Beruflich Dokumente
Kultur Dokumente
RESUMO: 2REMHWLYRGHVWHDUWLJRpHVWXGDURVSRQWRVIRUWHVGDVHJXUDQoDGREDQFRGHGDGRV2UDFOH
*HPVXDYHUVmRPDLVUHFHQWH2EDQFRGHGDGRV2UDFOHIRLHVFROKLGDSDUDHVWHHVWXGRGHYLGR
DVHUSDUWHGRSRUWIyOLRGHVROXo}HVSDUDXPDJUDQGHTXDQWLGDGHGHHPSUHVDV$2UDFOHpDSULPHLUD
HPSUHVDDGHVHQYROYHUHLPSODQWDUGHVHXVVRIWZDUHVSDUDLQWHUQHWFRPRSURGXWRVGHEDQFRGH
GDGRVDSOLFDo}HVGHQHJyFLRVHGHVHQYROYLPHQWRGHDSOLFDo}HV2EDQFRGHGDGRV2UDFOHpXPGRV
EDQFRVGHGDGRVPDLVFRJLWDGRVGHYLGRjVHJXUDQoDSURWHomRGHGDGRVFDSDFLGDGHGHDXGLWRULDH
UHFXSHUDomRGHGDGRVFRPSOHWR(OHWHPXPDLQWHUIDFHDPLJiYHOSDUDWUDEDOKDUHSRGHVHUDSOLFDGR
HPGLIHUHQWHVPHUFDGRV(OHpHTXLSDGRGHFDUDFWHUtVWLFDVGHHOLPLQDomRGHUHGXQGkQFLDRFLRVRTXH
SHUPLWHXPUiSLGRWUiIHJRGHGDGRVQDUHGHHPDLVLPSRUWDQWHFRPPXLWDVHJXUDQoD
PALAVRAS-CHAVE: Oracle, Banco de Dados, Segurana e SGBD.
ABSTRACT: The objective of this article it to study the strengths of security from Oracle Database
11G, in its more recent version. The Oracle Database was chosen for this study due to be part of the
SRUWIROLRRIVROXWLRQVIRUDODUJHTXDQWLW\RIFRPSDQLHV7KH2UDFOHLVWKHUVWFRPSDQ\WRGHYHORSDQG
deploy 100% of its sofwares for internet, as database products, business applications and development
of applications. The Oracle DB is one of most bandied databases due to the security, protection of data,
ability to audit and full data recovery. It has a friendly user interface to work and can be applied in diffeUHQWPDUNHWV,WLVSURYLGHGRIHOLPLQDWLRQLGOHUHGXQGDQF\IHDWXUHVDOORZLQJDTXLFNO\WUDIFRIWKHGDWD
on the network and, most important, very safely.
KEYWORDS: Oracle, Database, Security and SGBD.
1. INTRODUO
1.1. Conceito de Banco de dados
8P EDQFR GH GDGRV p XPD FROH
omR GH GDGRV UHODFLRQDGRV SRVVXLQGR DV
VHJXLQWHVSURSULHGDGHVLPSOtFLWDV
5HSUHVHQWD DOJXP DVSHFWR GR
PXQGR UHDO PLQLPXQGR RX XQLYHUVR GH
GLVFXUVR
e XPD FROHomR GH GDGRV ORJL
FDPHQWHFRHUHQWHVHTXHSRVVXHPDOJXP
VLJQLFDGRLQHUHQWH
e SURMHWDGR FRQVWUXtGR H LQV
WDQFLDGR SRYRDGR SDUD XPD DSOLFDomR
HVSHFtFD
>5$0(=@
8P%DQFRGH'DGRVpXPDFROH
100
SULYDFLGDGHVmRDVJDUDQWLDVGHTXHRVGD
GRVVyVHUmRDFHVVDGRVVRPHQWHSRUSHV
soas autorizadas.
,QWHJULGDGHJDUDQWHTXHXPDPHQ
VDJHPGDGRHPDLODUTXLYRHWFQmRIRL
DOWHUDGRVHPDXWRUL]DomRVHUtQWHJURPDQ
WHUVHRPHVPR
2FRQFHLWRGH6HJXUDQoDHP7,RX
6HJXUDQoDGH&RPSXWDGRUHVHVWiUHODFLR
QDGRFRPRGH6HJXUDQoDGD,QIRUPDomR
LQFOXLQGRQmRDSHQDVDVHJXUDQoDGRVGD
GRVLQIRUPDomRPDVWDPEpPDGRVVLVWH
mas em si.
Atualmente o conceito de Segu
UDQoDGD,QIRUPDomRHVWiSDGURQL]DGRSHOD
QRUPD ,62,(& LQXHQFLDGD
SHOR SDGUmR LQJOrV %ULWLVK 6WDQGDUG %6
$VpULHGHQRUPDV,62,(&IRL
UHVHUYDGDSDUDWUDWDUGHSDGU}HVGH6HJX
UDQoD GD ,QIRUPDomR LQFOXLQGR D FRPSOH
PHQWDomR DR WUDEDOKR RULJLQDO GR SDGUmR
ingls.
A segurana da informao est
UHODFLRQDGDFRPSURWHomRGHXPFRQMXQWR
GHGDGRVQRVHQWLGRGHSUHVHUYDURYDORU
TXHSRVVXHPSDUDXPLQGLYtGXRRXXPDRU
ganizao.
>81,&$03@
&RQFHLWR EiVLFR GH 6HJXUDQoD HP
Banco de dados
2. Conceitos de Segurana
&RQFHLWRGH6HJXUDQoDHP7HFQRORJLD
GD,QIRUPDomR
&RQFHLWRGHVHJXUDQoDGH7,HVWi
LQWLPDPHQWH OLJDGR FRP SURWHomR GH XP
FRQMXQWR GH GDGRV QR VHQWLGR GH SUHVHU
YDURYDORUTXHSRVVXHPSDUDXPLQGLYtGXR
RXXPDRUJDQL]DomRDFRQGHQFLDOLGDGHRX
101
Intercincia
& Sociedade
102
Intercincia
& Sociedade
JLDSDUDFRQHFWLYLGDGH2%DQFRGH'DGRV
2UDFOHJIRLSLRQHLURHPJULGFRPSXWLQJH
mais da metade dos clientes Oracle migra
UDPSDUDHVVDYHUVmR$JRUDR%DQFRGH
'DGRV2UDFOHJRIHUHFHRVUHFXUVRVTXH
VROLFLWDUDP SDUD DFHOHUDU D DPSOD DGRomR
HFUHVFLPHQWRGRVJULGV2UDFOHUHSUHVHQ
WDQGRXPDLQRYDomRUHDOTXHVHYROWDSDUD
GHVDRVUHDLVWUD]LGRVDWpQyVSRUFOLHQWHV
UHDLVFRPSOHWD
Com o Banco de Dados Oracle
J DV RUJDQL]Do}HV SRGHUmR DVVXPLU R
FRQWUROH GH VXDV LQIRUPDo}HV HPSUHVD
ULDLVWHUHPXPDPHOKRUYLVmRGRVQHJyFLRV
H DGDSWDUVH FRP UDSLGH] D XP DPELHQWH
FRPSHWLWLYRTXHSDVVDSRUJUDQGHVPXGDQ
as.
$QRYDYHUVmRDXPHQWDDFDSDFL
GDGHGH&OXVWHUGH%DQFRGH'DGRVDOpP
GH DFHOHUDU D DXWRPDomR GR 'DWD&HQWHU
e o gerenciamento da carga de trabalho.
&RPJULGVVHJXURVDOWDPHQWHGLVSRQtYHLV
H HVFDOiYHLV GH VHUYLGRUHV H DUPD]HQD
PHQWR GH EDL[R FXVWR RV FOLHQWHV 2UDFOH
WrP VXSRUWH SDUD DV DSOLFDo}HV PDLV H[L
JHQWHV GH SURFHVVDPHQWR GH WUDQVDo}HV
GDWD ZDUHKRXVLQJ H JHVWmR GH FRQWH~GR
>25$&/(@
9HUV}HV ([LVWHQWHV GR %DQFR GH 'D
dos Oracle
103
Fonte: 2UDFOH
FRUUHomR>)5((0$1@
'HVYDQWDJHQV
Alto Custo da Licena do banco de
GDGRV H GR KDUGZDUH RQGH R EDQFR HVWi
alocado.
([LJHHVSHFLDOL]DomRWpFQLFDVHMD
SDUDDGPLQLVWUDomRGREDQFR
7DUHIDV FRPR EDFNXSUHFRYHU\
WXQQLQJ PRQLWRUDPHQWR GRV VHUYLoRV GH
segurana, gerenciamento de acessos de
XVXiULRV 1mR SHUPLWH D UHFXSHUDomR GH
GDGRVHPXPSRQWRGRWHPSRGHWHUPLQDGR
RVGDGRVVySRGHPVHUUHVWDXUDGRVSDUDR
PRPHQWRRQGHR%DFNXSIRLUHDOL]DGR
No so necessrios triggers de
EDQFRGHGDGRVYLVXDOL]Do}HVQHPRXWUDV
DOWHUDo}HVGHDSOLFDWLYRV2$GYDQFHG6H
FXULW\(QFU\SWLRQFULSWRJUDIDRVGDGRVDXWR
PDWLFDPHQWHDQWHVGHOHVVHUHPJUDYDGRV
HPGLVFRHGHFRGLFDRVGDGRVDQWHVGHOHV
VHUHPUHWRUQDGRVDRDSOLFDWLYR2SURFHVVR
GHFULSWRJUDDHGHFRGLFDomRpFRPSOH
WDPHQWHVHJXURDDSOLFDWLYRVHDXVXiULRV
3RUWDQWRRXVXiULRRXDDSOLFDomR
SUHFLVDP VHU DXWHQWLFDGRV SDUD TXDOTXHU
DFHVVR DR %DQFR GH 'DGRV PHVPR TXH
VHMDSDUDXP6HOHFW>1(('+$0@
104
Figura 3: )RQWH2UDFOH6HFXULW\
$GYDQFHG6HFXULW\
&ULSWRJUDDGHGDGRVWUDQVSDUHQ
WH RIHUHFH FULSWRJUDD GH WDEHODV GH DSOL
FDomR EHP FRPR FROXQDV GH DSOLFDWLYRV
LQGLYLGXDLVGHDSOLFDWLYRVWDLVFRPRFDUWmR
GHFUpGLWRHQ~PHURVGHVHJXUDQoDVRFLDO
CPF, RG entre outros.
$7'(7UDQVSDUHQW'DWD(QFU\S
WLRQ SHUPLWH SURWHJHU HP QtYHO GH DWULEX
WRLQGLYLGXDORXHPQtYHOGHWRGDDWDEHOD
([HPSORVGHDWULEXWRVLQGLYLGXDLVLQFOXHP
LWHQV FRPR Q~PHURV GH LGHQWLFDomR 7R
dos os objetos do banco de dados criados
QDQRYDWDEHODVHUmRFRGLFDGRVDXWRPD
WLFDPHQWH WRGRV RV GDGRV VDOYRV VHUmR
FULSWRJUDIDGRV DSyV D H[HFXomR GR VFULSW
RXGDIXQomRH[HFXWDGDQREDQFR
8VDU D FULSWRJUDD GH WDEHOD GD
7'(SDUDFRGLFDUWRGDVDVWDEHODVGRDSOL
FDWLYR SURSRUFLRQD DLQGD PDLV VHJXUDQoD
e economia de custos. A necessidade de
LGHQWLFDUDWULEXWRVLQGLYLGXDLVTXHQHFHV
VLWDPGHFULSWRJUDDpFRPSOHWDPHQWHHOL
PLQDGD$OpPGLVVRDFULSWRJUDDGDWDEH
ODSURSRUFLRQDDLQGDPDLVVHJXUDQoDSRLV
WRGRVRVWLSRVGHGDGRVVmRVXSRUWDGRVH
QmRKiFXVWRVGHGHVHPSHQKRDVVRFLDGRV
Intercincia
& Sociedade
FRPYDUUHGXUDVFRPSOH[DVGHLQWHUYDORVGH
tQGLFHVHPGDGRVFULSWRJUDIDGRV
4XDQGR RFRUUH R EDFNXS GR %'
RVDUTXLYRVFRGLFDGRVSHUPDQHFHPFULS
WRJUDIDGRV QDV PtGLDV GH GHVWLQR SURWH
JHQGR DV LQIRUPDo}HV PHVPR VH PtGLDV
IRUHPSHUGLGDVRXURXEDGDV
2VEDFNXSVFRGLFDGRVVmRGHFR
GLFDGRVDXWRPDWLFDPHQWHGXUDQWHRSHUD
o}HVGHUHVWDXUDomRHUHFXSHUDomRGR%'
%DQFR GH 'DGRV GHVGH TXH DV FKDYHV
GH GHFRGLFDomR H[LJLGDV HVWHMDP GLVSR
QtYHLV $ SURWHomR GRV GDGRV H[SRUWDGRV
GREDQFRGHGDGRV2UDFOHSRGHVHURE
WLGDFRPD7'(HPFRQMXQWRFRPR2UDFOH
'DWD3XPSTXHpXPVHUYLoRGHJHUDomR
GHFKDYHVGHVHJXUDQoDHEDFNXSV3RGH
VHXWLOL]DUFRPRFKDYHGHFULSWRJUDDXPD
FKDYH PHVWUD RX XPD IUDVH VHQKD FRP R
2UDFOH$GYDQFHG6HFXULW\>25$&/(@
6HFXULW\1HWZRUN
2UDFOH6HFXULW\1HWZRUNSURWHJHD
FRQGHQFLDOLGDGHHLQWHJULGDGHGRVGDGRV
TXHWUDIHJDPSHODUHGHXWLOL]DQGRFULSWRJUD
DGHUHGHLPSHGLQGRTXHRVGDGRVVHMDP
SHUGLGRVRXIDUHMDGRVRXPHVPRVHMDPFOR
QDGRV FDXVDQGR D SHUGD GH LQIRUPDo}HV
RX TXH SHVVRDV FDSWXUHP RV GDGRV QR
PHLRGRWUDIHJRSRGHQGRDOWHUDUFRSLDURX
PHVPRDSDJDUDVLQIRUPDo}HV
7RGDDFRPXQLFDomRFRPXPEDQ
FRGHGDGRV2UDFOHSHODUHGHSRGHVHUFULS
WRJUDIDGDFRPR2UDFOH6HFXULW\1HWZRUN
2 6HFXULW\ 1HWZRUN IRUQHFH FULSWRJUDD
QDWLYDDOJRULWPRVGHLQWHJULGDGHGHGDGRV
HVXSRUWHSDUD6HFXUH6RFNHW/D\HU66/
SDUDSURWHJHURVGDGRVDWUDYpVGDUHGH
Os algoritmos de integridade de
GDGRV H FULSWRJUDD QDWLYD QR 2UDFOH QmR
105
Figura 5: )RQWH2UDFOH1HWZRUN6HFXULW\
2UDFOH'DWDEDVH9DXOW
Os administradores de banco de
GDGRV RV '%$V $GPLQLVWUDGRU GH %DQ
FR GH 'DGRV SRVVXHP PXLWRV DFHVVRV
QREDQFRFRPR2UDFOH'DWDEDVH9DXOWD
SRVVLELOLGDGH GHLPSHGLU TXHXVXiULRVSUL
YLOHJLDGRVGHQWURGR%'%DQFRGH'DGRV
YHMDPGDGRVVLJLORVRVGDDSOLFDomRYHPVH
WRUQDQGR XP UHTXLVLWR FDGD YH] PDLV LP
SRUWDQWH QDV RUJDQL]Do}HV$OpP GLVVR D
FRQVROLGDomR GD DSOLFDomR UHTXHU HVWULWRV
OLPLWHVHQWUHGDGRVFRQGHQFLDLVGDHPSUH
VDFRPRRVHQFRQWUDGRVHPDSOLFDo}HV
Intercincia
& Sociedade
106
XVDGDSDUDLPSHGLUTXHTXDOTXHUXVXiULR
DWpPHVPRR'%$$GPLQLVWUDGRUGH%DQFR
GH'DGRVHOLPLQHWDEHODVGDDSOLFDomRQR
VHXDPELHQWHGHSURGXomR
$H[LELOLGDGHGR2UDFOH9DXOWSHU
PLWHSHUVRQDOL]DUDVHSDUDomR GHUHVSRQ
VDELOLGDGHV GH DFRUGR FRP RV UHTXLVLWRV
HVSHFtFRV GDV RUJDQL]Do}HV e SRVVtYHO
VXEGLYLGLU DLQGD PDLV D UHVSRQVDELOLGDGH
GDDGPLQLVWUDomRGR%'%DQFRGH'DGRV
HP EDFNXS GHVHPSHQKR H DSOLFDomR GH
SDWFKHV
2 2UDFOH 9DXOW RIHUHFH LQ~PHURV
UHODWyULRVSURQWRVTXHOKHRIHUHFHPDSRV
VLELOLGDGHGHUHODWDUDVSHFWRVFRPRWHQWDWL
YDVGHVROLFLWDomRGHDFHVVRDGDGRVEOR
TXHDGRVSHOR9DXOW
5HVSRQVDELOLGDGHVQR2UDFOH9DXOW
$GPLQLVWUDGRU GH 6HJXUDQoD XP
DGPLQLVWUDGRU GH VHJXUDQoD SRGH FRQ
gurar as regras de Comando do Database
9DXOWDXWRUL]DURXWURVXVXiULRVDXWLOL]iORV
H H[HFXWDU YiULRV UHODWyULRV GH VHJXUDQoD
HVSHFtFRVGR'DWDEDVH9DXOW
Administrao do Banco de Dados
'%$DUHVSRQVDELOLGDGHGHDGPLQLVWUDomR
GREDQFRGHGDGRVSHUPLWHTXHXPXVXiULR
FRP RV SULYLOpJLRV GH '%$ FRQWLQXH H[H
cutando o gerenciamento e a manuteno
normais associados ao banco de dados,
FRPREDFNXSHUHFXSHUDomRDSOLFDomRGH
SDWFKHVHDMXVWHGHGHVHPSHQKR
*HUHQFLDGRUGH&RQWDVXPXVX
iULR FRP D UHVSRQVDELOLGDGH GH JHUHQFLD
PHQWR GH FRQWDV SRGH FULDU HOLPLQDU RX
PRGLFDU XVXiULRV GR EDQFR GH GDGRV
>1(('+$0@
'DWD0DVNLQJ
Oracle Data Masking ajuda as or
JDQL]Do}HVDDWHQGHUDVGHPDQGDVGHSUL
YDFLGDGHHSURWHomRGHGDGRVFRPR6DU
EDQHV2[OH\3&,3D\PHQW&DUG,QGXVWU\
'66 'DWD 6HFXULW\ 6WDQGDUG +,3$$
+HDOWK ,QVXUDQFH 3RUWDELOLW\ DQG$FFRXQ
WDELOLW\$FW EHP FRPR LQ~PHUDV OHLV TXH
restringem o uso de dados reais do clien
te. Com o Oracle Data Masking, informa
o}HVVLJLORVDVFRPRQ~PHURVGHFDUWmRGH
FUpGLWRRXGHVHJXULGDGHVRFLDOSRGHPVHU
VXEVWLWXtGRV SRU YDORUHV UHDLV SHUPLWLQGR
TXH RV GDGRV GH SURGXomR VHMDP XVDGRV
Intercincia
& Sociedade
'DWDEDVH)LUHZDOO
22UDFOH)LUHZDOOPRQLWRUDDDFWL
YLGDGHGDEDVHGHGDGRVGHPRGRDSUHYH
nir o acesso no autorizado,
LQMHo}HVQR64/DOWHUDomRGHSUL
YLOpJLRVHRXWURVDWDTXHVH[WHUQRVHLQWHU
QRVWXGRRQOLQHQDEDVHGHGDGRV3HUPL
WLQGRTXHRVDGPLQLVWUDGRUHVPRQLWRUHPH
controlem todos os acessos realizados na
base de dados.
2UDFOH 'DWDEDVH )LUHZDOO RIHUH
FHXPVLVWHPDGHHOHYDGDFDSDFLGDGHGH
HVFDODELOLGDGH DVVHUWLYR H GH UHQGLPHQWR
107
Figura 7:)RQWH2UDFOH)LUHZDOO
6HFXULW\5DGLXV
O Oracle Security Radius fornece
XPFOLHQWH5HPRWR5$',865HPRWH$X
WKHQWLFDWLRQ'LDO,Q8VHU6HUYLFHTXHSHUPL
WHTXHREDQFRGHGDGRVUHVSHLWHDDXWHQWL
FDomRHDVDXWRUL]Do}HVGHFODUDGDVSRUXP
VHUYLGRU2UDFOHSUpFRQJXUDGR
(VVHUHFXUVRpSDUWLFXODUPHQWH~WLO
SDUDHPSUHVDVLQWHUHVVDGDVQDDXWHQWLFD
Intercincia
& Sociedade
Figura 8: )RQWH2UDFOH$GYDQFHG6HFXULW\
&RQWUROHGH$FHVVRQR2UDFOH*
108
Intercincia
& Sociedade
$2UDFOHSURSRUFLRQDXPDVHJX
UDQoDWUDQVSDUHQWHDVHXVXVXiULRVEDVH
DGD HP SDGU}HV GH EDQFR GH GDGRV TXH
SURWHJH DV LQIRUPDo}HV SRU PHLR GH FULS
WRJUDDDUPD]HQDQGRGDGRVDORFDGRVHP
VHXEDQFRWUDWDQGRDUTXLYRVDUPD]HQDGRV
FRP VHUYLoRV GH DXWHQWLFDomR IRUWH DP
SOLDQGR D HVWUXWXUD GH VHJXUDQoD H[LVWHQ
WHQDVHPSUHVDVRXVHMDWRGRDFHVVRDR
EDQFRGHGDGRVUHTXHUDXWHQWLFDomRXVXi
ULDRXGHDSOLFDo}HV
7. TRABALHOS FUTUROS
2 WUDEDOKR SURSRVWR IRL XP OHYDQWD
PHQWR %LEOLRJUiFR SRUWDQWR VXJHULPRV FRPR
WUDEDOKR IXWXURV D LPSOHPHQWDomR H DYDOLDomR
da segurana do Banco de Dados Oracle 11G
5HOHDVH
REFERNCIAS BIBLIOGRFICAS
%(518&, 7K\DJR Novidades para desenvolvedores no Oracle 11g GLVSRQtYHO HP KWWSZZZ
GHYPHGLDFRPEUQRYLGDGHV SDUDGHVHQYROYHGRUHV
QRRUDFOHJUHYLVWDVTO
PDJD]LQHSDUWH
L[]]D[-L.)Y!
$FHVVRHPGH$JRVWR
81,&$03 %DQFRV GH 'DGRV Conceito de Segurana de Banco de dados GLVSRQtYHO HP KWWS
XQLFDPSEUSXEDSRLRWUHLQDPHQWRVEDQFRGDGRVFXU
VRGESGI!$FHVVRHPGH-XQKR
81,&$036HJXUDQoDHP7HFQRORJLDGD,QIRUPDomR
Conceito Segurana Tecnologia da Informao
GLVSRQtYHO HP +WWSXQLFDPSEUSXEDSRLRWUHLQD
PHQWRV6HJXUDQFDVHJSGI!$FHVVRHPGH-XQKR
*5$d$',2 0DUFHOR 0RUHLUD Controle de acesso Oracle Database GLVSRQtYHO HP KWWSZZZ
GHYPHGLDFRPEUXSJUDGHSDUDR RUDFOHGDWDEDVH
SDUDJUHYLVWDVTOPDJD]LQH ! $FHVVR
HPGH$JRVWR
,'&:RUOG:LOGHPesquisa de Mercado Bancos de
dados 0XQGR GLVSRQtYHO HP KWWSZZZLGFFRP
SURGVHUYSURGVHUYMVS"W ! $FHVVR
HPGH-XQKR
109
Intercincia
& Sociedade
110
Intercincia
& Sociedade