数据库恶意事务恢复日志系统

恶意事务攻击成功后的数据恢复机制要求日志文件必须同时记录写操作信息和读操作信息。为此，提出一种数据库恶意事务恢复日志策略，并基于该策略设计日志系统。在日志系统中，结构化查询语言(SQL)语句过滤可保护日志文件的安全，拒绝终端客户对日志文件的非法操作；敏感信息设置从行级和列级2个方面设置日志记录必须满足的约束条件，可有效控制日志文件的规模；写日志产生器通过使用触发器的临时表完成对写操作的记录；读日志产生器通过重构SQL语句产生临时表，再访问临时表完成对读操作的记录。实验结果表明，该系统可有效记录数据库读写操作，但同时会降低整体系统的效率。

Log System for Recovery from Database Malicious Transaction

Recovery from malicious transaction has become an important method to protect database, the new recovery mechanism raises new requirement that the log file should not only record information of write operation but also the information of read operation. To fulfill the new requirement, a new log strategy is proposed, According to this strategy, the log system is designed and implemented, the system is composed by four parts： SQL statements filtrating, sensitive information setting, write log generator and read log generator. Structured Query Language（SQL） statements filtrating aims to protect the log file from malicious users. Sensitive information setting gives constraints to log record to control the size of log file. Write log generator uses triggers to records the information of write operation. Read log generator records the information of read operation via re-constructing SQL statements, creating temporary table and accessing temporary table. Experimental result shows that log system records database operations effectively, but decreases the efficiency of the whole system.