How to deal with data leakage and deletion related to business life and death?

One 、 introduction

1. What is database auditing ？

For a warehouse , If you want to guard against theft , The common practice is to install monitoring at the entrance and exit , Once there's a problem , Call the monitor to find the abnormal situation . It's similar to databases , There's also access to the database , Monitor all connections and entrances , You can record all the movements , Once there's a problem , By querying historical actions and analyzing them , You can find key information .

Therefore, database audit can be understood as recording the user's behavior of accessing the database , Positioning illegal actions , Go back to the source afterwards , The function of improving database security .

2. Common auditing methods

Common audit methods include the following categories ：

（1） Application level audit

Audit directly in the application system , Before the statement is sent to the database background, the audit is done first , Does not affect database performance , I don't care what database is used at the bottom , But the pressure on the application system is relatively large , And the application system needs to parse statements , There's a certain amount of complexity .

（2） Transport layer audit

Often capture packet parsing implementation , It has no effect on the upper and lower levels , But also parse the statement , There's a certain amount of complexity , And if the transport layer is communicating through encryption , Will not be able to parse .

（3） Kernel audit

Directly on the kernel , All functions can be realized , It also minimizes performance impact , But it will have an impact on backstage stability , High requirements for developers , Whether it's open source or not , Will be very careful to support auditing directly on the kernel .

（4） Plug in audit

For open source databases , There are usually plug-ins to add functionality . Auditing can be embedded directly in the kernel as plug-ins , Of course, it will have a certain impact on database performance , But also because it's directly embedded in the kernel , A lot of first-hand information can be obtained directly , For example, if there is no way to avoid the above syntax parsing, there is no need to do , And it can also get more information about the running state directly , Can develop powerful and flexible audit functions .

Link to the original text :【https://www.infoq.cn/article/a4DNNeVBNuGqLJMR0HhK】. Without the permission of the author , Prohibited reproduced .