ISO/IEC 9579-2000 信息技术 对带有安全增强SQL的远程数据库访问

标准号：ISO/IEC 9579-2000
中文标准名称：信息技术 对带有安全增强SQL的远程数据库访问
英文标准名称：Information technology - Remote database access for SQL with security enhancement
标准类型：M11
发布日期：1999/12/31 12:00:00
实施日期：1999/12/31 12:00:00
中国标准分类号：M11
国际标准分类号：35.100.70
适用范围：This International Standard, Remote Database Access for SQL (RDA), defines a model for the remote interaction of an SQL-client and one or more SQL-servers through communication media, and defines the encoding of messages, the semantics of messages and associated facilities for mediating the interaction between one SQL-client and one SQL-server. This International Standard also defines a mapping of the RDA Protocol to the specific communication infrastructures TCP/IP and Transport Layer Security (TLS). This International Standard relies upon the facilities provided by ISO/IEC 9075 (SQL) and ISO/IEC 9075-3 (SQL/CLI). This International Standard also: - identifies potential security vulnerabilities in remote database access using RDA, - defines RDA facilities which protect against the potential vulnerabilities. Normative annexes provide: - a Conformance Proforma, - an optional language independent Application Programming Interface defined in the notational conventions of ISO/IEC 9075-3 (SQL/CLI) for invoking RDA Operations, - an optional mapping of ISO/IEC 9075-3 (SQL/CLI) functions to RDA Operations, - definitions of optional SQL-servers, the RDA Location Server and the RDA Support Server, to facilitate interoperation and data distribution in a heterogeneous environment, - a set of security profiles that identify which RDA facilities and other security facilities are required for different levels of protection against potential vulnerabilities. Informative annexes provide: - an analysis of security service requirements, - an ASN.l specification for the RDA Protocol, - an ASN.1 specification for the encoding of multiple rows. This International Standard does not constrain: - conforming RDA-client environments to be implemented using any particular processor decomposition, - conforming RDA-server environments to be implemented using any particular processor decomposition. This International Standard refers to but does not define: - protocols and security mechanisms for communication confidentiality, integrity and authentication of communicating peers, - digital signature and authentication mechanisms supported by protocol elements of RDA. This International Standard does not define: - algorithms for query decomposition or for the combining of results in a distributed database environment, - mechanisms for recovery in the event that transaction co-ordination fails, - mechanisms for storage integrity and confidentiality using cryptography, - mechanisms to counter Denial of Service attacks.