|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有帐号?立即注册
x
用户时常会发现其实自己并不是第一个选用MySQL数据库的先驱者。”触发器|数据|数据库
怎样利用触发器完成数据库级保卫,避免DDL操纵
--关于主要工具,实行DDL回绝,避免create,drop,truncate,alter等主要操纵
LastUpdated:Sunday,2004-10-3112:06Eygle
不论是成心仍是偶然的,你大概会碰到数据库中主要的数据表等工具被drop失落的情形,这大概会给我们带来伟大的丧失.
经由过程触发器,我们能够完成关于表等工具的数据库级保卫,克制用户drop操纵.
以下是一个复杂的典范,供参考:
REMthisscriptcanbeusedtomonitoraobjectREMdenyanydropoperationonit.CREATEORREPLACETRIGGERtrg_dropdenyBEFOREDROPONDATABASEBEGINIFLOWER(ora_dict_obj_name())=testTHENraise_application_error(num=>-20000,msg=>你疯了,想删除表||ora_dict_obj_name()||?!!!!!||你完了,差人已在途中.....);ENDIF;END;/
测试效果:
SQL>connectscott/tigerConnected.SQL>createtabletestasselect*fromdba_users;Tablecreated.SQL>connect/assysdbaConnected.SQL>createorreplacetriggertrg_dropdeny2beforedropondatabase3begin4iflower(ora_dict_obj_name())=test5then6raise_application_error(7num=>-20000,8msg=>你疯了,想删除表||ora_dict_obj_name()||?!!!!!||你完了,差人已在途中.....);9endif;10end;11/Triggercreated.SQL>connectscott/tigerConnected.SQL>droptabletest;droptabletest*ERRORatline1:ORA-00604:erroroccurredatrecursiveSQLlevel1ORA-20000:你疯了,想删除表TEST?!!!!!你完了,差人已在途中.....ORA-06512:atline4
Oracle从Oracle8i入手下手,同意实行DDL事务trigger,但是完成关于DDL的监督及把持,以下是一个进一步的例子:
createorreplacetriggerddl_denybeforecreateoralterordroportruncateondatabasedeclarel_errmsgvarchar2(100):=Youhavenopermissiontothisoperation;beginifora_sysevent=CREATEthenraise_application_error(-20001,ora_dict_obj_owner||.||ora_dict_obj_name||||l_errmsg);elsifora_sysevent=ALTERthenraise_application_error(-20001,ora_dict_obj_owner||.||ora_dict_obj_name||||l_errmsg);elsifora_sysevent=DROPthenraise_application_error(-20001,ora_dict_obj_owner||.||ora_dict_obj_name||||l_errmsg);elsifora_sysevent=TRUNCATEthenraise_application_error(-20001,ora_dict_obj_owner||.||ora_dict_obj_name||||l_errmsg);endif;exceptionwhenno_data_foundthennull;end;/
我们看一下效果:
[oracle@jumpertools]$sqlplus"/assysdba"
SQL*Plus:Release9.2.0.4.0-ProductiononSunOct3111:38:252004
Copyright(c)1982,2002,OracleCorporation.Allrightsreserved.
Connectedto:
Oracle9iEnterpriseEditionRelease9.2.0.4.0-Production
WiththePartitioningoption
JServerRelease9.2.0.4.0-Production
SQL>setechoon
SQL>@ddlt
SQL>createorreplacetriggerddl_deny
2beforecreateoralterordroportruncateondatabase
3declare
4l_errmsgvarchar2(100):=Youhavenopermissiontothisoperation;
5begin
6ifora_sysevent=CREATEthen
7raise_application_error(-20001,ora_dict_obj_owner||.||ora_dict_obj_name||||l_errmsg);
8elsifora_sysevent=ALTERthen
9raise_application_error(-20001,ora_dict_obj_owner||.||ora_dict_obj_name||||l_errmsg);
10elsifora_sysevent=DROPthen
11raise_application_error(-20001,ora_dict_obj_owner||.||ora_dict_obj_name||||l_errmsg);
12elsifora_sysevent=TRUNCATEthen
13raise_application_error(-20001,ora_dict_obj_owner||.||ora_dict_obj_name||||l_errmsg);
14endif;
15
16exception
17whenno_data_foundthen
18null;
19end;
20/
Triggercreated.
SQL>
SQL>
SQL>connectscott/tiger
Connected.
SQL>createtabletasselect*fromtest;
createtabletasselect*fromtest
*
ERRORatline1:
ORA-00604:erroroccurredatrecursiveSQLlevel1
ORA-20001:SCOTT.TYouhavenopermissiontothisoperation
ORA-06512:atline5
SQL>altertabletestadd(idnumber);
altertabletestadd(idnumber)
*
ERRORatline1:
ORA-00604:erroroccurredatrecursiveSQLlevel1
ORA-20001:SCOTT.TESTYouhavenopermissiontothisoperation
ORA-06512:atline7
SQL>droptabletest;
droptabletest
*
ERRORatline1:
ORA-00604:erroroccurredatrecursiveSQLlevel1
ORA-20001:SCOTT.TESTYouhavenopermissiontothisoperation
ORA-06512:atline9
SQL>truncatetabletest;
truncatetabletest
*
ERRORatline1:
ORA-00604:erroroccurredatrecursiveSQLlevel1
ORA-20001:SCOTT.TESTYouhavenopermissiontothisoperation
ORA-06512:atline11
我们能够看到,ddl语句都被克制了,假如你不是克制,能够选择把实行这些操纵的用户实时间纪录到别的的一时表中.以备查询.
本文作者:
eygle,Oracle手艺存眷者,来自中国最年夜的Oracle手艺论坛itpub.
www.eygle.com是作者的团体站点.你可经由过程Guoqiang.Gai@gmail.com来接洽作者.接待手艺切磋交换和链接互换.
原文出处:
http://www.eygle.com/faq/Use.Trigger.To.implement.ddl.deny.htm
如欲转载,请说明作者与出处.并请保存本文的毗连.
回想页
首先我们要知道,或许有一项技术存在很多理由让我们可以选择使用MySQL学习教程,但是让我们不使用它往往只要有一个理由就足够了。 |
|