Linq to SQL 审计跟踪/审计日志:我应该使用触发器还是 doddleaudit? [英] Linq to SQL Audit Trail / Audit Log: should I use triggers or doddleaudit?
问题描述
我正在开发一款商业应用,该应用要求审核所有数据库事务(主要用于法律目的).
I'm working on a business app that requires that ALL database transactions be audited (for legal purposes mainly).
我在网上环顾四周,发现了 DoddleAudit (http://www.codeplex.com/DoddleAudit) 基本上增加了 Linq to SQL 跟踪更改的能力.就像人们在 Hibernate 中使用拦截器一样.
I've looked around the web and came across DoddleAudit (http://www.codeplex.com/DoddleAudit) which basically adds the ability for Linq to SQL to track the changes. Much like people use Interceptors in Hibernate.
我担心的是可靠性问题.虽然 ORM 层上的审计日志可能会记录通过代码发生的一切,但如果有人手动向数据库发出 SQL 语句或黑客等,它不会记录任何更改.基本上我正在处理的信息是有点敏感.这就是让我相信 Triggers 可能是最可靠的方式的原因.(?)
The thing that concerns me with this is the reliability issue. While an audit log on the ORM layer may record everything that happens via code, it won't log any changes if say a someone manually issues an SQL statement against the database, or a hacker etc. Basically the information I'm dealing with is somewhat sensitive. That's what leads me to believe that Triggers is probably the most reliable way. (?)
其他记录方式是通过代码,或者通过存储过程,这似乎有点老套和不可靠.所以我基本上决定使用触发器或 DoddleAudit 之类的东西.
Other ways to log would be through code, or through stored procedures which seems a bit hacky and unreliable. So I'm basically down to either using triggers or something like DoddleAudit.
我希望在选择之前得到一些意见.
I was hoping to get a few opinions though before choosing either.
推荐答案
如果审计是出于法律目的,那么您必须通过经过认证的合规方法来进行.此类方法非常适用于通过审计缓解的特定威胁.您需要阅读审计(数据库引擎) 以及更多可能会咨询专家,该专家可以为您提供有关数据审计的各种法律框架的指导,具体针对您的位置和领域.
If the audit is for legal purposes then you have to do it through a certified for compliance methodology. Such methodologyes are very specific to the specific threats being mitigated via audit. You need to read up on Auditing (Database Engine) and more than likely consult a specialist that can give you guidance on the various legal frameworks that surround data audit, specific to your location and domain.
SQL Server 具有符合 C2 的审核模式,请参阅 c2 审核模式选项,这是一种认证兼容模式.Linq2sql 审计或自定义数据审计可能是工程的辉煌壮举,但如果它们没有通过合规性认证(而且它们没有),它们将一无所获.
SQL Server has the C2 compliant audit mode, see c2 audit mode Option, which is a certified compliant mode. Linq2sql audit or custom data audit may be brilliant feats of engineering, but they're not gonna hold a drop of water if they are not certified for compliance (and they're not).
这篇关于Linq to SQL 审计跟踪/审计日志:我应该使用触发器还是 doddleaudit?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
