Skip to content

Effective Oracle Database 10g Security by Design

Spend $50 to get a free movie!

ISBN-10: 0072231300

ISBN-13: 9780072231304

Edition: 2004

Authors: David Knox

List price: $76.00
Blue ribbon 30 day, 100% satisfaction guarantee!
Out of stock
what's this?
Rush Rewards U
Members Receive:
Carrot Coin icon
XP icon
You have reached 400 XP and carrot coins. That is the daily max!

This text provides solutions for the Oracle security puzzle. The technologies are reviewed but the emphasis is on practical use.
Customers also bought

Book details

List price: $76.00
Copyright year: 2004
Publisher: McGraw-Hill Education
Publication date: 7/8/2004
Binding: Paperback
Pages: 544
Size: 7.30" wide x 9.10" long x 1.14" tall
Weight: 1.936
Language: English

Dr. Dan L. Heitger is the Deloitte Professor of Accounting and Co-Director of the Center for Business Excellence at Miami University. He received his Ph.D. from Michigan State University and his undergraduate degree in accounting from Indiana University. He actively works with executives and students of all levels in developing and teaching courses in managerial accounting, business sustainability, risk management, stakeholder management, governance, and business reporting. He co-founded an organization that provides executive education for large international organizations. His interactions with business professionals, through executive education and the Center, allow him to bring a…    

Quick Start
General Security Best Practices
Security Policies
Different Policies for Different Needs
Understanding Security Requirements
Policy Creation
Practical Policies
The Tenets of Security
Security by Design
Defense in Depth
Least Privileges
Risk Analysis
Document Your Risk Analysis
Expect the Unexpected
Contingency Planning and Incident Response
Snapshots and Situational Awareness
Cover All the Areas
Hardening the Infrastructure
The Operating System
The Network
The Application Server
Securing the Database
Securing (Default) User Accounts
Lock Down Example
Throw Out Anything Stale
Oracle Passwords
Application Password Authentication Using Oracle's Native Password Store
Checking for Weak or Default Passwords
Impossible Passwords
Managing and Ensuring Good Passwords
Limiting Database Resources
Resource Limits
Default Roles
Public Privileges
When to Grant Privileges to Public
Oracle Supplied Objects
Securing the Network
Database Listener
Identification and Authentication
Understanding Identification and Authentication
Importance of Identification and Authentication
Identification Methods
User-Supplied Identification
Technological Identification
Identity Crisis
Identity Theft
Best Practices for Secure Authentication
Single Sign-On
Why Single Sign-On Exists
Challenges to Single Sign-On
Database I&A
Associating Users with Database Schemas
Separate Users and Data
Identity Preservation
Determining the Appropriate Level of I&A
Connection Pools and Proxy Authentication
Host-Based Identification and Authentication
Client-Server Identification and Authentication
Web Applications
The Stateless Environment
Web Databases
Connection Pools
Oracle Implicit Connection Cache
Security Risks
Session Pools and the Oracle OCI Connection Pool
OCI Connection Pool Example
Password Management Risk
Proxy Authentication
Proxy Example
Proxy Authentication Database Setup
Proxy Authentication Modes
Forcing Proxy Authentication
Identity Management and Enterprise Users
Identity Management
Directory Services
IM Components
Oracle Internet Directory (OiD)
Enterprise Users
Setting Up EUS
LDAP Setup
Database Setup
Applying EUS
Creating the Enterprise User
The Connection Process
User-Schema Mappings
Creating the Shared Schemas
Directory Mappings
Mapping Permutations Example
Exclusive Schemas
Single Credentials and Performance
Identification and Authentication for Web Applications
Application Processes for Identification and Authentication
Integrated Authentication
Creating the Application User
Connecting the Application User to the Database
Getting the User Identity
Database Account Setup
User Database Account(s)
Authentication Blueprint
Proxy Authentication Alternatives
Application Directed Security
Application User Proxy--Client Identifiers
Leveraging Database Security with Anonymous Connection Pools
Identifying Information
Authorizations and Auditing
Privilegs and Roles
Access Control, Authorizations, and Privileges
Access Control
Enforcing Access Control
System Privileges
Object Privileges
System and Object Privileges Together
Privilege Persistence
Role Hierarchies
Designing for Definer and Invoker Rights
Selective Privilege Enablement
Selective Privilege Use Cases
Password-Protected Roles
Password-Protected Role Example
Password-Protected Roles and Proxy Authentication
Challenges to Securing the Password
Secure Application Roles
Secure Application Role Example
Global Roles and Enterprise Roles
Creating and Assigning Global and Enterprise Roles
Combining Standard and Global/Enterprise Roles
Using Roles Wisely
Too Many Roles
Example--Putting the Pieces Together
Application Authentication
Verifying the User
Setting the Secure Application Role
Securing the Source
Effective Auditing for Accountability
The Security Cycle
Auditing for Accountability
Auditing Provides the Feedback Loop
Auditing Is Not Overhead
Audit Methods
Application Server Logs
Application Auditing
Application Audit Example
Trigger Auditing
Trigger Audit Example
Autonomous Transactions and Auditing
Data Versioning
Flashback Version Query
Flashback Transaction Query
Standard Database Auditing
Mandatory Auditing
Auditing SYS
Enabling Standard Auditing
Auditing By User, Privilege, and Object
Auditing Best Practices
Determining the Audit Status
Extending the Audit Data with Client Identifiers
Performance Test
Fine-Grained Auditing
Audit Conditions
Column Sensitivity
Capturing SQL
Acting on the Audit
Fine-Grained Access Control
Application Contexts for Security and Performance
Application Context
Default Userenv Context
Local Context
Creating an Application Context
Setting Context Attributes and Values
Applying the Application Context to Security
Secure Use
Common Mistakes
Global Context
External and Initialized Globally
Implementing Fine-Grained Access Controls with Views
Introduction to Fine-Grained Access
Object Access
Fine-Grained Access
Secure Views
Views for Column-Level Security
Views for Row-Level Security
Viewing Problems
Row-Level Security with Virtual Private Database
The Need for Virtual Private Databases
Row-Level Security Quick Start
Quick Start Example
RLS In-Depth
The RLS Layer of Security
RLS Exemption
Debugging RLS Policies
Partitioned Fine-Grained Access Control
Column Sensitive VPD
VPD Performance
Bind Variables
Code Location
Policy Caching
Caching Caution
Comparing VPD Performance to View-Based RLS
Oracle Label Security
Classifying Data
OLS Ancestry
Labels and Mandatory Access Control
Trusted Oracle
Oracle Label Security
How OLS Works
Installing OLS
Implementing Label Security
Label Example
Creating the Policy
Label Components
Creating Labels
Applying the Policy
Authorizing Access
Testing the Labels
Special OLS Privileges
Adding Data to OLS Protected Tables
Using the Default Session Label
Comparing the Labels
Hiding the Label
Changing the Hidden Status
Writing to OLS Protected Tables
Understanding Write Authorizations
Groups and Compartments Dependency
Tips and Tricks
Restricted Updates to the Labels
Trusted Procedures
Label Functions
Storing the Labels in OID
Using Labels with Connection Pools and Shared Schemas
OLS Consideration Factors
VPD Versus Label Security
Advantages of OLS
Advantages of VPD
Database Encryption
Encryption 101
The Basics
Encryption Choices
When to Use Database Encryption
Reasons Not to Encrypt
Reasons to Encrypt
Encryption Routines
DBMS_CRYPTO Simple Example
Encryption Examples
Encrypting Character, Numbers, and Dates
Encrypting CLOBs and BLOBs
Encryption In-Depth
Keys, Data, and IVs
Storing Encrypted Data
Encrypted Data Sizes
Message Authentication Codes
Key Management
Key Management Options
The Best Key Management Strategy
Setting Up the Security Manager
DBMS_CRYPTO Performance Test Results