3.7.2 Database system-database control technology: database security, database backup and recovery technology, data backup, database failure and recovery, database performance optimization
database security
In the process of information system development, the database is a large proportion of it. In terms of the security of the information system, the database page is a relatively important section. On the one hand, the security of the information system can be controlled by the mechanism of the database management system itself, and the access and control of the database can also be realized through the application program.
Here are the measures and solutions for database security.
| measure | illustrate |
|---|---|
| User Identification and Authentication | The outermost security protection measures can use user accounts, passwords and random number checks, etc. |
| access control | Authorize users, including permissions for operation types (such as search, insert, delete, modify, etc.) and data objects (mainly data ranges). (Grant and Revoke) |
| Password storage and transmission | Password transmission for remote information |
| view protection | Authorize the view |
| audit | Use a dedicated file or database to automatically record all user operations on the database |
Database backup and recovery technology
data backup
- Cold backup is also called static backup, which is to shut down the database normally, and back up (copy) all the files of the database in the stopped state. Now the normal database is running 7×24 hours without interruption, so there are more hot backups.
- Hot backup, also known as dynamic backup, uses backup software to back up data files in the database when the database is running normally.
| advantage | shortcoming | |
|---|---|---|
| cold backup | Very fast backup method (just copy the file); easy to archive (just copy it); easy to restore to a certain point in time (just copy the file back); can be combined with the archive method to achieve the most Restoration in top condition; low maintenance, high security | When used alone, it can only provide recovery up to a certain point in time; during the whole process of backup, the database must be backed up and no other work can be done; if the disk space is limited, it can only be copied to other external storage such as tape On device, it will be slow; cannot resume by table or user |
| hot backup | It can be backed up at the table space or database file level, and the backup time is short; the database can still be used during backup; it can achieve second-level recovery (recovery to a certain point in time); it can recover almost all database entities; recovery is fast | Do not make mistakes, otherwise the consequences will be serious; if the hot backup is unsuccessful, the result cannot be used for point-in-time recovery; it is difficult to maintain, so be careful, and do not allow "to end in failure" |
- Full backup (mass backup): back up all data,
- Differential backup: only back up the data that has changed since the last full backup
- Incremental backup: Back up data that has changed since the last backup
Full backup, also called mass backup : All data can be backed up, the data volume is large, the backup time is long, and the efficiency is slower than other (differential backup/incremental backup), but the latter, differential backup/ Incremental backup, which must be backed up according to the changed data of the last backup, is generally used in combination of the three.
Differential backup and incremental backup : the amount of data is small, but if you need to restore, you need to find the files from the previous backup to restore.
There will always be a time point to execute when backing up. For example, some people like to plan to backup at 0:00 or 1:00 on Sunday night, but the crash of the database does not depend on your time point. Generally, the time point of possible crash is twice Between the backup process, in addition to restoring the backup file, you also need to check the log file and perform corresponding recovery operations.
Log file : The transaction log is a record for database changes. It can record any operation on the database and save the record results in an independent file. The completion of a transaction generally follows the principle of first writing to the log and then writing to the database. Only when all of these are completed can a transaction be completed. In the process of database crash, there will be the following situations:
- The log is recorded, and the database is also written: at this time, according to the modification of the record, write it again
- The log is recorded, but the database is not written: at this time, because it is not really completed, this part of the data content must be revoked
- No log record: At this time, no transaction was seen at all
Logs and backups are often used in conjunction. When you usually do database backup, you can make plans yourself, usually the database administrator does the planning.
As shown above, if it crashes on Saturday, it needs to be restored. The process is as follows
- First find the full backup file, A
- Find the backup closest to A, that is, on Friday, B+C+D+E+F
- Then find the nearest backup to B+C+D+E+F (if not, ignore it), that is, G
- Comprehensive is the complete backup file data
- Plus log file analysis related data
Database failure and recovery
| Fault relationship | cause of issue | Solution |
|---|---|---|
| predictable failure of the transaction itself | logic itself | Preset the Rollback statement in the program |
| Unexpected failure of the transaction itself | Arithmetic overflow, storage protection violation | The recovery subsystem of the DBMS undoes the modification of the database by the transaction through the log, and rolls back to the initial state of the transaction |
| system error | system down | The checkpoint method is usually used (it is automatically completed when the system is restarted, and the user does not need to intervene. The basic steps are: through the log file, from the tail of the log, reverse scanning from the tail to the head, and scan each transaction for signs of successful completion ; If it is successfully completed, it means that the database has been modified at this time, so the relevant modification will be done again for the completed transaction, and this part of the transaction will be placed in the redo queue, that is, the REDO queue; then some of them did not see the normal If the state is completed, it is necessary to undo the previous transaction operation that has not been completed. The corresponding transaction will be put into the UNDO queue and then undo.) System failures can usually be recovered by using the checkpoint method. The so-called checkpoint method: It is to record its content in a checkpoint, including the time of the checkpoint and the list of transactions being executed at the current moment, as well as the address recorded in the latest log of these transactions, so that we can use the corresponding checkpoint for recovery. At that time, find the location of the log (that is, the last checkpoint record) from the corresponding address, and then create UNDO and REDO queues for the list of tasks being executed. After the queue is established, redo or undo according to the previous description until the end of the log . |
| media failure | External storage is destroyed | Generally use logs to redo business |
- Undo transaction (UNDO): Reverse scan the unfinished transaction when the failure occurs, and put it into Undo to cancel
- Redo transactions (REDO): Forward scan transactions that have been committed before the failure occurs, and put them into Redo for redo
Database performance optimization
The performance of the database will affect the performance of the information system. The performance optimization of the database can be considered from the following dimensions. Generally, the optimization of the centralized database is more considered.
