(1) Hackers use B/S applications and take the Web server as a springboard to steal data from the database; Traditional solutions cannot control application access and database access protocols. For example, SQL injection is a typical means of database hacking.
(2) Data leakage often occurs internally, and a large number of operation and maintenance personnel are in direct contact with sensitive data, so the traditional network security solution based on external prevention has lost its effectiveness.
Database has become the protagonist of these leaks, which is related to our neglect of database security in traditional security construction. In the traditional information security protection system, the database is the core of protection, and it is not easy to be attacked by external hackers. At the same time, the database itself has strong security measures, which are safe enough on the surface, but this traditional security defense idea has fatal defects.