| Summary: | 碩士 === 立德管理學院 === 應用資訊研究所 === 91 === This study provides some methods of security protecting for the Application Service Provider (ASP) that make ASP staffs have no chance to steal customers’ data. It also provides the solution about authority management of customer, and the backup and design of database for ASP.
For provider of software service, in order to provide the related control plan of data security, and prevent from the data being maked illegal use by internal employees of ASP company, the way is that draw up a plan of ASP internal security management. That constrains the authority of internal employees of ASP company, and control by program. System manager of ASP only can add or delete ordinary user acoout of the customer, but cannot append, delete and look into the information of clients, so that ASP has no chance to steal the data of clients. Furthermore, separate every client database individually, and clients can't read out other client’s database. Each database manager of clients has the highest authority of management on their own database. Make use of group and uers acoount separation, the ordinary user account has add, delete, and query operating functions. This kind of method can limit each ordinary user account has different authority of client.
To synthesiz hereinbefore two ways: The management of ASP Internal security and the limits of user’s function; To classify authority of customer’s database, and supply backup function and design to achieve the secure protecting management of ASP.
|
|---|
