0 Preface
When summarizing the various means of development, management and service of information resources, people think that the most effective method is database technology. The application of database has become more and more extensive. It is one of the important indicators to measure the degree of information construction in a country. The goal of China's "Golden Card Project" is to realize the automation, electronic and network of credit card processing, and the construction of this large-scale system project must be based on security, reliability and stability. This paper discusses the design of the database of the IC card cashier management information system and the measures and methods to improve the security of the database and the security of the application, which has certain practicability.
1 IC card database design
The database of the IC card cash register system is the structure and data shared by the cash register program. The quality of the database design directly affects the performance and quality of each link in the system. Traditional software engineering ignores the definition and abstraction of data semantics in applications. It only studies data models and modeling methods, focuses on structural design, and ignores behavioral design. A more scientific approach is to analyze data and functions. Designed in combination [1].
1. 1 library design
Through the demand analysis of the IC card cash register system, the DFD data flow graph is used to represent the direct relationship between the processing and the data, the data dictionary is used to describe the pre-stored data, then the entity set, the association and the attributes are defined, and the conceptual model (E-R model) Convert to a relational model that can be processed by a specific DBMS, determine its physical storage structure, comprehensively consider the index, access time, storage overhead and maintenance cost, etc. Finally, use the DDL language to establish a three-level model of the database, load test Data testing, commissioning, etc. [ 2 ].
1. 2 design of the table
A relational database is a method of applying a two-dimensional table to represent a database system of entity collections and attributes. A two-dimensional table should follow that each information item in the table is an indivisible data item, and each column of information items requires the same type, and each column is mutually Not the same, the row and column order can be arbitrary [3]. The specification of the two-dimensional table is expressed by a paradigm, and the first paradigm 1NF is satisfied, and the 2NF is further satisfied in the 1NF. The following equations are associated with each other [4] : 5NF ∈4NF ∈BCNF ∈3NF ∈2NF∈1NF In order to eliminate the problems of data insertion, deletion exception, modification complexity, data redundancy, etc., it is sometimes necessary to further normalize, in order to eliminate the partial function dependence of non-primary attribute pairs, and eliminate the part of the main attribute pair code. And transfer function dependencies, eliminate non-trivial and non-function dependent multi-valued dependencies, eliminate the dependence of non-trivial non-trivial functions that determine determinants [5].
2 IC card database security measures and methods
2. 1 Database security
The security of the database is to protect the database to prevent data leakage, alteration or destruction caused by illegal users. There are two methods for physical security and system processing for the security and confidentiality method of the database. Physical processing is a measure of encrypting data into ciphertext, strengthening security, and protecting storage media for powerfully forcing the disclosure of passwords, eavesdropping on stolen storage devices, etc. The system processing is based on the computer itself, which is mainly reflected in the user logo. And identification, storage control, etc. First of all, to access the database, you must pass a user of the database, but each user has a different password. Only the correct input of the user name and password can be used to connect to the database and access the database. Of course, the database DBA can force any change. A user's password, the user can modify it on a regular or irregular basis, as the administrator refuses to access the remote DBA, which can effectively improve the security level of the database. Secondly, for authorized users, access control is also performed according to pre-defined user rights, ensuring that users can only access data that they have permission to operate, including data objects and operation types. There are two types of data objects, one is the data itself, such as tables and fields in a relational database; the other is external mode, mode, and internal mode, all of which are completed by the DBA, even if an illegal intruder obtains a certain The user password of the database, and the user's limited permissions or no permissions at all, will not cause much damage to the database, thus ensuring the security of the database.
2. 2 Database integrity
The integrity of the database refers to the correctness and compatibility of the database. It can effectively prevent the existence of non-conformity data in the database, the invalid operation and the wrong result caused by the input and output of the error information. Therefore, it is necessary to use a certain mechanism to check whether the data in the database meets the specified conditions, that is, the constraint of integrity. It includes three types: one is the constraint of the value and the constraint of the structure; the other is the static constraint and the dynamic constraint; Is the execution constraint and the delay execution constraint. For some databases, the SQL language only provides security control, but there is no constraint to define integrity. We can learn the validity of the field and define triggers for integrity check. When the validity is found to be violated. The system automatically issues a warning, triggers the Select statement when an event occurs, and performs an integrity check.
2. 3 database concurrency control
A database is a shared resource that can be used by multiple users at the same time, but if it is not controlled, it will destroy the consistency of the database. Concurrency control is to use the correct method to schedule concurrent operations to avoid database inconsistency. The method is usually solved by blocking. Transaction T (Transaction) can issue a request to the system to lock an object, so the transaction T has a certain control on the data object, other transactions can not change the data, unless the transaction T is unlocked (Unlock), the lock is based on Specific functions are divided into exclusive locks (Exc lusive locks are abbreviated as X locks) and shared locks (Share locks are abbreviated as S locks) [5]. If the transaction T adds an X lock to the database R, then only T is allowed to read and modify R, and any blocking requests from other transactions to R cannot succeed until T releases the X lock on R; if transaction T adds data R S lock, the X lock request of other transactions to R can not be successful, and the S lock request for R can be obtained, which ensures that other transactions can read R but can not modify R until T releases S lock.
2. 4 database backup and recovery
The database system may experience failures such as internal transaction failures, operating system failures, media failures, computer viruses, etc., interfering with or even destroying the database. Database backup is an important means to ensure the data security of the database in the IC card cash register system. It can ensure that the system recovers data effectively when the system fails and when the user misuses. The common methods are as follows: First, logical backup, Read and save the records of one database to another file; second, physical backup, complete dump of the I card database, in case of failure, it can be easily and timely restored to minimize losses.
3 Program security design and strategy
De lphiADO (ActiveX Data Object) is a set of database access specifications introduced by Microsoft Corporation [6]. It enables applications to access and manipulate databases through an OLE DB Provider driver. It is a COM-based database access rule and AP I function. The collection, which encapsulates OLE DB in the form of ActiveX, has the characteristics of fast speed, low memory consumption and direct use of AP I functions; support for web-based application development; support for RDS (Remote Data Service), therefore, has a wide range of applications. [7~8]. However, the security of application software is an eternal theme. How to design a safe and reliable program is a problem that every programmer must think about.
3. 1 Identity authentication through IP detection and encrypted transmission
Identity authentication is a process in which a user submits identity information to a server through a client. The traditional method is to transmit the username and password in plain text. It turns out that this method does not achieve satisfactory results. Introducing the MD5 (Message - Digest Algorithm 5) information-summary algorithm (RFC1828) [9], in which the large-capacity information is compressed into a confidential format before signing the private key with the digital signature software, ie, an arbitrary The length string is converted into a fixed-length large integer, which processes the input information in 512-bit packets, and each packet is divided into 16 32-bit sub-packets. After a series of processing, the four 32-bits are The bit group concatenation generates a 128-bit hash value. The information is first padded so that the byte length is 512 and the result is equal to 448. Therefore, the byte length of the message will be extended to N3 512 +448, which is N3 64 + 56 bytes, and N is a positive integer. The method of filling is to add a 1 and an infinite number of 0s after the information, until the above condition is satisfied, then stop filling with 0, and then add a length of information before filling in 64-bit binary. After processing, the information is processed. The length of the byte is N3 512 +448 + 64 = (N + 1) 3 512, which is exactly the integer multiple of 512. After the data is filled, the data is grouped in units of 512 bits. If the data length is K3 512 bits, then we divide into K data segments, each data segment has 512 bits, and then divide each data segment into 16 segments. A 32-bit sub-data segment is numbered M0-M15 from the low-order to the high-order. In MD5 encoding, there are four registers A, B, C, and D that store 32-bit shaping parameters. First initialize these four registers to A = 0x01234567, B = 0x89abcdef, C = 0xfedcba98, D = 0x76543210. Then start to enter the algorithm's four-step cyclic coding operation, the number of cycles is the number of information data segment grouping, each round must be written to the ABCD register after calculation, and used for the next round of calculation, until the calculation is completed, in the register ABCD The data in is the required MD5 code.
For example, the encrypted account "adm in" and the password "207945" are encrypted into MD5 values: MD5Use rName ( 'admin') = "21232f297a57a5a743894a0e4a801fc3" MD5 PassWord ( '207945') = "5c897360258d340f43dd58f3ffc54887" and then saved in the authentication server The MD5 value on the comparison is used to verify the correctness of the password. Through such processing, the system can verify the validity of the user identity authentication without knowing the plaintext of the user password. This not only prevents the user password from being known by users with system administrator privileges, but also increases the difficulty of password cracking to some extent. Because the MD5 algorithm has the characteristics of encryption unidirectionality and digital fingerprinting, in remote authentication. Using the MD5 algorithm can make up for the shortcomings of the traditional model, thus improving the security level of the system.
At the same time, the IP address table of each user is established on the server side. After the server obtains the IP address of the client, the server compares with each IP address in the IP address table. Only the user with the legal IP address can enter the user name and password as the user. Prerequisites for authentication, if the user's IP address is not met, there is no chance to enter the username and password, which effectively improves the security of the identity authentication and reduces the possibility of illegal users guessing the username and password. For the input of the user name and password, the legality test is also carried out, and special characters such as single quotes and equal signs are not allowed to exist, so as to prevent the user from exploiting the vulnerabilities of the SQL statement and skipping the verification of the password.
3. 2 Using Delphi's fault-tolerant mechanism to improve software security
The fault-tolerant processing of the program is to allow the application to be transferred to a safe place after the application has an error, so that the system can resume control or the program ends normally. The system will not crash or crash, and save the data as much as possible, and will lose. drop to lowest. De lphi provides a default fault-tolerant handler for each application. Delphi's fault-tolerant processing mechanism is based on the protection block, which is to use the reserved word y and encapsulate a piece of code, which is used when the application has an error. A corresponding exception class is automatically created, and the application can capture and process the exception class to ensure the normal end of the program and release the resources occupied by the program to ensure that the data is not destroyed. There are four kinds of exception handling in Delphi [6].
1) try ⋯ except structure;
2) try ⋯ finally structure;
3) ra ise structure;
4) nested exceptions structure.
The emergence of exceptions is often inevitable, and excellent exception handling will greatly ensure the security, robustness and friendliness of the application, thus reinforcing the application.
4 Conclusion
Through the object-oriented analysis and the determination of the object, the structure of the data is combined with the design of the behavior, and the IC database is designed according to the requirements of the standardization to ensure the integrity and consistency of the database. At the same time, the security of the software is ensured through fault tolerance. [10]. However, over-normalization will reduce the performance of the database, abuse of fault tolerance, will increase the system time overhead, how to find the best balance point, is the goal that system design should pursue.
Adopt the quality motor to ensure that the lifting is not stuck, the lifting speed is 32mm / s.the sound under no load is less than 45dB, quiet and noiseless, and does not affect other people's office.The motor has strong power, stable power output and stable load bearing of 100kg, which can meet the needs of daily entertainment and office desktop storage. Colleagues can cooperate with the function of resistance retreat and power-off protection to ensure the safety of lifting. The power in standby mode is only 0.1W, energy saving and environmental protection.
Dual Motor Standing Desk,Dual Motor Height Adjust Desks,Height-Adjustable Standing Desks,Modern Sit Standing Office Standing Desk
CHEX Electric Standing Desk , https://www.zjqxhdesk.com