SQL Server 2012:一种查看数据库是否已被篡改的方法?
[英]SQL Server 2012: A way to see if the database has been tampered with?
问题描述
I have a delicate situation wherein some records in my database are inexplicably missing. 
我有一个微妙的情况,我的数据库中的某些记录会莫名其妙地丢失。 Each record has a sequential number, and the number sequence skips over entire blocks. 每个记录都有一个序号,数字序列会跳过整个块。 My server program also keeps a log file of all the transactions received and posted to the database, and those missing records do appear in the log, but not in the database. 我的服务器程序还保存了所有已接收并发布到数据库的事务的日志文件,那些丢失的记录的确出现在日志中,而不是数据库中。 The gaps of missing records coincide precisely with the dates and times of the records that show in the log. 缺失记录的间隙与日志中显示的记录的日期和时间恰好一致。
The project, still currently under development, consists of a server program (written by me in Visual Basic 2010) running on a development computer in my office. 该项目仍在开发中,它由一个服务器程序(由我在Visual Basic 2010中编写)组成,该程序在我办公室的开发计算机上运行。 The system retrieves data from our field personnel via their iPhones (running a specialized app also developed by me). 该系统通过他们的iPhone(运行由我开发的专用应用程序)从我们的现场人员那里检索数据。 The database is located on another server in our server room. 数据库位于我们服务器机房中的另一台服务器上。
No one but me has access to my development server, which holds the log files, but there is one other person who has full access to the server that hosts the database: our head IT guy, who has complained that he believes he should have been the developer on this project. 除了我之外,没有人可以访问我的开发服务器,它拥有日志文件,但是还有一个人可以完全访问托管数据库的服务器:我们的头脑IT人员抱怨他认为他应该是这个项目的开发人员。
It's very difficult for me to believe he would sabotage my data, but so far there is no other explanation that I can see. 我很难相信他会破坏我的数据,但是到目前为止,我看不到其他解释。
Anyway, enough of my whining. 无论如何,我的抱怨声足够。 What I need to know is, is there a way to determine who has done what to my database? 我需要知道的是,有没有办法确定谁对我的数据库做了什么?
4 个解决方案
解决方案1
4 已采纳 2013-12-26 17:33:05
If you are using identity for your "sequential number", and your insert statement errors out the identity value will still be incremented even though no record has been inserted. 如果您使用身份作为“序列号”,并且您的insert语句出错,即使未插入任何记录,身份值仍将增加。 Just another possible cause for this issue outside of "tampering". 除了“篡改”之外,这个问题的另一个可能原因。
解决方案2
1 2013-12-26 17:29:20
Look at the transaction log if it hasn't been truncated yet: 查看事务日志是否尚未截断:
解决方案3
1 2013-12-26 17:31:04
If you want to catch the changes in real time, I suggest you consider using SqlDependency . 如果您想实时捕获更改,我建议您考虑使用SqlDependency 。 This way, when data changes, you will be alerted immediately and can check which user is using the database at the very moment (this could also be done using code). 这样,当数据发生变化时,您将立即收到警报,并且可以立即检查哪个用户正在使用数据库(这也可以使用代码完成)。
You can use this code sample. 您可以使用此代码示例。
Coming to think about it, you can establish the same effect using a trigger and writing ti a table active users. 考虑到它,您可以使用触发器并写入表活动用户来建立相同的效果。 Of course, if you are suspecting someone is tempering with data, using SqlDependency might be a better way to go with, as the data will be stored outside of the tampered database. 当然,如果您怀疑有人正在处理数据,则使用SqlDependency可能是更好的选择,因为数据将存储在被篡改的数据库之外。
解决方案4
1 2013-12-26 17:39:57
You can run a trace, for example a distant profiler trace, that will get all SQL queries containing the DELETE keyword. 您可以运行一个跟踪,例如一个远程探查器跟踪,它将获取所有包含DELETE关键字的SQL查询。 This way, nobody will be aware that queries are traced. 这样,没有人会知道查询被跟踪。 You can also query the default trace regularly to get the last DELETE commands: Maintaining SQL Server default trace historical events for analysis and reporting 您还可以定期查询默认跟踪以获取最后的DELETE命令: 维护SQL Server默认跟踪历史事件以进行分析和报告
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.