng cnh thay i. iu ny thch hp cho vic s dng b m kt ni (connection pooling) ti database m s dng chung mt schema v s dng ng cnh ng dng thay i nh danh ca ngi dng ng dng. SHARED_CONTEXT_SENSITIVE: Tng t nh CONTEXT_SENSITIVE ngoi tr vic c th p dng chung khi nhiu i tng dng chung hm thc thi chnh sch an ton Dynamic (Mc nh): L loi mc nh nu khng xc nh r, loi ny s khng lu li d liu sau khi hm thc thi chnh sch an ton c gi n, hm thc thi s c gi mi ln cu truy vn c phn tch hoc thc thi.
2.2.4 C ch hot ng
Khi Oracle VPD hot ng th mi cu truy vn s c tri qua cc bc chnh sau: Ngi dng truy cp vo i tng c gn km chnh sch an ton Database server gi ti hm thc thi chnh sch an ton ca i tng tng ng vi loi lnh Hm ny tr v mt v ng (mnh where) Database server thm mnh ny vo cu truy vn Database server thc thi cu lnh thay i
Ti liu gii php Oracle Virtual Private Database ngi dng c s d liu) thng qua trng thng tin CLIENT_IDENTIFIER v CLIENT_INFO trong ng cnh ng dng mc nh USERENV.
2.2.5 Cc bc p dng
p dng Oracle VPD ta cn phi thc hin mt s cc bc chnh nh sau: Bc 1: Xc nh ng cnh ng dng v cc thng tin cn dng trong ng cnh ca ng dng Bc 2: To cc hm thc hin cc chnh sch an ton cho cc i tng, loi thao tc cn kim sot Bc 3: To cc chnh sch an ton v gn cc chnh sch ny vo cc i tng c th thc hin vic kim sot truy cp Cc mc tip theo ta s i su vo cc bc 2 v bc 3.
2.5 Ci t VPD mc ct
3. p dng gii php Oracle Private Database cho d n V-Tracking 4. Thng tin tham kho