¹ØÓÚMysqlÊÇ·ñÂú×ãC2¼¶µÄÌÖÂÛ

====================================================
Òý×Ô£ºhttp://blog.sina.com.cn/s/blog_538a9d1901008f9g.html
ʲôÊÇC2¼¶°²È«ÐÔ£¿°²È«ÐԵķÖÀàÊÇÔõÑùµÄ£¿(2008-01-30 17:04:39)
  
DÀࣺ×îµÍ±£»¤£¬±£Áô¸ø²»ÄÜͨ¹ý¸ü¸ß¼¶±ð¼ì²éµÄϵͳ
C1£º½÷É÷±£»¤£¬ÒªÇóÓлùÓÚÓû§¼¶±ðµÄ¿ØÖÆÀ´±£»¤Êý¾Ý£¬Ö÷Òª·ÀÖ¹ÒâÍâʼþ´øÀ´µÄËðʧ£¬ÊÊÓÃÓÚ¶Ô°²È«ÐÔÒªÇó²»ÊÇÌ«¸ßµÄϵͳ
C2£ºÈ¨ÏÞ¿ØÖƱ£»¤£ºÓû§¶Ô×Ô¼ºµÄÐÐΪ¸ºÔð£»ÏµÍ³¿ÉÒÔ¸ú×ÙËùÓйý³ÌºÍ¼Ç¼ij¸öÓû§µÄÐÐΪ¡£·ÀÖ¹¶ÔÏóÖØÒýÓ㬲¢±£Ö¤ÏµÍ³°²È«ÐÔ¼àÊÓÆ÷µÄЧÁ¦¡£Óû§¿ÉÒÔÉ趨±ðÈ˶Ô×Ô¼ºÊý¾ÝµÄȨÏÞ¡£
B1£º±êÖ¾°²È«ÐÔ±£»¤£ºÒªÇóÌرðµÄ°²È«ÐԼƻ®£¬ËùÓеı£ÃÜÊý¾Ý¶¼Òª¼ÓÒ»±êÖ¾£¬ÔÚϵͳÖд«µÝÕâЩÊý¾Ýʱ±ØÐëºË¶Ô±êÖ¾¡£Óû§²»ÄÜ×Ô¼º¸Ä±äÕâЩ±êÖ¾¡£
B2£º½á¹¹»¯±£»¤£¬ÒªÇó½á¹¹»¯µÄ¡¢Õý¹æµÄ°²È«ÐԼƻ®¡£Óû§ÕË»§ÑéÖ¤¹¦ÄÜÔöÇ¿£¬ÒÔÈ·¶¨Ã¿¸öÓû§ºÏ·¨µÄ°²È«ÐÔȨÏÞ¡£
B3£º°²È«Óò£ºÒªÇó°²È«ÐÔϵͳ¾¡¿ÉÄÜС£¬ÅųýÒ»ÇÐÎÞȨÏÞ´úÂëÖ´ÐС£ÕâЩ´úÂë¿ÉÄܲ»ÀûÓÚϵͳµÄ°²È«ÐԺͲâÊÔ£¬ÒªÇóÓи½¼ÓµÄÓйذ²È«ÐÔ¹ÜÀíµÄ¹¤¾ß¡£ÏµÍ³±ØÐëÓкÜÇ¿µÄ·´ÎÞȨ¸Ä¶¯ºÍÇÖÈë¡£
A1£ººËʵµÄÉè¼Æ£º¹¦ÄܺÍB3Ïàͬ£¬µ«A1Òª¾­¹ý¸üÑϸñ¡¢¸üÕý¹æµÄ²âÊÔ¡£
=================================================================
¹ØÓÚC2¼¶µÄ¹Ù·½½âÊÍ
Òý×Ô£ºhttp://ftp.ntu.edu.tw/ftp/linux/libs/security/Orange-Linux/refs/Orange/OrangeI-II-2.html
2.2 CLASS (C2): CONTROLLED ACCESS PROTECTION
Systems in this class enforce a more finely grained discretionary access control than (C1) systems, making users individually
accountable for their actions through login procedures, auditing of security-relevant events, and resource isolation. The 
following are minimal requirements for systems assigned a class (C2) rating:
Security Policy
Discretionary Access Control
The TCB shall define and control access between named users and named objects (e.g., files and programs) in the ADP system. 
The enforcement mechanism (e.g., self/group/public controls, access control lists) shall allow users to specify and control 
sharing of those objects by named individuals, or defined groups of individuals, or by both, and shall provide controls to 
limi