Upload
phungvanthi
View
44
Download
0
Embed Size (px)
Citation preview
1M HA TRONG SQL SERVER 2005 L do cn phi m ha thng tin:
M ha l mt phng php quantrng nhm bo mt d liu.
Nhng d liu nhy cm nh sCMND, s th tn dng, mt khucn phi c bo v trc v vn minguy him tn cng hin nay.
2 L do cn phi m ha thng tin: Trong SQL Server 2000 bn c th tto cc hm ca ring mnh hoc sdng cc DLL ngoi m ha d liu.
Trong SQL Server 2005, cc hm vphng thc ny c mc nh chophp sn.
3SQL Server 2005 cung cp cc kthut sau m ha d liu:
M ha bng mt khuM ha kha i xngM ha kha khng i xngM ha chng nhn
4 Trong bi ny, gii thiu cch sdng k thut m ha bng mtkhu v phng php gii m n.
SQL Server 2005 cung cp 2 hmcho vic m ha: mt cho vic mha v mt cho vic gii m.
5 M ha bng mt khu l phngphp m ha d liu c bn thngqua mt khu. D liu c th cgii m nu nhp ng mt khu s dng khi m ha.
Chng ta s th mt v d v vicm ha v gii m d liu bng kthut m ha thng qua mt khu.
6select EncryptedData =EncryptByPassPhrase(KHANG','123456789')
7 Kt qu:
8 By gi, chng ta s thc thi 3 ln hmEncryptbypassphrase trn theo v d sau:
declare @count intdeclare @SocialSecurityNumber varchar(500)declare @password varchar(12)set @count =1while @count
9 Kt qu:
10
Lu : 123456789 y c th l s thtn dng v KHANG l mt khu.
Kt qu ca Encryptbypassphrase saumi ln thc thi hm l khc nhau.
Tuy nhin, khi chng ta gii m dliu th n vn ra kt qu nh banu trc khi m ha.
By gi chng ta s th gii m d liu c m ha trn vi hmDecryptByPassPhrase:
11
12
Th gii m d liu c m ha vi mtmt khu khc. Thc thi theo cu lnh sau:
Kt qu cho thy SQL Server tr li gi tr NULL numt khu sai.
13
By gi, chng ta s th to mt bng chas th tn dng v s CMND, sau s mha d liu ny thng qua phng php mha mt khu:
USE [master]goIF EXISTS (SELECT name FROM sys.databasesWHERE name = N'Customer DB')DROP DATABASE [Customer DB]go
14
create database [Customer DB]gouse [Customer DB]gocreate table [Customer data]([customer id] int,[Credit Card Number] bigint,[Social Security Number] bigint)go
15
insert into [Customer data] values (1,1234567812345678, 123451234)insert into [Customer data] values(2,1234567812345378, 323451234)insert into [Customer data] values(3,1234567812335678, 133451234)insert into [Customer data] values(4,1234567813345678, 123351234)insert into [Customer data] values(5,1234563812345678, 123431234)go
16
To hai ct lu d liu c mha:use [Customer DB]goalter table [Customer Data] add[Encrypted Credit Card Number]varbinary(MAX)goalter table [Customer Data] add[Encrypted Social Security Number]varbinary(MAX)go
17
Cp nht d liu c m ha vo hai ct vato:use [Customer DB]goupdate [Customer Data] set [Encrypted CreditCard Number] =EncryptByPassPhrase('Credit Card',convert(varchar(100),[Credit Card Number]) )goupdate [Customer Data] set [Encrypted SocialSecurity Number] =EncryptByPassPhrase('Social Security',convert(varchar(100),[Social Security Number]))Go
18
Truy vn bng bng cc lnh sau:
use [Customer DB]goselect * from [customer data]go
Kt qu:
19
20
Xa b ct cha d liu cha c m ha:
use [Customer DB]goalter table [Customer Data] drop column[Credit Card Number]goalter table [Customer Data] drop column[Social Security Number]go
21
Truy vn bng theo cc lnh sau:
use [Customer DB]goselect * from [customer data]go
Kt qu:
22
23
Gii m d liu trn bng thng qua hmDecryptbypassphrase nh sau:use [Customer DB]goselect[customer id],convert(bigint,convert(varchar(100),decryptbypassphrase('Credit Card',[Encrypted Credit CardNumber]) )) as[Credit Card Number],convert(bigint,convert(varchar(100),decryptbypassphrase('Social Security',[Encrypted Social SecurityNumber] ) )) as[Social Security Number] from [customer data]Go
Kt qu:
24
25
Kt lunM ha d liu thc s rt quan trng.Bi ny gii thiu mt trong 4 k thut m hasn c trong SQL Server 2005 k thut mha bng mt khu v phng php gii mn.Ngoi ra, cn c phng php hack/khi phcd liu c m ha bng mt khu ny.
M HA TRONG SQL SERVER 2005Slide133SQL Server 2005 cung cp cc k thut sau m ha d liu:Slide88Slide110Slide112Slide111Slide116Slide115Slide114Slide109Slide113Slide120Slide119Slide118Slide117Slide121Slide127Slide89Slide102Slide103Slide129Slide130Slide131Kt lun