Transparent persistence
This capability refers to the persistence of POJOs to durable stores—typically, relational databases—without the objects needing to make significant object-orientation concessions. It bridges the object-relational impedance mismatch with a framework responsible for mapping persistent objects to rows in a relational database management system, generating all the necessary Structured Query Language code to retrieve and store objects. ORM tools use techniques such as reflection, dynamic byte code generation, or byte code enhancement in a postprocessing step to perform this mapping at runtime.
Transparent persistence frees domain objects from the responsibility of managing their persistent representation, enabling them to contain business logic where appropriate, without mixing that with persistence operations. It can also greatly increase productivity by eliminating the need to write verbose and often error-prone persistence code. Transparent persistence is a goal rather than a reality, but the best ORM solutions come close to achieving it.
Inversion of control
A POJO model can be applied to business services through IoC containers. These let business objects be configured at runtime, and enjoy declarative services such as automatic transaction management. Inversion of control is a widely used term that in this case refers to a model in which the framework instantiates application objects and configures them for use.
Dependency injection is a pure Java type of IoC that does not depend on framework APIs and thus can be applied to objects that aren’t aware of—or may have been written without knowledge of—the framework.
Configuration is via JavaBean properties (setter injection) or constructor arguments (constructor injection). This means that application code doesn’t implement any framework interfacesthe framework uses reflection to configure it. The framework injects dependencies such as collaborating objects or configuration parameters, without application classes needing to perform explicit lookup—as, for example, in the traditional JNDI-based approach to J2EE configuration.
Dependency injection is a simple, but surprisingly powerful, concept. Because the framework is responsible for resolving dependencies on collaborating objects, it can introduce a range of value-adds such as indirection to support hot swapping and codeless generation of proxies that represent remote services.
Aspect-oriented programming
Dependency injection goes a long way toward delivering a POJO application model but fails to address some important requirements, such as the ability to apply declarative transaction management—security checking, custom caching, auditing, and so on—to selected methods.
透明的持久性
这种能力是指持续的POJOs持久商店,通常情况下,关系数据库,而不需要的对象作出重大面向对象的让步。该桥梁的对象关系的阻抗不匹配的框架负责持久对象映射到行的关系数据库管理系统,创造一切必要的结构化查询语言代码来检索和存储对象。甲黎嘧胺工具使用技术,如反射,动态字节码生成,或字节码增强的后处理步骤,以执行此映射在运行。
透明的持续释放域对象从负责管理其持久的代表性,使它们能够包含业务逻辑在适当情况下,没有搅拌,以持续的行动。它也可以大大提高生产率无需写详细,经常出错且持续代码。透明的持久性是一个目标,而不是一个现实,但解决方案的最佳甲黎嘧胺接近实现这一目标。
反向控制
阿POJO模型可用于商业服务,通过IoC的容器。这些让业务对象进行配置,在运行时,并享有陈述性服务,如自动交易管理。反向控制是一种广泛使用的术语,在这种情况下,指的是在该模型框架的应用对象和实例配置为使用。
依赖注入是一个纯Java类型国际奥委会,这并不取决于框架的API ,从而可应用于物体,不知道或可能已书面没有知识的框架。
配置是通过Java组件性能(二传手注射)或构造器参数(构造函数注入) 。这意味着应用程序代码不执行任何框架接口框架使用反射来配置它。依赖注入的框架内合作等物体或配置参数,而不需要申请类别进行明确的查询,例如,在传统的JNDI的为基础的办法来的J2EE配置。
依赖注入是一个简单的,但令人惊讶的强大,概念。因为框架是负责解决依赖于合作对象,可以采取一系列的价值增加了,如间接支持热插拔和代码生成代理代表的远程服务。
面向方面编程
依赖注入不用了很长的路向提供了POJO应用模型,但未能解决一些重要的要求,如能力,适用于声明事务管理,安全检查,自定义缓存,审计,以便对选定的方法。
传统的解决这一问题都有很大的弊端。使用样板代码,例如,启动和实施或回滚交易的结果是相同的代码被用于多种方法。此外,设计模式,如装饰最终剪切和粘贴代码。和对象只能有利于特殊用途,如EJB的框架,它提供了一套固定的服务,符合框架API和隐性合同。
Spring框架提供了一个代理的AOP的解决方案,补充依赖注入。 AspectJ , AspectWerkz ,和其他的AOP技术的更加雄心勃勃的,有利的修改类字节码更强大的织造方面成为一个对象模型
前面是综合介绍,最后有其他资料的链接Database security is the system, processes, and procedures that protect a database from unintended activity. Unintended activity can be categorized as authenticated misuse, malicious attacks or inadvertent mistakes made by authorized individuals or processes. Database security is also a specialty within the broader discipline of computer security.
Traditionally databases have been protected from external connections by firewalls or routers on the network perimeter with the database environment existing on the internal network opposed to being located within a demilitarized zone. Additional network security devices that detect and alert on malicious database protocol traffic include network intrusion detection systems along with host-based intrusion detection systems.
Database security is more critical as networks have become more open.
Databases provide many layers and types of information security, typically specified in the data dictionary, including:
* Access control
* Auditing
* Authentication
* Encryption
* Integrity controls
Database security can begin with the process of creation and publishing of appropriate security standards for the database environment. The standards may include specific controls for the various relevant database platformsa set of best practices that cross over the platformsand linkages of the standards to higher level polices and governmental regulations.
An important procedure when evaluating database security is performing vulnerability assessments against the database. A vulnerability assessment attempts to find vulnerability holes that could be used to break into the database. Database administrators or information security administrators run vulnerability scans on databases to discover misconfiguration of controls within the layers mentioned above along with known vulnerabilities within the database software. The results of the scans should be used to harden the database in order to mitigate the threat of compromise by intruders.
A program of continual monitoring for compliance with database security standards is another important task for mission critical database environments. Two crucial aspects of database security compliance include patch management and the review and management of permissions (especially public) granted to objects within the database. Database objects may include table or other objects listed in the Table link. The permissions granted for SQL language commands on objects are considered in this process. One should note that compliance monitoring is similar to vulnerability assessment with the key difference that the results of vulnerability assessments generally drive the security standards that lead to the continuous monitoring program. Essentially, vulnerability assessment is a preliminary procedure to determine risk where a compliance program is the process of on-going risk assessment.
The compliance program should take into consideration any dependencies at the application software level as changes at the database level may have effects on the application software or the application server. In direct relation to this topic is that of application security.
Application level authentication and authorization mechanisms should be considered as an effective means of providing abstraction from the database layer. The primary benefit of abstraction is that of a single sign-on capability across multiple databases and database platforms. A Single sign-on system should store the database user's credentials (login id and password), and authenticate to the database on behalf of the user.
Another security layer of a more sophisticated nature includes the real-time monitoring of database protocol traffic (SQL) over the network, and/or local monitoring of database activity using software agents. Analysis can be performed on the traffic for known exploits or network traffic baselines can be captured overtime to build a normal pattern used for detection of anomalous activity that could be indicative of intrusion. These systems can provide a comprehensive Database audit trail in addition to the intrusion detection (and potentially protection) mechanisms.
In addition to using external tools for monitoring or auditing, native database audit capabilities are also available for many database platforms. The native audit trails are extracted on a regular basis and transferred to a designated security system where the database administrators do not have access. This ensures a certain level of segragation of duties that may provide evidence the native audit trails were not modified by authenticed administrators. Generally, the native audit trails of databases do not provide sufficient controls to enforce separation of dutiestherefore, the network and/or kernel module level host based monitoring capabilities provides a higher degree of confidence for forsenics and preservation of evidence.
After an incident occurs, the usage of Database Forensics can be employed to determine the scope.
A database security program should include the regular review of permissions granted to individually owned accounts and accounts used by automated processes. The accounts used by automated processes should have appropriate controls around password storage such as sufficient encryption and access controls to reduce the risk of compromise. For individual accounts, a two-factor authentication system should be considered in a database environment where the risk is commensurate with the expenditure for such an authentication system.
In conjunction with a sound database security program, an appropriate disaster recovery program should exist to ensure that service is not interrupted during a security incident or any other incident that results in an outage of the primary database environment. An example is that of replication for the primary databases to sites located in different geographical regions.
See also
* Negative database
External links
* http://iase.disa.mil/stigs/checklist/index.html
* http://iase.disa.mil/stigs/stig/index.html
* http://www.databasesecurity.com/dbsec/database-stig-v7r1.pdf
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)