Home Page Icon
Home Page
Table of Contents for
Cover
Close
Cover
by Marlene Theriault, William Heney
Oracle Security
Oracle Security
Dedication
Preface
What This Book Is
Part I
Part II
Part III
What This Book Is Not
Audience for This Book
Conventions Used in This Book
Platforms and Versions of Oracle
Comments and Questions
Acknowledgments
From Both of Us
From Marlene Theriault
From William Heney
I. Security in an oracle System
1. Oracle and Security
What’s It All About?
Potential Threats
What’s the Harm?
The Oracle Security Model
Layers of Security
The Physical Entities
The Oracle system files
The detached processes and the SGA
The Logical Entities
The Oracle Data Dictionary
Oracle from the Outside
Oracle from the Inside
Connecting to the Database
Backup and Recovery
More Complex Approaches
Web Sites
Procedures, Policies, and Plans
Security Policies and Security Plan
Auditing Plan and Procedures
A Problem with Auditing—and a Solution
Backup and Recovery Plan and Procedures
If I Had a Hammer...
What’s “Free”?
What Isn’t Free?
2. Oracle System Files
What’s in the Files?
The Instance and the Database: Starting an Oracle Database
Types of Database Files
Tablespace and Tablespace Datafiles
Tablespace names
Creating a tablespace
Creating a table within a tablespace
Creating an index for a table in a tablespace
File placement and naming
Tablespace security
Redo Log Files
Log switches
How redo log files are created
Using redo log groups
MAXDATAFILES parameter
Control File
Modifying control files
A sample control file
How Oracle uses control files
Initialization File
Oracle’s sample initialization file
Evolution of an initialization file
Configuration File
Contents of the configuration file
3. Oracle Database Objects
The User Interface: User Versus Schema
The Schema Concept
About Quotas
Objects
Tables
Table Parameters
What Happens When a Table Is Created
As the Table Grows
Table Ownership
Table Triggers
About Creating a Trigger
How the Trigger Works
Naming Triggers
What Cannot Be Trapped by a Trigger
Views
Using Views
Using Views for Security
A Caution About Using Views
Updating Views
Stored Programs
Executing a Procedure or Function
Why Use Packages?
Using the PL/SQL Wrapper
Procedure Ownership and Privileges
Privileges, Procedures, and Roles
Synonyms
How Synonyms Are Used
Why Synonyms Are Used
Privileges
About System and Object Privileges
System privileges
Object privileges
Roles
Determining Privileges Granted to a User
Determining Privileges Granted to a Role
Establishing Classes of Users
Oracle-Supplied Roles
Profiles
4. The Oracle Data Dictionary
Creating and Maintaining the Data Dictionary
The Data Dictionary Views
The DICTIONARY View
About Row-Level Security
Examining the code for the first query
Examining the code for the second and third queries
About CATALOG.SQL
Applying the Concepts
About SQL.BSQ
SQL.BSQ and CATALOG.SQL Locations
How SQL.BSQ Is Used
User and Role Names
SQL.BSQ and Database Creation
Inside SQL.BSQ
Views Used for Security
Tables Used to Build the Views
Views and Auditing
A Closer Look at the Views for Security
The Composition of the Views
The DBA_PROFILES View
The DBA_ROLE_PRIVS View
The DBA_ROLES View
The DBA_SYS_PRIVS View
The DBA_TAB_PRIVS View
The object grants
About the output
The DBA_USERS View
The ROLE_ROLE_PRIVS View
The ROLE_SYS_PRIVS View
The ROLE_TAB_PRIVS View
5. Oracle Default Roles and User Accounts
About the Defaults
The CONNECT Role
System Privileges for the CONNECT Role
Problems with the CONNECT Role
The situation begins to compound
Getting further into trouble
The plot thickens
Name of the role
The RESOURCE Role
System Privileges for the RESOURCE Role
Problems with the RESOURCE Role
The Oracle-supplied roles can be moving targets
UNLIMITED TABLESPACE access
About the CREATE TRIGGER privilege
The DBA Role
System Privileges for the DBA Role
Who Gets the DBA Role?
The SYSDBA and SYSOPER Roles
Remote Database Administration
System Privileges for the SYSDBA and SYSOPER Roles
About OSOPER and SYSOPER
About OSDBA and SYSDBA
About CONNECT INTERNAL
Using the Default Roles
Creating Roles with Meaningful Names
Advantages of Customized Roles
Default User Accounts
Default Users and Their Roles
Scott and his tiger
Demo, dbsnmp, and po8
Example queries
When to allow default users
Checking on users and access
Grants to “public”
Segmenting Authority in the Database
6. Profiles, Passwords, and Synonyms
Profiles
Product Profiles
PRODUCT_PROFILE and USER_PROFILE tables
Disabling SQL privileges
Using PRODUCT_PROFILE to enforce security
System Resource Profiles
The DEFAULT profile
Imposing limits on a user
Passwords
Password Composition and Complexity
Basic rules
Writing your own function
Password Aging and Expiration
The Password Life Cycle
Account Locking
Password Enhancements in the Data Dictionary Views
Passwords and Data Encryption
Password Scripts and Commands
Swapping passwords
The Oracle8 PASSWORD command
Synonyms
About Public and Private Synonyms
Examples Using Public and Private Synonyms
Hiding the tables and owner
Using private synonyms and path names
Using public synonyms without user grants
Using no synonyms/user grants and private synonyms with no grants
II. Implementing Security
7. Developing a Database Security Plan
About the Security Policy and Security Plan
Management Considerations
Who’s on the team?
Establishing overall requirements
Operating System Security Mechanisms
Identifying Key Components
Types of Accounts
Administrator Accounts
Security Manager
Application Manager
Network Manager
Application Schema (User) Accounts
General User Accounts
Standards for Accounts
Possible Account Requests
Contents of the Form
Ways to Create an Account
Standards for Usernames
Advantages and Disadvantages
Suggested Username Standards
Standards for Passwords
Password Decisions
Changing Passwords
Standards for Roles
Oracle-Supplied Roles
Granting Access to the Database
Standards for Views
Standards for the Oracle Security Server
Standards for Employees
Employee Procedures
Pre-employment tracking
New hires
Changing positions
The disgruntled employee
When an Employee Leaves
Termination types
When an employee gives notice
The curious employee
User Tracking
Sample Security Plan Index
Sample Security Plan Checklist
8. Installing and Starting Oracle
Segmenting Application Processing
Direct Connection to a Database Server
Client/Server (Two-Tier) Architecture
Thin Client (Three-Tier) Architecture
Installing Oracle Securely
Security and the Operating System
Oracle and Operating System Authentication
The OSDBA and OSOPER roles
From the operating system
OSOPER
OSDBA
Operating System Accounts
Using CONNECT INTERNAL and CONNECT /
Connecting to the Database Without a Password
OPS$ Accounts
Identified externally accounts
OS_AUTHENT_PREFIX and OPS$
OPS$ in version 7
Another approach
Two problems with REMOTE_OS_AUTHENT
The ORAPWD Utility
Steps to setting up the password file
Installing and Configuring SQL*Net
Required Files
Installation is easy
About the Names Server
The listener and passwords
Setting Up Initialization Parameters for Security
Viewing the Parameters
9. Developing a Simple Security Application
The Application Overview
About Enterprise Tables
Enterprise Tables Used by the Credit Card System
Preparing the Role-Object Matrix
Review the Security Plan
Role-Object Access Matrix
Naming Conventions
Views
View Syntax
Creating the Views
The APPROVERS_V view
The CARD_HOLDER_V view
Roles
Grants
Grant the Roles to the Users
Limitation of Grants and Roles
Application Control of Access
Startup Control
Application Row Access Control
Using Password-Protected Roles
Create the APP_ROLES table
Create the security user
Create the PL/SQL program that sets roles
Implementation logic
Execution
10. Developing an Audit Plan
Why Audit?
Auditing to Confirm Suspicions
Auditing to Analyze Performance
Where to Audit
About the SYS.AUD$ Table
A Problem
Default Auditing Privileges
How Auditing Works
The Auditing Views
The DBA as a Clairvoyant
Available Audit Actions
Auditing Options
From the DICTIONARY View
Views Related to SYS.AUD$
What’s stored in SYS.AUD$?
Creating a summary table
Eliminating the Audit Views
Auditing and Performance
Default Auditing
Auditing During Database Startup
Auditing During Database Shutdown
Auditing During Database Connection with Privileges
Auditing During Database Structure Modification
Types of Auditing
Statement-Level Auditing
Enabling and viewing statement-level auditing
Connect and disconnect auditing
Privilege Auditing
Enabling audit by privileges
Object-Level Auditing
Enabling audit by object
Capturing “before” data
Capturing “after” data
Auditing Shortcuts
Purging Audit Information
Removing All the Data from SYS.AUD$
Removing Selected Data from SYS.AUD$
11. Developing a Sample Audit Application
About the Audit Trail Application
A Few Limitations
Tracking Inserts
The First Sequence Creation Script (SEQ-RID)
The First Trigger Creation Script (Before-Insert)
Tracking Updates and Deletions
The Three Table Creation Scripts
The AUDIT_ROW table
The AUDIT_COLUMN table
The AUDIT_DELETE table
The Second Sequence Creation Script (SEQ_AUDIT)
The Second Trigger Creation Script (After-Update)
The Third Trigger Creation Script (After-Delete)
The Package and Procedure Creation Scripts
About Performance and Storage
Storage Suggestions
Performance Suggestions
Using the Audit Data in Reports
The Audit Trail Data Display
The AUDIT_ROW Table Report
SQL Scripts to Generate Scripts
Generating a Before-Insert Trigger Script
Generating an After-Update Trigger Script
Generating an After-Delete Trigger Script
12. Backing Up and Recovering the Database
What Are the Backup Options?
About Archivelog Mode
Cold Database Backups
Hot Database Backups
Logical Database Backups (Exports)
Enterprise Backup Utility
What’s New for Oracle8?
The Oracle8 Recovery Manager
The Recovery Catalog
Backups Supported by Recovery Manager
Types of datafile backups
Using backup levels
What Are the Recovery Options?
Online Recovery
Offline Recovery
13. Using the Oracle Enterprise Manager
What Is the OEM?
The OEM Components
The DBA Toolkit
Specifying the Database Repository
A Potential Security Problem
Running the Oracle Enterprise Manager
The DBA Toolkit and Security
The Oracle Backup Manager
The Oracle Data Manager
The Oracle Instance Manager
The Oracle Replication Manager
The Oracle Schema Manager
The Oracle Security Manger
The Oracle SQL Worksheet
The Oracle Storage Manager
The Oracle Software Manager
OEM and the Job Scheduler
Back Up Tablespaces, Export, Import, and Load Data
Run SQL Scripts and SQL*Plus
Start Up and Shut Down Your Database
Broadcast Messages
Run OS Commands and Tcl Commands
Deinstall, Delete, Distribute, and Install Products
OEM and the Event Management System
Fault Management events
Space Management events
Resource Management events
Performance Management events
14. Maintaining User Accounts
Application Design Requirements
Running the Application
Initial Display
Selecting or Creating a User
Assigning Roles
Creating a New Role
Adding System Privileges to Roles
Reserving the Security of the Security Maintenance Form
How Does the Code Work?
About the mg_usr package
About the mg_usr package body
Create user button code
Documenting the User State
A Sample Script
III. Enhanced Oracle Security
15. Using the Oracle Security Server
About Cryptography
A Simple Code
Algorithms, Plaintext, and Ciphertext
Ways to Authenticate Users
Private Keys
The problem with private keys
Public Keys
Private keys, public keys, and authentication
Advantages of a public key system
Digital Signatures
Certificates of Authority
Certificate format
Period of validity and revocation
Distinguished names
What’s in the OSS?
The OSS Architecture
The OSS Repository
The OSS Manager
The OSS Authentication Adapter
Protocols and Algorithms
Global users and global roles with OSS
Creating a global user and global role
Configuring and Using the OSS
Creating and Deleting the OSS Repository
A Known Problem
Securing the OSS Repository
Creating the OSS certificate authority
Creating the repository identity
Creating other identities
Defining a server
Defining a Server Authorization
Defining an Enterprise Authorization
Creating/downloading a wallet
More about osslogin
Revoking and restoring credentials
Removing an identity
Removing the Oracle Security Server Repository
16. Using the Internet and the Web
Web Basics
About Networking
LANs and WANs
Moving data around a network
Internet and intranet terminology
The Java language and security
Evaluating Web Assets and Risks
Viruses = disaster!
It was here just a minute ago...
Loss of competitive edge
Where did the time go?
Breach of privacy
Protecting a Web Site
Cookies
Capturing an IP address
A dual approach
Firewalls
Firewalls to protect privacy
SQL*Net and firewalls
Oracle Security Server
Controlling Access from the Operating System
Using a password file
Access by IP address or host
Access by group
Getting Users Involved
Educating Users
Enforcing Policies
Communicating with Other Sites
17. Using Extra-Cost Options
Trusted Oracle
How Trusted Oracle Works
Accessing a Trusted Oracle Database
Certifications
Advanced Networking Option
About Sniffers and Snoopers
How ANO Works
Oracle Application Server
Constant-State Versus Stateless Connections
Running a form using the OAS
Running a dynamic HTML application
How the OAS Works
OAS Security
A. References
Oracle Books
Of General Oracle Interest
Database Administration
System and Database Tuning
Tools and Languages
Data Warehousing
Oracle and the Web
Security Books
General Computer Security and Risks
Computer Viruses
Network Administration and Security
UNIX Administration and Security
Windows NT Administration and Security
Web and Java Security
Oracle Electronic References
Oracle Web Sites
Oracle Corporation
OraWorld
Oracle User Groups
International Oracle User Group - Americas
European Oracle User Group
Far East Oracle User Groups
Oracle Usenet Groups
Security Electronic References
Security Web Sites
COAST
FIRST
CERT-CC
World Wide Web Consortium
Web security
Windows NT security
Security Usenet Groups
Index
Colophon
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Oracle Security
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset