Index

A

access (see authorization)
accounts, user, Connecting to the Database
authentication (see authentication)
default, Oracle from the Inside, Oracle Default Roles and User Accounts, About the Defaults, Default User Accounts, Grants to “public”
identified externally, Connecting to the Database Without a Password, Identified externally accounts
locking, Account Locking, Password Decisions
maintaining, Maintaining User Accounts, A Sample Script
operating system and, Operating System Accounts
OPS$ accounts, Connecting to the Database Without a Password, Two problems with REMOTE_OS_AUTHENT
privileges for creating, Privileges
requests for, handling, Possible Account Requests
security user account, Using Password-Protected Roles, Create the PL/SQL program that sets roles
standards for, Standards for Accounts, Ways to Create an Account
types of, Types of Accounts, General User Accounts
administration
accounts for, Administrator Accounts
auditing administrator-level connections, Auditing During Database Connection with Privileges
backup levels, Using backup levels
communicating with other managers, Communicating with Other Sites
DBA toolkit (OEM), The DBA Toolkit, The DBA Toolkit, The DBA Toolkit and Security, The Oracle Software Manager
detecting table name guesses, The DBA as a Clairvoyant
disabling SQL privileges, Disabling SQL privileges
Job Scheduler (OEM), OEM and the Job Scheduler, Deinstall, Delete, Distribute, and Install Products
managing the security plan, Management Considerations
monitoring database events, OEM and the Event Management System, Performance Management events
purging audit data, Purging Audit Information, Removing Selected Data from SYS.AUD$
remote, Remote Database Administration
user account maintenance, Maintaining User Accounts, A Sample Script
Advanced Networking Option (ANO), What Isn’t Free?, Passwords and Data Encryption, Advanced Networking Option
after-delete trigger (example), The Third Trigger Creation Script (After-Delete), Generating an After-Delete Trigger Script, Generating an After-Delete Trigger Script
after-update trigger (example), The Second Trigger Creation Script (After-Update), The Second Trigger Creation Script (After-Update), Generating an After-Update Trigger Script, Generating an After-Update Trigger Script
aging passwords, Password Aging and Expiration, Password Decisions
alert log, Default Auditing Privileges
algorithms, cryptographic, Algorithms, Plaintext, and Ciphertext
aliases (see synonyms)
ALL privilege, The object grants
ALL_DEF-AUDIT_OPTS view, The Auditing Views
ALTER privilege, Object privileges
ALTER SESSION command, Setting Up Initialization Parameters for Security
ALTER SYSTEM command, Setting Up Initialization Parameters for Security
ALTER TABLESPACE commands, Tablespace security
ANO (Advanced Networking Option), What Isn’t Free?, Passwords and Data Encryption, Advanced Networking Option
ANY qualifier, System Privileges for the DBA Role
application manager account, Application Manager
Application Server (see OAS)
applications
account maintenance (example), Application Design Requirements, Create user button code
audit trail (example), A Problem with Auditing—and a Solution, Developing a Sample Audit Application, Generating an After-Delete Trigger Script
reporting audit data, Using the Audit Data in Reports, The AUDIT_ROW Table Report
tables for, The Three Table Creation Scripts, The AUDIT_DELETE table
tracking inserts, Tracking Inserts, The First Trigger Creation Script (Before-Insert)
tracking updates and deletions, Tracking Updates and Deletions
credit card system (example), Developing a Simple Security Application, Execution
dynamic HTML for, Running a dynamic HTML application
segmenting processing, Segmenting Application Processing, Thin Client (Three-Tier) Architecture
archive log files, What’s in the Files?
archivelog mode, About Archivelog Mode, About Archivelog Mode
archiving audit data, Purging Audit Information
associative tables, Enterprise Tables Used by the Credit Card System
attacks (see threats)
AUD$ table, About the SYS.AUD$ Table, A Problem
purging, Purging Audit Information, Removing Selected Data from SYS.AUD$
views, Views Related to SYS.AUD$, Creating a summary table
AUDIT command, Enabling audit by privileges
AUDIT privilege, Object privileges
auditing, Developing an Audit Plan, Removing Selected Data from SYS.AUD$
audit trail application (example), A Problem with Auditing—and a Solution, Developing a Sample Audit Application, Generating an After-Delete Trigger Script
reporting audit data, Using the Audit Data in Reports, The AUDIT_ROW Table Report
tables for, The Three Table Creation Scripts, The AUDIT_DELETE table
tracking inserts, Tracking Inserts, The First Trigger Creation Script (Before-Insert)
tracking updates and deletions, Tracking Updates and Deletions
data dictionary, Creating and Maintaining the Data Dictionary, Views and Auditing
default, Default Auditing, Auditing During Database Structure Modification
DICTIONARY view information, From the DICTIONARY View
initialization file, Evolution of an initialization file
list of actions/options, Available Audit Actions, Auditing Options
performance audits, Auditing to Analyze Performance
performance drain from, Auditing and Performance, Auditing and Performance, About Performance and Storage, Performance Suggestions
plan and procedure, Auditing Plan and Procedures, A Problem with Auditing—and a Solution
privileges, default, Default Auditing Privileges
purging audit data, Purging Audit Information, Removing Selected Data from SYS.AUD$
reasons for, Why Audit?
storing audit information, Where to Audit, Default Auditing Privileges
tracking users, User Tracking
triggers for, About Creating a Trigger
types of, Types of Auditing, Auditing Shortcuts
views, The Auditing Views, The Auditing Views, Purging Audit Information
SYS.AUD$ table, Views Related to SYS.AUD$, Creating a summary table
AUDIT_COLUMN table (example), The AUDIT_COLUMN table
AUDIT_DELETE table (example), The AUDIT_DELETE table
AUDIT_FILE_DEST parameter, Where to Audit
AUDIT_ROW table (example), The AUDIT_ROW table, The AUDIT_ROW Table Report
AUDIT_TRAIL parameter, Views and Auditing, Where to Audit
authentication, More Complex Approaches, Oracle and Operating System Authentication, OSDBA, Ways to Authenticate Users , Distinguished names
OPS$ accounts, Connecting to the Database Without a Password, Two problems with REMOTE_OS_AUTHENT
ORAPWD/ORAPWD80 utility, The ORAPWD Utility, Steps to setting up the password file
OSDBA, OSOPER privileges, The SYSDBA and SYSOPER Roles
OSS Authentication Adapter, The OSS Authentication Adapter
authorization, More Complex Approaches
(see also authentication)
configuration file access, Contents of the configuration file
control files access, How Oracle uses control files
controlling from operating system, Controlling Access from the Operating System, Access by group
credit card system example, Application Control of Access, Execution
data access, Oracle from the Inside, Granting Access to the Database
database connections, Connecting to the Database, More Complex Approaches
auditing, Connect and disconnect auditing
direct server connection, Direct Connection to a Database Server
without a password, Connecting to the Database Without a Password, Steps to setting up the password file
DBA role, handling, Who Gets the DBA Role?
disabling SQL privileges, Disabling SQL privileges, Disabling SQL privileges
Enterprise Authorization role, Defining an Enterprise Authorization
files (see permissions, file)
initialization file access, Evolution of an initialization file
OAS and, OAS Security
OEM console, A Potential Security Problem
Oracle system access, Oracle from the Outside
OSS repository, Securing the OSS Repository, Securing the OSS Repository
public user account, Privileges, Grants to “public”
redo log files access, How redo log files are created
role-object access matrix (example), Preparing the Role-Object Matrix , Naming Conventions
roles (see roles)
segmenting in database (example), Segmenting Authority in the Database, Segmenting Authority in the Database
Server Authorization role, Defining a Server Authorization
table ownership, Table Ownership
Trusted Oracle databases, Accessing a Trusted Oracle Database
user resource limits, System Resource Profiles, Imposing limits on a user
AUTOEXTEND parameter, Storage Suggestions
automatic job scheduling, OEM and the Job Scheduler, Deinstall, Delete, Distribute, and Install Products

B

backup and recovery, Backup and Recovery, Backing Up and Recovering the Database, Offline Recovery
automatic backups, Back Up Tablespaces, Export, Import, and Load Data
backup files, The Oracle system files
Backup Manager utility (OEM), The DBA Toolkit, The Oracle Backup Manager
backup sets, What Are the Backup Options?, Backups Supported by Recovery Manager
constantly changing information, Where did the time go?
documentating user state, Documenting the User State
EBU (Enterprise Backup Utility), What Are the Backup Options?, Enterprise Backup Utility
Oracle Data Manager for, The Oracle Data Manager
Oracle7 Enterprise Backup Utility, Log switches
Oracle8 features, What’s New for Oracle8?, Using backup levels
Oracle8 Recovery Manager, The Oracle8 Recovery Manager, Using backup levels
plan and procedures, Backup and Recovery Plan and Procedures
recovery options, What Are the Recovery Options?, Offline Recovery
redo logs, What’s in the Files?, Redo Log Files, MAXDATAFILES parameter, About Archivelog Mode, About Archivelog Mode
types/levels of backups, What Are the Backup Options?, Enterprise Backup Utility, Using backup levels
Backup Catalog, Enterprise Backup Utility, Enterprise Backup Utility
BECOME USER privilege, System Privileges for the DBA Role
before-insert trigger (example), The First Trigger Creation Script (Before-Insert), Generating a Before-Insert Trigger Script, Generating a Before-Insert Trigger Script
Berners-Lee, Tim, Internet and intranet terminology
broadcast messages, Broadcast Messages
browsers, web, Internet and intranet terminology

C

cacls command (Windows NT), Oracle from the Outside
captive accounts, Identified externally accounts
CAs (certificate authorities), More Complex Approaches, Certificates of Authority, Distinguished names, Creating the OSS certificate authority, Creating the OSS certificate authority
deleting identities, Removing an identity
CATALOG.SQL file, About Row-Level Security, About CATALOG.SQL
CATAUDIT.SQL script, How Auditing Works
CATNOAUD.SQL script, Eliminating the Audit Views
certificates of authority, More Complex Approaches, Certificates of Authority, Distinguished names, Creating the OSS certificate authority, Creating the OSS certificate authority
deleting CA identities, Removing an identity
certifications, Trusted Oracle, Certifications
chmod, chown utilities (Unix), Oracle from the Outside
ciphertext, Algorithms, Plaintext, and Ciphertext
classes of users, Establishing Classes of Users
client/server architecture, Client/Server (Two-Tier) Architecture
code, encrypting (see encryption)
col$ table, Tables Used to Build the Views
cold database backups, What Are the Backup Options?, Cold Database Backups, Cold Database Backups
COMMENT privilege, Object privileges
complexity, password, Password Composition and Complexity, Writing your own function
COMPOSITE_LIMIT parameter, System Resource Profiles
composition, password, Password Composition and Complexity, Writing your own function
configuration file (CONFIG.ORA), The Oracle system files, What’s in the Files?, Configuration File, Contents of the configuration file
initialization file and, Configuration File
configuring INIT.ORA parameters, Setting Up Initialization Parameters for Security, Viewing the Parameters
configuring OSS, Configuring and Using the OSS, Removing an identity
configuring SQL*Net, Installing and Configuring SQL*Net, The listener and passwords
CONNECT commands
CONNECT INTERNAL, About CONNECT INTERNAL, From the operating system , Using CONNECT INTERNAL and CONNECT /
CONNECT /, Using CONNECT INTERNAL and CONNECT /
CONNECT privilege (before Oracle6), The CONNECT Role
CONNECT role, Oracle-Supplied Roles, About the Defaults, Name of the role
auditing, Auditing Shortcuts
connecting to databases, Connecting to the Database
auditing connects/disconnects, Connect and disconnect auditing
constant-state vs. stateless, Constant-State Versus Stateless Connections, Running a dynamic HTML application
direct server connection, Direct Connection to a Database Server
remotely, Installing and Configuring SQL*Net, The listener and passwords
single sign-on, More Complex Approaches, How ANO Works
without a password, Connecting to the Database Without a Password, Steps to setting up the password file
CONNECT_TIME parameter, System Resource Profiles
constant-state connections, Constant-State Versus Stateless Connections, Running a dynamic HTML application
control files, What’s in the Files?, Control File, How Oracle uses control files
CONTROL_FILES parameter, How Oracle uses control files
CONTROL_FILE_RECORD_KEEP_TIME parameter, The Recovery Catalog
cookies, Internet and intranet terminology, Cookies, A dual approach
copying control files, How Oracle uses control files
CORBA, How the OAS Works
corporate identity, What’s the Harm?
corruption, database (see backup and recovery)
CPU_PER_CALL parameter, System Resource Profiles
CPU_PER_SESSION parameter, System Resource Profiles
CREATE commands
CREATE DATABASE, From the operating system
MAXDATAFILES parameter, MAXDATAFILES parameter
redo log files and, How redo log files are created
CREATE SCHEMA, The Schema Concept
CREATE SYNONYM, Why Synonyms Are Used
CREATE TABLE, Creating a table within a tablespace
CREATE TABLESPACE, Creating a tablespace, Tablespace security
STORAGE clause, Tablespace and Tablespace Datafiles, Table Parameters
CREATE privileges, Object privileges
CREATE ANY TABLE, Table Ownership
CREATE ANY VIEW, System privileges
CREATE PUBLIC SYNONYM, About Public and Private Synonyms
CREATE SESSION, Privileges, System privileges
CREATE TRIGGER, About the CREATE TRIGGER privilege
create utility script (OSS), Creating and Deleting the OSS Repository
credit card system (example), Developing a Simple Security Application, Execution
access control, Application Control of Access, Execution
grants, Grants, Limitation of Grants and Roles
roles, Roles, Roles
views, Views, The CARD_HOLDER_V view
CRLs (certificate revocation lists), Period of validity and revocation
CRUSRGRT.SQL script, A Sample Script, A Sample Script
cryptography, About Cryptography, Algorithms, Plaintext, and Ciphertext
cumulative database exports, Logical Database Backups (Exports)
curious employees, The curious employee

D

damage from failed security, What’s the Harm?
data access (see authorization)
Data Definition Language (DDL), Statement-Level Auditing
data dictionary, The Oracle Data Dictionary, The Oracle Data Dictionary, The ROLE_TAB_PRIVS View
auditing, Views and Auditing
SQL.BSQ file, About SQL.BSQ, Inside SQL.BSQ
views of, The Data Dictionary Views, Applying the Concepts
passwords and, Password Enhancements in the Data Dictionary Views
security-related, Views Used for Security, The ROLE_TAB_PRIVS View
data encryption (see encryption)
Data Manager utility (OEM), The DBA Toolkit, The Oracle Data Manager
Data Manipulation Language (DML), Statement-Level Auditing
data storage (see disk storage)
database administration toolkit (OEM), The DBA Toolkit, The DBA Toolkit, The DBA Toolkit and Security, The Oracle Software Manager
database objects, Oracle Database Objects, Profiles, Advantages of Customized Roles
auditing, Auditing Plan and Procedures, Object-Level Auditing, Capturing “after” data
backing up logical database, What Are the Backup Options?, Logical Database Backups (Exports), Logical Database Backups (Exports)
in data dictionary, Creating and Maintaining the Data Dictionary
defined, Objects
list of, The Logical Entities, The Logical Entities
location transparency, How Synonyms Are Used, Using no synonyms/user grants and private synonyms with no grants
databases
access to data (see authorization)
administration (see administration)
auditing (see auditing)
backing up (see backup and recovery)
connecting to, Connecting to the Database
auditing connects/disconnects, Connect and disconnect auditing
constant-state vs. stateless, Constant-State Versus Stateless Connections, Running a dynamic HTML application
direct server connection, Direct Connection to a Database Server
remotely, Installing and Configuring SQL*Net, The listener and passwords
single sign-on, More Complex Approaches, How ANO Works
without a password, Connecting to the Database Without a Password, Steps to setting up the password file
control files, What’s in the Files?, Control File, How Oracle uses control files
creating
MAXDATAFILES parameter, MAXDATAFILES parameter
redo log files, How redo log files are created
SQL.BSQ file and, SQL.BSQ and Database Creation
failure (see backup and recovery)
files of (see system files)
OEM repository, Specifying the Database Repository
OSS repository, The OSS Repository, Creating and Deleting the OSS Repository, Creating and Deleting the OSS Repository, Securing the OSS Repository, Securing the OSS Repository, Removing the Oracle Security Server Repository
profiles (see profiles)
segmenting authority in (example), Segmenting Authority in the Database, Segmenting Authority in the Database
starting, The Instance and the Database: Starting an Oracle Database, The Instance and the Database: Starting an Oracle Database
startup/shutdown, Auditing During Database Startup, Start Up and Shut Down Your Database
structure modifications, auditing, Auditing During Database Structure Modification
Trusted Oracle, accessing, Accessing a Trusted Oracle Database
datafiles, tablespace, File placement and naming
backing up, Types of datafile backups
DB_NAME parameter (CONFIG.ORA), Contents of the configuration file
DBA role, Oracle-Supplied Roles, About the Defaults, About the Defaults, The DBA Role, Who Gets the DBA Role?
auditing, Auditing Shortcuts
po8 user account, Demo, dbsnmp, and po8
DBA toolkit (OEM), The DBA Toolkit, The DBA Toolkit, The DBA Toolkit and Security, The Oracle Software Manager
DBAs (see administration)
DBA_AUDIT_EXISTS view, The Auditing Views, The DBA as a Clairvoyant
DBA_AUDIT_OBJECT view, The Auditing Views
DBA_AUDIT_SESSION view, The Auditing Views
DBA_AUDIT_STATEMENT view, The Auditing Views
DBA_AUDIT_TRAIL view, The Auditing Views, Views Related to SYS.AUD$
DBA_OBJ_AUDIT_OPTS view, The Auditing Views
DBA_PRIV_AUDIT_OPTS view, The Auditing Views
DBA_PROFILES view, Views Used for Security, The DBA_PROFILES View
DBA_ROLES view, Views Used for Security, The DBA_ROLES View
DBA_ROLE_PRIVS view, Views Used for Security, The DBA_ROLE_PRIVS View, The DBA_ROLE_PRIVS View
DBA_STMT_AUDIT_OPTS view, The Auditing Views
DBA_SYS_PRIVS view, Views Used for Security, The DBA_SYS_PRIVS View
DBA_TAB_PRIVS view, Views Used for Security, The DBA_TAB_PRIVS View, About the output
DBA_USERS view, Views Used for Security, The DBA_USERS View, The DBA_USERS View
dbsnmp user account, Demo, dbsnmp, and po8
DDL (Data Definition Language), Statement-Level Auditing
decryption, Algorithms, Plaintext, and Ciphertext
(see also encryption)
default
auditing, Default Auditing, Auditing During Database Structure Modification
auditing privileges, Default Auditing Privileges
roles, Oracle Default Roles and User Accounts, Advantages of Customized Roles, Oracle-Supplied Roles
list of, The CONNECT Role, Advantages of Customized Roles
user accounts, Oracle Default Roles and User Accounts, About the Defaults, Default User Accounts, Grants to “public”
DEFAULT profile parameter, System Resource Profiles, The DEFAULT profile
defrole$ table, Tables Used to Build the Views
deinstalling Oracle products, Deinstall, Delete, Distribute, and Install Products
DELETE privilege, Object privileges, The object grants
DELETE_CATALOG_ROLE role, About the Defaults, About CONNECT INTERNAL
deleting
accidental/deliberate data loss, It was here just a minute ago...
after-delete trigger (example), The Third Trigger Creation Script (After-Delete), The Third Trigger Creation Script (After-Delete), Generating an After-Delete Trigger Script, Generating an After-Delete Trigger Script
audit information, Purging Audit Information, Removing Selected Data from SYS.AUD$
CA identities, Removing an identity
Oracle software, Deinstall, Delete, Distribute, and Install Products
OSS repository, Creating and Deleting the OSS Repository, Creating and Deleting the OSS Repository, Removing the Oracle Security Server Repository
tracking deletions, Tracking Updates and Deletions
demo user account, Demo, dbsnmp, and po8
demoted employees, Changing positions
DES cryptographic algorithms, Passwords and Data Encryption, How ANO Works
detached processes, The detached processes and the SGA
DICTIONARY view, The DICTIONARY View
auditing information in, From the DICTIONARY View
digital signatures, More Complex Approaches, Digital Signatures
direct database server connections, Direct Connection to a Database Server
disconnecting (see connecting to databases)
disgruntled employees, The disgruntled employee
disk storage
audit information, Where to Audit, Default Auditing Privileges, Auditing and Performance, Purging Audit Information, Storage Suggestions, Storage Suggestions
capturing table data (example), Capturing “before” data, Capturing “after” data
after-delete trigger, The Third Trigger Creation Script (After-Delete), Generating an After-Delete Trigger Script, Generating an After-Delete Trigger Script
after-update trigger, The Second Trigger Creation Script (After-Update), The Second Trigger Creation Script (After-Update), Generating an After-Update Trigger Script, Generating an After-Update Trigger Script
before-insert trigger, The First Trigger Creation Script (Before-Insert), Generating a Before-Insert Trigger Script, Generating a Before-Insert Trigger Script
scripts to create triggers, SQL Scripts to Generate Scripts, Generating an After-Delete Trigger Script
control files, How Oracle uses control files
cookies, Internet and intranet terminology, Cookies, A dual approach
creating tables, What Happens When a Table Is Created, As the Table Grows
fragmentation, As the Table Grows
SYS.AUD$ table, About the SYS.AUD$ Table, Auditing and Performance
IP addresses, Capturing an IP address
loss of data, It was here just a minute ago...
OEM repository, Specifying the Database Repository
Oracle Storage Manager, The DBA Toolkit, The Oracle Storage Manager
password files, Using a password file
quotas, About Quotas
Space Management events, Space Management events
SQL.BSQ and CATALOG.SQL files, SQL.BSQ and CATALOG.SQL Locations
tablespace datafiles, File placement and naming
backing up, Types of datafile backups
dismissed employees, Termination types
distinguished names (DNs), Distinguished names, Distinguished names
distributed processing, Client/Server (Two-Tier) Architecture
distributing Oracle software, Deinstall, Delete, Distribute, and Install Products
distribution files, The Oracle system files
DML (Data Manipulation Language), Statement-Level Auditing
DNs (distinguished names), Distinguished names, Distinguished names
downsizing, security standards and, Termination types
dynamic HTML applications, Running a dynamic HTML application

E

EBU (Enterprise Backup Utility), What Are the Backup Options?, Enterprise Backup Utility
editing control files, Modifying control files
educating users about policies, Educating Users
electronic references, Oracle Electronic References, Security Usenet Groups
employees, standards for, Standards for Employees , User Tracking
EMP_AD0 trigger (example), The Third Trigger Creation Script (After-Delete), Generating an After-Delete Trigger Script, Generating an After-Delete Trigger Script
EMP_AU0 trigger (example), The Second Trigger Creation Script (After-Update), The Second Trigger Creation Script (After-Update), Generating an After-Update Trigger Script, Generating an After-Update Trigger Script
EMP_BI0 trigger (example), The First Trigger Creation Script (Before-Insert), Generating a Before-Insert Trigger Script, Generating a Before-Insert Trigger Script
encryption, More Complex Approaches
ANO algorithms for, How ANO Works
cryptography, in general, About Cryptography, Algorithms, Plaintext, and Ciphertext
DES algorithms, Passwords and Data Encryption, How ANO Works
passwords and, Passwords and Data Encryption, Passwords and Data Encryption
PL/SQL wrapper, Using the PL/SQL Wrapper, Using the PL/SQL Wrapper
RSA cryptographic algorithms, Protocols and Algorithms, How ANO Works
enforcing security policies, Enforcing Policies
Enterprise Authorization role, Defining an Enterprise Authorization
Enterprise Backup Utility (EBU), What Are the Backup Options?, Enterprise Backup Utility
enterprise tables, credit card system (example), About Enterprise Tables, Enterprise Tables Used by the Credit Card System
errors
Fault Management events, Fault Management events
OSS utility problems, A Known Problem
Event Management System (OEM), OEM and the Event Management System, Performance Management events
EXECUTE file permission, Executing a Procedure or Function
EXECUTE privilege, Object privileges, The object grants
EXECUTE_CATALOG_ROLE role, About the Defaults, About CONNECT INTERNAL
expiring passwords, Password Aging and Expiration, Password Decisions
EXPORT utility, What Are the Backup Options?
exports, database, Logical Database Backups (Exports), Logical Database Backups (Exports)
exports, scheduled, Back Up Tablespaces, Export, Import, and Load Data
EXP_FULL_DATABASE role, About the Defaults
externally identified accounts, Connecting to the Database Without a Password, Identified externally accounts

F

failed login attempts, Password Decisions
FAILED_LOGIN_ATTEMPTS parameter, System Resource Profiles
failure, database (see backup and recovery)
Fault Management events, Fault Management events
file-level copies, Cold Database Backups
files
audit information, storing, Where to Audit, Default Auditing Privileges
backup files, The Oracle system files
configuration (CONFIG.ORA), The Oracle system files, What’s in the Files?, Configuration File, Contents of the configuration file
control files, editing, Modifying control files
copying (see copying)
export files, Logical Database Backups (Exports), Logical Database Backups (Exports)
initialization (INIT.ORA), The Oracle system files, What’s in the Files?, Initialization File, Evolution of an initialization file
setting up parameters, Setting Up Initialization Parameters for Security, Viewing the Parameters
log files (see logging)
moving around networks, Moving data around a network
OEM repository, Specifying the Database Repository
OSS repository, The OSS Repository, Creating and Deleting the OSS Repository, Creating and Deleting the OSS Repository, Securing the OSS Repository, Securing the OSS Repository, Removing the Oracle Security Server Repository
password files, The ORAPWD Utility, Steps to setting up the password file, Using a password file
permissions (see permissions, file)
saving (see disk storage)
size of (see disk storage)
Space Management events, Space Management events
SQL*Net required files, Required Files, The listener and passwords
system files, The Oracle system files, Oracle System Files, Contents of the configuration file
list of, and descriptions, The Instance and the Database: Starting an Oracle Database, Contents of the configuration file
fired employees, When an Employee Leaves
firewalls, Internet and intranet terminology, Firewalls, SQL*Net and firewalls
foreign keys, updateable views and, Updating Views
fragmented tablespaces, As the Table Grows
SYS.AUD$ table, About the SYS.AUD$ Table, Auditing and Performance
full datafile backups, Types of datafile backups
fully qualified path names, Synonyms
functions, The Logical Entities, Stored Programs, Privileges, Procedures, and Roles
executing, Executing a Procedure or Function

G

giving notice (employee security), When an employee gives notice
global users/roles, OSS and, Global users and global roles with OSS, Creating a global user and global role
government security levels/clearances, Trusted Oracle, Certifications
GRANT privilege, Object privileges, Object privileges
granting privileges (see privileges)
granting roles (see roles)
groups of redo log files, Using redo log groups
groups of users (see roles)
groups of web users, access by, Access by group
guessing passwords, Connect and disconnect auditing
guessing table names, The DBA as a Clairvoyant

H

header data, packet, Moving data around a network
hiding tables and owner (example), Hiding the tables and owner, Hiding the tables and owner
HOST command, disabling, Disabling SQL privileges
host-based access control, Access by IP address or host
hot database backups, What Are the Backup Options?, Hot Database Backups, Hot Database Backups
HTML (Hypertext Markup Language), Internet and intranet terminology
HTTP (Hypertext Transport Protocol), Internet and intranet terminology
HTTPS listeners, How the OAS Works

I

identified externally accounts, Connecting to the Database Without a Password, Identified externally accounts
IDENTIFIED EXTERNALLY option, Connecting to the Database, Connecting to the Database Without a Password
IDENTIFIED GLOBALLY AS clause, Creating a global user and global role
identity (corporate), What’s the Harm?
(see also authentication; certificates of authority)
IDLE_TIME parameter, System Resource Profiles
image (cold) backups, Cold Database Backups
image copies, What Are the Backup Options?, Backups Supported by Recovery Manager
impersonation, More Complex Approaches, A dual approach, About Sniffers and Snoopers
import command, Logical Database Backups (Exports)
IMPORT utility, passwords and, Password Scripts and Commands
imports, scheduled, Back Up Tablespaces, Export, Import, and Load Data
IMP_FULL_DATABASE role, About the Defaults
incremental database exports, Logical Database Backups (Exports)
incremental datafile backups, Types of datafile backups
index for tables, Creating an index for a table in a tablespace
INDEX privilege, Object privileges, Object privileges, The object grants
INIT.ORA file, The Oracle system files, What’s in the Files?, Initialization File, Evolution of an initialization file
setting parameters, Setting Up Initialization Parameters for Security, Viewing the Parameters
INITIAL parameter (STORAGE), Table Parameters
initialization file, The Oracle system files, What’s in the Files?, Initialization File, Evolution of an initialization file
setting up parameters, Setting Up Initialization Parameters for Security, Viewing the Parameters
INSERT privilege, Object privileges, The object grants
inserts, tracking, Tracking Inserts, The First Trigger Creation Script (Before-Insert)
installing Oracle, Installing Oracle Securely, Using CONNECT INTERNAL and CONNECT /, Deinstall, Delete, Distribute, and Install Products
installing SQL*Net, Installing and Configuring SQL*Net, The listener and passwords
instance, The Instance and the Database: Starting an Oracle Database, The Instance and the Database: Starting an Oracle Database
Instance Manager utility (OEM), The DBA Toolkit, The Oracle Instance Manager
instantiation, Cookies
INSTEAD OF condition, About Creating a Trigger
internal user account, password for, Steps to setting up the password file
Internet (see networking)
intersection tables, Enterprise Tables Used by the Credit Card System
intranets, Internet and intranet terminology, Evaluating Web Assets and Risks , A dual approach
intruders, Potential Threats
auditing databases to detect, Auditing to Confirm Suspicions, The DBA as a Clairvoyant
impersonation, More Complex Approaches
password guessing, Connect and disconnect auditing
protecting Oracle system from, Oracle from the Outside
IP addresses
access controlled by, Access by IP address or host
storing in cookies, Capturing an IP address

J

Java language, The Java language and security
Job Scheduler (OEM), OEM and the Job Scheduler, Deinstall, Delete, Distribute, and Install Products

K

keys (database), updateable views and, Updating Views
keys, cryptographic, Algorithms, Plaintext, and Ciphertext, Advantages of a public key system

L

labels, security clearance, How Trusted Oracle Works
LANs (local area networks), LANs and WANs
lateral career moves, Changing positions
layers, security, Layers of Security
layoffs, security standards and, Termination types
levels, backup, Using backup levels
LISTENER.ORA file, Required Files
local area networks (LANs), LANs and WANs
location transparency, How Synonyms Are Used, Using no synonyms/user grants and private synonyms with no grants
LOCK privilege, Object privileges
locking user accounts, Account Locking, Password Decisions
log file switches, Log switches
logging
archive log files, What’s in the Files?
redo logs, What’s in the Files?, Redo Log Files, MAXDATAFILES parameter, About Archivelog Mode, About Archivelog Mode
logical components of Oracle systems (see database objects)
logical database, defined, Advantages of Customized Roles
(see also database objects)
LOGICAL_READS_PER_CALL parameter, System Resource Profiles
LOGICAL_READS_PER_SESSION parameter, System Resource Profiles
login attempts, failed, Password Decisions
LOG_ARCHIVE_ parameters, About Archivelog Mode
lookup table (credit card system example), Enterprise Tables Used by the Credit Card System
loss of data, It was here just a minute ago...

M

maintaining (see updating)
managing the security plans, Management Considerations
many-to-many tables, Enterprise Tables Used by the Credit Card System
MAXDATAFILES parameter (CREATE DATABASE), MAXDATAFILES parameter
MAXEXTENTS parameter (STORAGE), As the Table Grows
MD5 algorithn, Protocols and Algorithms
memory
Resource Management events, Resource Management events
tablespace, Tablespace and Tablespace Datafiles, Tablespace security
unlimited, About Quotas, Scott and his tiger
message digests, Digital Signatures
MG_USR package, How Does the Code Work?, About the mg_usr package body
mirroring, Using redo log groups
modifying control files, Modifying control files

N

Names Server, About the Names Server, About the Names Server
naming
CONNECT role, Name of the role
credit card system (example), Naming Conventions
fully qualified path names, Synonyms
passwords, Standards for Passwords, Changing Passwords
roles, User and Role Names, About the Defaults, Creating Roles with Meaningful Names
tablespace datafiles, File placement and naming
tablespaces, Tablespace names, Tablespace names
triggers, Naming Triggers
username selection, User and Role Names, Standards for Usernames
need to know, Trusted Oracle
Net8 (see SQL*Net)
Net8 Assistant, About the Names Server
network configuration files, The Oracle system files
network listener passwords, The listener and passwords
network manager account, Network Manager
networking, About Networking, The Java language and security
ANO (Advanced Networking Option), What Isn’t Free?, Passwords and Data Encryption, Advanced Networking Option
assets and risks, Evaluating Web Assets and Risks , Breach of privacy
communicating with other managers, Communicating with Other Sites
constant-state vs. stateless connections, Constant-State Versus Stateless Connections, Running a dynamic HTML application
involving users in security, Getting Users Involved, Communicating with Other Sites
security methods, Protecting a Web Site, Access by group
terminology of, Internet and intranet terminology
web basics, Web Basics, The Java language and security
web browsers and servers, Internet and intranet terminology
web sites, Web Sites
new employees, New hires
newsgroups as resources, Oracle Usenet Groups, Security Usenet Groups
NEXT parameter (STORAGE), Table Parameters
nicknames (see synonyms)
NXDODROP.SQL script, Creating and Deleting the OSS Repository
NZDOCRT.SQL script, The OSS Repository, Creating and Deleting the OSS Repository
NZDOUSER.SQL script, Creating and Deleting the OSS Repository

O

OAS (Oracle Application Server), What Isn’t Free?, Oracle Application Server, OAS Security
obj$ table, Tables Used to Build the Views
objauth$ table, Tables Used to Build the Views
object privileges, About System and Object Privileges, Object privileges
(see also privileges)
granted to roles (ROLE_TAB_PRIVS view), The ROLE_TAB_PRIVS View, The ROLE_TAB_PRIVS View
listing all granted (DBA_TAB_PRIVS), The DBA_TAB_PRIVS View, About the output
Object Request Broker (ORB), How the OAS Works
object-level auditing, Object-Level Auditing, Capturing “after” data
objects (see database objects)
ODS (Oracle Diagnostic System), Using the Oracle Enterprise Manager
OEM (Oracle Enterprise Manager), What’s “Free”?, Using the Oracle Enterprise Manager, Performance Management events
components of, The OEM Components
control files and, How Oracle uses control files
database administration toolkit, The DBA Toolkit, The DBA Toolkit, The DBA Toolkit and Security, The Oracle Software Manager
Event Management System, OEM and the Event Management System, Performance Management events
Job Scheduler, OEM and the Job Scheduler, Deinstall, Delete, Distribute, and Install Products
repository data, Specifying the Database Repository
offline recovery, Offline Recovery
OMX (Oracle Media Exchange), How the OAS Works
one-way hash functions, Digital Signatures , Protocols and Algorithms
online recovery, Online Recovery
online resources, Oracle Electronic References, Security Usenet Groups
OpenVMS systems
captive accounts, Identified externally accounts
file-level interaction protection, Oracle from the Outside
group membership, Operating System Security Mechanisms
OSDBA role, From the operating system
SQL.BSQ, CATALOG.SQL file locations, SQL.BSQ and CATALOG.SQL Locations
swapping passwords, Swapping passwords
operating system
access control from, Controlling Access from the Operating System, Access by group
default auditing, Default Auditing, Auditing During Database Structure Modification
running commands, Run OS Commands and Tcl Commands
security, Operating System Security Mechanisms, Installing Oracle Securely, Using CONNECT INTERNAL and CONNECT /
accounts and, Operating System Accounts
authentication, Oracle and Operating System Authentication, OSDBA
OPS$ accounts, Connecting to the Database Without a Password, Two problems with REMOTE_OS_AUTHENT
Oracle
creating/maintaining data dictionary, Creating and Maintaining the Data Dictionary
distribution files, The Oracle system files
initialization file parameters, Setting Up Initialization Parameters for Security, Viewing the Parameters
installing and starting, Installing and Starting Oracle, Viewing the Parameters
installing/configuring SQL*Net, Installing and Configuring SQL*Net, The listener and passwords
resources for further reading, References, Oracle and the Web , Oracle Electronic References, Oracle Usenet Groups
security model, The Oracle Security Model, Web Sites
versions of, Platforms and Versions of Oracle
Oracle products, Using Extra-Cost Options, OAS Security
ANO (Advanced Networking Option), Advanced Networking Option
distributing, (de)installing, deleting, Deinstall, Delete, Distribute, and Install Products
Oracle Application Server (OAS), What Isn’t Free?, Oracle Application Server, OAS Security
Oracle Backup Manager, The DBA Toolkit, The Oracle Backup Manager
Oracle Data Manager, The DBA Toolkit, The Oracle Data Manager
Oracle Diagnostic System (ODS), Using the Oracle Enterprise Manager
Oracle Instance Manager, The Oracle Instance Manager
Oracle Media Exchange (OMX), How the OAS Works
Oracle Names Server, About the Names Server, About the Names Server
Oracle Performance Packs, The DBA Toolkit
Oracle Replication Manager, The DBA Toolkit, The Oracle Replication Manager
Oracle Schema Manager, The DBA Toolkit, The Oracle Schema Manager
Oracle Security Manager, The DBA Toolkit, The Oracle Security Manger
Oracle Software Manager, The DBA Toolkit, The Oracle Software Manager
Oracle SQL Worksheet, The DBA Toolkit, The Oracle SQL Worksheet
Oracle Storage Manager, The DBA Toolkit, The Oracle Storage Manager
Oracle7 Enterprise Backup Utility, Log switches
Oracle8 Recovery Manager, The Oracle8 Recovery Manager, Using backup levels
OSS (Oracle Security Server), Standards for the Oracle Security Server
OSS Manager, What’s “Free”?
Trusted Oracle, What Isn’t Free?, Trusted Oracle, Certifications
Oracle systems
components of, The Instance and the Database: Starting an Oracle Database
files of (system files), The Oracle system files, Oracle System Files, Contents of the configuration file
list of, and descriptions, The Instance and the Database: Starting an Oracle Database, Contents of the configuration file
logical components (see database objects)
physical components, The Physical Entities, The detached processes and the SGA
protecting from outsiders, Oracle from the Outside
Oracle-supplied (see default)
oracle_security_service(_admin) accounts, Creating and Deleting the OSS Repository
oracle_security_service, oracle_security_admin accounts, The OSS Repository
ORAPWD/ORAPWD80 utility, The ORAPWD Utility, Steps to setting up the password file
ORB (Object Request Broker), How the OAS Works
OSDBA privilege, The SYSDBA and SYSOPER Roles
OSDBA role, About OSDBA and SYSDBA, The OSDBA and OSOPER roles, OSDBA
OSOPER privilege, The SYSDBA and SYSOPER Roles
OSOPER role, About OSOPER and SYSOPER, The OSDBA and OSOPER roles, OSDBA
OSS (Oracle Security Server), Standards for the Oracle Security Server, The Oracle Security Manger, Using the Oracle Security Server, Removing the Oracle Security Server Repository , Oracle Security Server
components of, What’s in the OSS?, Creating a global user and global role
configuring and using, Configuring and Using the OSS, Removing the Oracle Security Server Repository
global users and roles, Global users and global roles with OSS, Creating a global user and global role
OSS Authentication Adapter, The OSS Authentication Adapter
OSS Manager, What’s “Free”?, The OSS Manager
repository, The OSS Repository, Creating and Deleting the OSS Repository, Creating and Deleting the OSS Repository, Removing the Oracle Security Server Repository
access to, Securing the OSS Repository, Securing the OSS Repository
osslogin utility, Configuring and Using the OSS, More about osslogin
OS_AUTHENT_PREFIX parameter, Connecting to the Database Without a Password, OS_AUTHENT_PREFIX and OPS$
overloading programs, Why Use Packages?
ownership
fully qualified path names, Synonyms
hiding owner (example), Hiding the tables and owner, Hiding the tables and owner
stored procedures, Procedure Ownership and Privileges, Privileges, Procedures, and Roles
synonym resolution and, Procedure Ownership and Privileges
tables, Table Ownership

P

packages, Why Use Packages?
packets, Moving data around a network
parameters, INIT.ORA, Setting Up Initialization Parameters for Security, Viewing the Parameters
parameters, table, Table Parameters
PASSWORD command, The Oracle8 PASSWORD command
passwords, Connecting to the Database, The DBA_USERS View, Profiles, Passwords, and Synonyms, Passwords, The Oracle8 PASSWORD command
aging and expiring, Password Aging and Expiration, Password Decisions
built-in user accounts, Demo, dbsnmp, and po8
dbsnmp user, Demo, dbsnmp, and po8
demo user, Demo, dbsnmp, and po8
scott user, Scott and his tiger
sys user, Default Users and Their Roles, Steps to setting up the password file
system user, Default Users and Their Roles
built-in-user accounts
po8 user, Demo, dbsnmp, and po8
changing, The Oracle8 PASSWORD command, Changing Passwords
composition and complexity features, Password Composition and Complexity, Writing your own function
data encryption and, Passwords and Data Encryption, Passwords and Data Encryption
database connections without, Connecting to the Database Without a Password, Steps to setting up the password file
files for, The ORAPWD Utility, Steps to setting up the password file
guesses as unsuccessful logons, Connect and disconnect auditing
for network listeners, The listener and passwords
OSS accounts, Creating and Deleting the OSS Repository
password files, Using a password file
profile parameters for, System Resource Profiles
for roles, The DBA_ROLES View, Using Password-Protected Roles, Execution
standards for, Standards for Passwords, Changing Passwords
swapping, Swapping passwords, Swapping passwords
PASSWORD_GRACE_TIME parameter, System Resource Profiles
PASSWORD_LIFE_TIME parameter, System Resource Profiles
PASSWORD_LOCK_TIME parameter, System Resource Profiles
PASSWORD_REUSE_MAX parameter, System Resource Profiles
PASSWORD_REUSE_TIME parameter, System Resource Profiles
PASSWORD_VERIFY_FUNCTION parameter, System Resource Profiles
performance, About Creating a Trigger
(see also disk storage; memory)
auditing drain on, Auditing and Performance, Auditing and Performance, About Performance and Storage, Performance Suggestions
auditing to measure, Auditing to Analyze Performance
client/server architecture, Client/Server (Two-Tier) Architecture
Oracle Performance Packs, The DBA Toolkit
Performance Management events, Performance Management events
segmenting application processing, Segmenting Application Processing, Thin Client (Three-Tier) Architecture
trigger speed, About Creating a Trigger
views and, A Caution About Using Views
period of validity, certificate, Period of validity and revocation
permissions, file, Oracle from the Outside
configuration file, Contents of the configuration file
control files, How Oracle uses control files
EXECUTE privilege, Executing a Procedure or Function
initialization file, Evolution of an initialization file
redo log files, How redo log files are created
physical components of Oracle systems, The Physical Entities, The detached processes and the SGA
PL/SQL commands, disabling, Disabling SQL privileges, Disabling SQL privileges
PL/SQL source code wrapper, Using the PL/SQL Wrapper, Using the PL/SQL Wrapper
plaintext, Algorithms, Plaintext, and Ciphertext
plans, security, Developing a Database Security Plan, Sample Security Plan Checklist
auditing, Auditing Plan and Procedures, A Problem with Auditing—and a Solution, Developing an Audit Plan, Removing Selected Data from SYS.AUD$
process of auditing, How Auditing Works, Eliminating the Audit Views
purging audit data, Purging Audit Information, Removing Selected Data from SYS.AUD$
storing audit information, Where to Audit, Default Auditing Privileges
types of auditing, Types of Auditing, Auditing Shortcuts
backup and recovery, Backup and Recovery Plan and Procedures
defined, Procedures, Policies, and Plans
employees, Standards for Employees , User Tracking
index and checklist for, Sample Security Plan Index, Sample Security Plan Checklist
involving users in, Getting Users Involved, Communicating with Other Sites
key components (list), Identifying Key Components, Identifying Key Components
managing, Management Considerations
need for, Security Policies and Security Plan, Security Policies and Security Plan
OSS for (see OSS)
passwords, Standards for Passwords, Changing Passwords
reviewing, Review the Security Plan
roles, Standards for Roles
user accounts, Standards for Accounts, Ways to Create an Account
usernames, Standards for Usernames
views, Standards for Views
platforms, Platforms and Versions of Oracle
po8 user account, Demo, dbsnmp, and po8
policies, security, Developing a Database Security Plan, Identifying Key Components
defined, Procedures, Policies, and Plans
enforcing, Enforcing Policies
involving users in, Getting Users Involved, Communicating with Other Sites
need for, Security Policies and Security Plan, Security Policies and Security Plan
pre-employment tracking, Pre-employment tracking
primary keys, updateable views and, Updating Views
privacy, Breach of privacy, Firewalls to protect privacy
private keys, Private Keys
private synonyms, About Public and Private Synonyms, Using no synonyms/user grants and private synonyms with no grants
PRIVATE_SGA parameter, System Resource Profiles
privileges, The Logical Entities, Privileges, Object privileges
(see also roles)
administrator-level, auditing, Auditing During Database Connection with Privileges
audit tables, The AUDIT_DELETE table
auditing, Auditing Plan and Procedures, Default Auditing Privileges, Privilege Auditing, Enabling audit by privileges, Auditing Shortcuts
credit card system (example), Grants, Limitation of Grants and Roles
determining which are granted, Determining Privileges Granted to a User, Determining Privileges Granted to a Role
for employees, Employee Procedures, The disgruntled employee
granted to roles, Adding System Privileges to Roles
ROLE_SYS_PRIVS view, The ROLE_SYS_PRIVS View, The ROLE_SYS_PRIVS View
ROLE_TAB_PRIVS view, The ROLE_TAB_PRIVS View, The ROLE_TAB_PRIVS View
listing all granted
DBA_SYS_PRIVS view, The DBA_SYS_PRIVS View
DBA_TAB_PRIVS view, The DBA_TAB_PRIVS View, About the output
procedures, Procedure Ownership and Privileges, Privileges, Procedures, and Roles
roles and (see roles)
SQL, disabling, Disabling SQL privileges, Disabling SQL privileges
synonyms, Why Synonyms Are Used
system vs. object privileges, About System and Object Privileges, Object privileges
table ownership, Table Ownership
procedures, The Logical Entities, Stored Programs, Privileges, Procedures, and Roles
executing, Executing a Procedure or Function
ownership and privileges, Procedure Ownership and Privileges, Privileges, Procedures, and Roles
procedures, security
auditing, Auditing Plan and Procedures, A Problem with Auditing—and a Solution
backup and recovery, Backup and Recovery Plan and Procedures
defined, Procedures, Policies, and Plans
involving users in, Getting Users Involved, Communicating with Other Sites
processing, segmenting, Segmenting Application Processing, Thin Client (Three-Tier) Architecture
product profiles, The Logical Entities, Connecting to the Database, Profiles, Profiles, Passwords, and Synonyms, Product Profiles, Using PRODUCT_PROFILE to enforce security
(see also profiles)
PRODUCT_PRIVS view, PRODUCT_PROFILE and USER_PROFILE tables
PRODUCT_PROFILE table, PRODUCT_PROFILE and USER_PROFILE tables, Using PRODUCT_PROFILE to enforce security
profile$ table, Tables Used to Build the Views
profiles, The Logical Entities, Profiles, Profiles, Passwords, and Synonyms, Imposing limits on a user
DBA_PROFILES view, The DBA_PROFILES View
product profiles, The Logical Entities, Profiles, Profiles, Passwords, and Synonyms, Product Profiles, Using PRODUCT_PROFILE to enforce security
system resource profiles, The Logical Entities, Connecting to the Database, Profiles, Profiles, Passwords, and Synonyms, System Resource Profiles, Imposing limits on a user
DEFAULT profile, The DEFAULT profile
profname$ table, Tables Used to Build the Views
programs, The Logical Entities, Stored Programs, Privileges, Procedures, and Roles
(see also triggers)
promoted employees, Changing positions
public keys, Public Keys
public user account (group), Privileges, The plot thickens, Grants to “public”
location transparency, How Synonyms Are Used, Using no synonyms/user grants and private synonyms with no grants
synonyms, About Public and Private Synonyms, Using no synonyms/user grants and private synonyms with no grants
PUPBLD.SQL script, PRODUCT_PROFILE and USER_PROFILE tables
purging audit information, Purging Audit Information, Removing Selected Data from SYS.AUD$

Q

querying users, Example queries
quitting employees, When an Employee Leaves
quotas, About Quotas

R

RC4 encryption algorithms, How ANO Works
RDBMS (see operating system Oracle)
READ privilege, Object privileges
RECOVER commands, Online Recovery
recovering data (see backup and recovery)
recovery catalog, The Recovery Catalog
Recovery Manager (Oracle8), The Oracle8 Recovery Manager, Using backup levels
Recovery Manager utility (OEM), The DBA Toolkit
redo log files, What’s in the Files?, Redo Log Files, MAXDATAFILES parameter, About Archivelog Mode, About Archivelog Mode
groups of, Using redo log groups
REFERENCES privilege, Object privileges, The object grants
remote database access, Installing and Configuring SQL*Net, The listener and passwords
remote database administration, Remote Database Administration
REMOTE_LOGIN_PASSWORD variable, Steps to setting up the password file
REMOTE_OS_AUTHENT parameter, Connecting to the Database Without a Password, Another approach, Two problems with REMOTE_OS_AUTHENT
remove utility script (OSS), Creating and Deleting the OSS Repository
RENAME privilege, Object privileges
Replication Manager utility (OEM), The DBA Toolkit, The Oracle Replication Manager
reporting audit data, Using the Audit Data in Reports, The AUDIT_ROW Table Report
repository, OEM, Specifying the Database Repository
repository, OSS, The OSS Repository, Creating and Deleting the OSS Repository, Creating and Deleting the OSS Repository, Removing the Oracle Security Server Repository
access to, Securing the OSS Repository, Securing the OSS Repository
requests for user accounts, Possible Account Requests
resolving synonyms, ownership and, Procedure Ownership and Privileges
Resource Management events, Resource Management events
resource profiles (see system resource profiles)
RESOURCE role, Oracle-Supplied Roles, About the Defaults, About the Defaults, The RESOURCE Role, About the CREATE TRIGGER privilege
auditing, Auditing Shortcuts
resources
disk space (see disk storage)
memory (see memory)
resources for further reading, References, Security Usenet Groups
RESOURCE_LIMIT parameter, System Resource Profiles
resource_map table, Tables Used to Build the Views
restoring/revoking credentials, Revoking and restoring credentials
resynchronization, The Recovery Catalog
reusing passwords, Password Decisions
revoking certificates of authority, Period of validity and revocation
roles, The Logical Entities, Roles, Oracle-Supplied Roles
(see also privileges)
adding system privileges to, Adding System Privileges to Roles
assigning to users, Assigning Roles
built-in, Oracle-Supplied Roles
credit card system (example), Roles, Roles
default, Oracle from the Inside, Oracle Default Roles and User Accounts, Advantages of Customized Roles, Oracle-Supplied Roles
list of, The CONNECT Role, Advantages of Customized Roles
determining privileges of, Determining Privileges Granted to a Role
global, OSS and, Global users and global roles with OSS, Creating a global user and global role
granted to roles (ROLE_ROLE_PRIVS view), The ROLE_ROLE_PRIVS View
granting and defining, script for, A Sample Script, A Sample Script
listing all (DBA_ROLES view), The DBA_ROLES View
listing all granted (DBA_ROLE_PRIVS view), The DBA_ROLE_PRIVS View, The DBA_ROLE_PRIVS View
naming, User and Role Names, About the Defaults, Creating Roles with Meaningful Names
passwords for, The DBA_ROLES View, Using Password-Protected Roles, Execution
role-object access matrix (example), Preparing the Role-Object Matrix , Naming Conventions
segmenting database authority (example), Segmenting Authority in the Database, Segmenting Authority in the Database
standards for, Standards for Roles
stored program privileges and, Privileges, Procedures, and Roles
system privileges of (ROLE_SYS_PRIVS), The ROLE_SYS_PRIVS View, The ROLE_SYS_PRIVS View
table privileges of (ROLE_TAB_PRIVS view), The ROLE_TAB_PRIVS View, The ROLE_TAB_PRIVS View
ROLE_ROLE_PRIVS view, Views Used for Security, The ROLE_ROLE_PRIVS View
ROLE_SYS_PRIVS view, Views Used for Security, The ROLE_SYS_PRIVS View, The ROLE_SYS_PRIVS View
ROLE_TAB_PRIVS view, Views Used for Security, The ROLE_TAB_PRIVS View, The ROLE_TAB_PRIVS View
rollback segments, What’s in the Files?
row-level security, Using Views, About Row-Level Security, Examining the code for the second and third queries
credit card system (example), Application Row Access Control
RSA cryptographic algorithms, Protocols and Algorithms, How ANO Works

S

saving files (see disk storage)
scheduling jobs, OEM and the Job Scheduler, Deinstall, Delete, Distribute, and Install Products
schema, The Logical Entities, The Schema Concept , Application Schema (User) Accounts
stored program ownership and, Procedure Ownership and Privileges, Privileges, Procedures, and Roles
Schema Manager utility (OEM), The DBA Toolkit, The Oracle Schema Manager
scott user account, Scott and his tiger
security
DBA role, handling, Who Gets the DBA Role?
example of secure application, Developing a Simple Security Application, Execution
failed (see damage from failed security)
government security levels/clearances, Trusted Oracle, Certifications
involving users in, Getting Users Involved, Communicating with Other Sites
OEM for (see OEM)
Oracle security model, The Oracle Security Model, Web Sites
passwords (see passwords)
resources for further reading, Security Books, Security Usenet Groups
row-level, Using Views, About Row-Level Security, Examining the code for the second and third queries
credit card system (example), Application Row Access Control
synonyms (see synonyms)
threats (see threats)
tools (see tools for security)
views for, Using Views for Security
data dictionary views, Views Used for Security, The ROLE_TAB_PRIVS View
web-based, Evaluating Web Assets and Risks , Breach of privacy
Security Manager (Java), The Java language and security
security manager account, Security Manager
Security Manager utility (OEM), The DBA Toolkit, The Oracle Security Manger
security plans, Developing a Database Security Plan, Sample Security Plan Checklist
auditing, Auditing Plan and Procedures, A Problem with Auditing—and a Solution, Developing an Audit Plan, Removing Selected Data from SYS.AUD$
process of auditing, How Auditing Works, Eliminating the Audit Views
purging audit data, Purging Audit Information, Removing Selected Data from SYS.AUD$
storing audit information, Where to Audit, Default Auditing Privileges
types of auditing, Types of Auditing, Auditing Shortcuts
backups (see backup and recovery)
defined, Procedures, Policies, and Plans
employees, Standards for Employees , User Tracking
index and checklist for, Sample Security Plan Index, Sample Security Plan Checklist
key components (list), Identifying Key Components, Identifying Key Components
managing, Management Considerations
need for, Security Policies and Security Plan, Security Policies and Security Plan
OSS for (see OSS)
passwords, Standards for Passwords, Changing Passwords
reviewing, Review the Security Plan
roles, Standards for Roles
user accounts, Standards for Accounts, Ways to Create an Account
usernames, Standards for Usernames
views, Standards for Views
security policies, Developing a Database Security Plan, Identifying Key Components
defined, Procedures, Policies, and Plans
enforcing, Enforcing Policies
need for, Security Policies and Security Plan, Security Policies and Security Plan
security procedures
auditing, Auditing Plan and Procedures, A Problem with Auditing—and a Solution
backup (see backup and recovery)
defined, Procedures, Policies, and Plans
Security Server (see OSS)
security user account, Using Password-Protected Roles, Create the PL/SQL program that sets roles
segmenting application processing, Segmenting Application Processing, Thin Client (Three-Tier) Architecture
segmenting database authority (example), Segmenting Authority in the Database, Segmenting Authority in the Database
SELECT commands, triggers and, What Cannot Be Trapped by a Trigger
SELECT privilege, Object privileges, The object grants
SELECT_CATALOG_ROLE role, About the Defaults, About CONNECT INTERNAL
SEQ_AUDIT script (example), The Second Sequence Creation Script (SEQ_AUDIT)
SEQ_RID script (example), The First Sequence Creation Script (SEQ-RID)
Server Authorization role, Defining a Server Authorization
Server Manger Utility (svrmgr), From the operating system
servers, web, Internet and intranet terminology
SESSIONS_PER_USER parameter, System Resource Profiles
set protection command (OpenVMS), Oracle from the Outside
SET ROLE command, disabling, Using PRODUCT_PROFILE to enforce security
SGA (System Global Area), The detached processes and the SGA, What’s in the Files?
shortcuts, auditing, Auditing Shortcuts
SHOW PARAMETERS command, Viewing the Parameters
shutdown, database
auditing, Auditing During Database Shutdown
automatic, Start Up and Shut Down Your Database
single sign-on, More Complex Approaches, How ANO Works
size, file (see disk storage)
sizing tablespaces, About Quotas
SYS.AUD$ table and, About the SYS.AUD$ Table, Storage Suggestions
unlimited quota, About Quotas, Scott and his tiger
SKEME (Security Exchange Mechanism) protocol, Protocols and Algorithms
sniffers, More Complex Approaches, A dual approach, About Sniffers and Snoopers, Running a form using the OAS
snoopers, About Sniffers and Snoopers
Software Manager utility (OEM), The DBA Toolkit, The Oracle Software Manager
source code, encrypting (see encryption)
Space Management events, Space Management events
speed (see performance)
spoofers, More Complex Approaches, A dual approach
Spyglass HTTPS listener, How the OAS Works
SQL privileges, disabling, Disabling SQL privileges, Disabling SQL privileges
SQL Worksheet utility (OEM), The DBA Toolkit, The Oracle SQL Worksheet
SQL*Net, Installing and Starting Oracle
firewalls and, SQL*Net and firewalls
installing and configuring, Installing and Configuring SQL*Net, The listener and passwords
Net8 Assistant, About the Names Server
two-tier architecture and, Client/Server (Two-Tier) Architecture
SQL*Plus, automatically running scripts, Run SQL Scripts and SQL*Plus
SQL.BSQ file, About SQL.BSQ, Inside SQL.BSQ
SQLDBA utility, Using CONNECT INTERNAL and CONNECT /
SQLNET.ORA file, Required Files
standards (see security plan)
starting databases, The Instance and the Database: Starting an Oracle Database, The Instance and the Database: Starting an Oracle Database
starting Oracle, Using CONNECT INTERNAL and CONNECT /
startup control (example), Startup Control
startup, database
auditing, Auditing During Database Startup
automatic, Start Up and Shut Down Your Database
state, user, Documenting the User State
stateless connections, Constant-State Versus Stateless Connections, Running a dynamic HTML application
statement-level auditing, Auditing Plan and Procedures, Statement-Level Auditing , Connect and disconnect auditing
status, database (see control files)
STORAGE clause (CREATE), Tablespace and Tablespace Datafiles, Table Parameters
Storage Manager utility (OEM), The DBA Toolkit, The Oracle Storage Manager
stored programs, The Logical Entities, Stored Programs, Privileges, Procedures, and Roles
(see also triggers)
ownership and privileges, Procedure Ownership and Privileges, Privileges, Procedures, and Roles, Oracle-Supplied Roles
storing files (see disk storage)
structure modifications, auditing, Auditing During Database Structure Modification
substitution cipher, A Simple Code
svrmgr utility, From the operating system
swapping passwords, Swapping passwords, Swapping passwords
synonyms, The Logical Entities, Synonyms, Why Synonyms Are Used, Profiles, Passwords, and Synonyms, Synonyms, Using no synonyms/user grants and private synonyms with no grants
location transparency, How Synonyms Are Used, Using no synonyms/user grants and private synonyms with no grants
public vs. private, About Public and Private Synonyms, Using no synonyms/user grants and private synonyms with no grants
reasons to use, Why Synonyms Are Used
resolving, ownership and, Procedure Ownership and Privileges
tips for creating, About Public and Private Synonyms
sys user account, Default Users and Their Roles
password for, Steps to setting up the password file
SYS.AUD$ table, About the SYS.AUD$ Table, A Problem
purging, Purging Audit Information, Removing Selected Data from SYS.AUD$
views, Views Related to SYS.AUD$, Creating a summary table
sysauth$ table, Tables Used to Build the Views
SYSDBA role, Oracle-Supplied Roles, About the Defaults, The SYSDBA and SYSOPER Roles, About CONNECT INTERNAL
SYSOPER role, Oracle-Supplied Roles, About the Defaults, The SYSDBA and SYSOPER Roles, About CONNECT INTERNAL
system files, The Oracle system files, Oracle System Files, Contents of the configuration file
list of, and descriptions, The Instance and the Database: Starting an Oracle Database, Contents of the configuration file
required for SQL*Net, Required Files, The listener and passwords
System Global Area (see SGA)
system_privilege_map table, Tables Used to Build the Views
system privileges, About System and Object Privileges, Object privileges, System privileges
(see also privileges)
adding to roles, Adding System Privileges to Roles
auditing, Auditing Plan and Procedures, Enabling audit by privileges
built-in roles
CONNECT role, System Privileges for the CONNECT Role
DBA role, System Privileges for the DBA Role, System Privileges for the DBA Role
RESOURCE role, System Privileges for the RESOURCE Role
SYSDBA, SYSOPER roles, System Privileges for the SYSDBA and SYSOPER Roles, About OSDBA and SYSDBA
granted to roles (ROLE_SYS_PRIVS), The ROLE_SYS_PRIVS View, The ROLE_SYS_PRIVS View
listing all granted (DBA_SYS_PRIVS), The DBA_SYS_PRIVS View
system resource profiles, The Logical Entities, Connecting to the Database, Profiles, Profiles, Passwords, and Synonyms, System Resource Profiles, Imposing limits on a user
(see also profiles)
DEFAULT profile, The DEFAULT profile
system tablespace, Scott and his tiger
audit data in, About the SYS.AUD$ Table, Auditing and Performance
system user account, Default Users and Their Roles
OSS repository and, Configuring and Using the OSS

T

tables, The Logical Entities, Tables, Table Ownership, Views
(see also views)
audit trail application (example), The Three Table Creation Scripts, The AUDIT_DELETE table
auditing accesses to, Enabling audit by object
capturing before/after edits, Capturing “before” data, Capturing “after” data
after-delete trigger (example), The Third Trigger Creation Script (After-Delete), Generating an After-Delete Trigger Script, Generating an After-Delete Trigger Script
after-update trigger (example), The Second Trigger Creation Script (After-Update), The Second Trigger Creation Script (After-Update), Generating an After-Update Trigger Script, Generating an After-Update Trigger Script
before-insert trigger (example), The First Trigger Creation Script (Before-Insert), Generating a Before-Insert Trigger Script, Generating a Before-Insert Trigger Script
scripts to create triggers, SQL Scripts to Generate Scripts, Generating an After-Delete Trigger Script
creating within tablespaces, Creating a table within a tablespace
in data dictionary views, Tables Used to Build the Views
guessing names for, The DBA as a Clairvoyant
hiding (example), Hiding the tables and owner, Hiding the tables and owner
indexes for, Creating an index for a table in a tablespace
ownership, Table Ownership
row-level security, Using Views, About Row-Level Security, Examining the code for the second and third queries
triggers (see triggers)
tablespace datafiles, What’s in the Files?, Tablespace and Tablespace Datafiles, Tablespace security
backing up, Types of datafile backups
tablespaces, Tablespace and Tablespace Datafiles, Tablespace security
automatic backups, Back Up Tablespaces, Export, Import, and Load Data
creating, Creating a tablespace
fragmentation, As the Table Grows
SYS.AUD$ table, About the SYS.AUD$ Table, Auditing and Performance
quotas for (sizing), About Quotas, Scott and his tiger
TEMPORARY, views and, A Caution About Using Views
table_privilege_map table, Tables Used to Build the Views
Tcl commands, Run OS Commands and Tcl Commands
temporary segments, What’s in the Files?
TEMPORARY tablespaces, A Caution About Using Views
terminated employees, When an Employee Leaves
thin client architecture, Thin Client (Three-Tier) Architecture
thread (log file) switches, Log switches
threats, Potential Threats, Potential Threats
auditing to detect, Auditing to Confirm Suspicions, The DBA as a Clairvoyant
CONNECT role, Problems with the CONNECT Role, The plot thickens
curious employees, The curious employee
damage from failed security, What’s the Harm?
data loss, It was here just a minute ago...
disgruntled employees, The disgruntled employee
failed login attempts, Password Decisions
impersonation, More Complex Approaches, Connect and disconnect auditing
intruders, Potential Threats
OEM console accessibility, A Potential Security Problem
password guessing, Connect and disconnect auditing
privacy breaches, Breach of privacy, Firewalls to protect privacy
remote database access, Installing and Configuring SQL*Net
REMOTE_OS_AUTHENT parameter, Two problems with REMOTE_OS_AUTHENT, Two problems with REMOTE_OS_AUTHENT
RESOURCE role, Problems with the RESOURCE Role, About the CREATE TRIGGER privilege
users who don’t log off, Installing Oracle Securely, OPS$ Accounts
viruses, Viruses = disaster!
web-based, Evaluating Web Assets and Risks , Breach of privacy
three-tier architecture, Thin Client (Three-Tier) Architecture
TIPEM library function, Protocols and Algorithms
TNSNAMES.ORA file, Required Files
tools for security, list of, If I Had a Hammer..., What Isn’t Free?
tracking (see auditing)
transactions, constant-state vs. stateless, Constant-State Versus Stateless Connections, Running a dynamic HTML application
triggers, The Logical Entities, Table Triggers, What Cannot Be Trapped by a Trigger
capturing table data (example), Capturing “before” data, Capturing “after” data
after-delete trigger, The Third Trigger Creation Script (After-Delete), The Third Trigger Creation Script (After-Delete), Generating an After-Delete Trigger Script, Generating an After-Delete Trigger Script
after-update trigger, The Second Trigger Creation Script (After-Update), The Second Trigger Creation Script (After-Update), Generating an After-Update Trigger Script, Generating an After-Update Trigger Script
before-insert trigger, The First Trigger Creation Script (Before-Insert), Generating a Before-Insert Trigger Script, Generating a Before-Insert Trigger Script
scripts to create triggers, SQL Scripts to Generate Scripts, Generating an After-Delete Trigger Script
CREATE TRIGGER privilege, About the CREATE TRIGGER privilege
Event Management System (OEM), OEM and the Event Management System, Performance Management events
troubleshooting
CONNECT role problems, Problems with the CONNECT Role, The plot thickens
OSS utility, A Known Problem
RESOURCE role problems, Problems with the RESOURCE Role, About the CREATE TRIGGER privilege
shutdowns, Auditing During Database Shutdown
Trusted Oracle, What Isn’t Free?, Trusted Oracle, Certifications
trusted shells, Identified externally accounts
ts$ table, Tables Used to Build the Views
two-tier architecture, Client/Server (Two-Tier) Architecture

U

UFI (User Friendly Interface), The User Interface: User Versus Schema
UNIX systems
CONNECT INTERNAL command, From the operating system
EBU (Enterprise Backup Utility), What Are the Backup Options?, Enterprise Backup Utility
file-level interaction protection, Oracle from the Outside
group membership, Operating System Security Mechanisms
SQL.BSQ, CATALOG.SQL file locations, SQL.BSQ and CATALOG.SQL Locations
swapping passwords, Swapping passwords
trusted shells, Identified externally accounts
UNLIMITED profile parameter, System Resource Profiles
UNLIMITED tablespace quota, About Quotas, Scott and his tiger
unlocking user accounts, Password Decisions
updating
capturing table data (example), Capturing “before” data, Capturing “after” data
after-update trigger, The Second Trigger Creation Script (After-Update), The Second Trigger Creation Script (After-Update), Generating an After-Update Trigger Script, Generating an After-Update Trigger Script
before-insert trigger, The First Trigger Creation Script (Before-Insert), Generating a Before-Insert Trigger Script, Generating a Before-Insert Trigger Script
data dictionary, Creating and Maintaining the Data Dictionary
tracking updates, Tracking Updates and Deletions
UPDATE privilege, Object privileges, The object grants
views, Updating Views
Usenet newsgroups as resources, Oracle Usenet Groups, Security Usenet Groups
user groups, Oracle, Oracle User Groups
user$ table, Tables Used to Build the Views
users, The Logical Entities, The Schema Concept
account creation privileges, Privileges
account standards, Standards for Accounts, Ways to Create an Account
auditing to detect intruders, Auditing to Confirm Suspicions, The DBA as a Clairvoyant
authenticating (see authentication)
broadcasting message to, Broadcast Messages
checking on, Checking on users and access
classes of, Establishing Classes of Users
default accounts, Oracle from the Inside, Oracle Default Roles and User Accounts, About the Defaults, Default User Accounts, Grants to “public”
determining privileges of, Determining Privileges Granted to a User
employees, standards for, Standards for Employees , User Tracking
global, OSS and, Global users and global roles with OSS, Creating a global user and global role
granting/defining roles, script for, A Sample Script, A Sample Script
groups (see roles)
hiding tables and owner from (example), Hiding the tables and owner, Hiding the tables and owner
identified externally accounts, Connecting to the Database Without a Password, Identified externally accounts
impersonation, More Complex Approaches
information on (DBA_USERS), The DBA_USERS View, The DBA_USERS View
involving in network security, Getting Users Involved, Communicating with Other Sites
locking accounts, Account Locking, Password Decisions
maintaining user accounts, Maintaining User Accounts, A Sample Script
operating system accounts, Operating System Accounts
OPS$ accounts, Connecting to the Database Without a Password, Two problems with REMOTE_OS_AUTHENT
oracle_security_service(_admin), Creating and Deleting the OSS Repository
oracle_security_service, oracle_security_admin, The OSS Repository
passwords (see passwords)
private information about, Breach of privacy, Firewalls to protect privacy
privileges (see authorization privileges)
profiles (see system resource profiles)
querying, Example queries
requests for accounts, handling, Possible Account Requests
resource limits for, System Resource Profiles, Imposing limits on a user
roles (see roles)
security user account, Using Password-Protected Roles, Create the PL/SQL program that sets roles
segmenting database authority (example), Segmenting Authority in the Database, Segmenting Authority in the Database
state of, documenting, Documenting the User State
tracking, User Tracking
types of accounts, Types of Accounts, General User Accounts
username selection, User and Role Names, Standards for Usernames
User_astatus_map table, Tables Used to Build the Views
USER_AUDIT_OBJECT view, The Auditing Views
USER_AUDIT_SESSION view, The Auditing Views
USER_AUDIT_STATEMENT view, The Auditing Views
USER_AUDIT_TRAIL view, The Auditing Views
USER_OBJ_AUDIT_OPTS view, The Auditing Views
USER_PRIVS view, PRODUCT_PROFILE and USER_PROFILE tables
USER_PROFILE table, PRODUCT_PROFILE and USER_PROFILE tables
USER_ROLE_PRIVS view, Views Used for Security
USER_TABLES view, The DICTIONARY View
UTLPWDMG.SQL script, Passwords
UTL_FILE functions, A Sample Script

V

validity, certificates of authority, Period of validity and revocation
VALUES keyword, Password Scripts and Commands
versions, Oracle, Platforms and Versions of Oracle
views, The Logical Entities, The Oracle Data Dictionary, Views, Updating Views
(see also data dictionary)
auditing, The Auditing Views, The Auditing Views, Purging Audit Information
SYS.AUD$ table, Views Related to SYS.AUD$, Creating a summary table
credit card system (example), Views, The CARD_HOLDER_V view
data dictionary, The Data Dictionary Views, The ROLE_TAB_PRIVS View
passwords and, Password Enhancements in the Data Dictionary Views
security-related, Views Used for Security, The ROLE_TAB_PRIVS View
for security, Using Views for Security
standards for, Standards for Views
SYS.AUD$ table, A Problem
updating, Updating Views
viruses, Viruses = disaster!

W

wallets (authentication), Certificates of Authority, Creating/downloading a wallet
WANs (wide area networks), LANs and WANs
web (see networking)
Web Application Server (see OAS)
web site references, Oracle Web Sites, Windows NT security
WHEN-BUTTON-PRESSED trigger, Create user button code
WHENEVER [UN]SUCCESSFUL clause, Auditing Options
WHERE clause, Using Views for Security
WITH CHECK OPTION clause, Updating Views
wide area networks (WANs), LANs and WANs
Windows NT systems
file-level interaction protection, Oracle from the Outside
SQL.BSQ, CATALOG.SQL file locations, SQL.BSQ and CATALOG.SQL Locations
startup auditing, Auditing During Database Startup
WITH CHECK OPTION clause, Updating Views
wrapNN.exe utility, Using the PL/SQL Wrapper
WRITE privilege, Object privileges

X

X.509 certificates, Certificate format
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.16.69.143