Spotlight on Oracle security

This special report compiles news, analysis and expert advice on Oracle security topics, including breaking articles and content from our archives, to help you conquer your daily security challenges.

 

Learning guide
Check out our newly updated learning guide on Oracle security.

Keeping your company's data and systems secure is a must for any Oracle DBA. Beyond patching known security flaws, there is a great deal you can do to protect your Oracle DBMS and applications from security breaches, both from inside and outside your organization. All this month, SearchOracle.com examined security issues and how they impact Oracle products and users. This special report compiles news, analysis, white papers and expert advice on this topic, including breaking articles and content from our archives, to help you conquer your daily security challenges. We've also updated our popular learning guide on Oracle security -- browse through it for even more tips and advice on passwords, encryption and more.

 

  Patches and security updates  

 

 

  Basics for increasing security  

 

  In-depth security advice  
  • Cryptography in the database: The last line of defense: This book excerpt presents a start-to-finish blueprint and execution plan for designing and building -- or selecting and integrating -- a complete database cryptosystem.
  • Defense tactics for SQL injection attacks: The rate of application intrusions continues to rise, and many result from SQL injection attacks. However, while SQL injection holes can be easy to exploit, they can also be simple to defend against.
  • Setting up password values: What are the best practices for setting up the password values and other parameters within the dba_profile table?
  • Proof of installed security patches: We are being audited by our internal security group and I have to prove that I have installed Oracle security patches from Alert #68. How do I prove that these patches were installed on Unix and Windows servers?
  • Method for securing data when using SQL*Plus: Our management is concerned with the fact that developers using SQL*Plus have sensitive data moving in the open between the client and the database. Any advice on methods of dealing with this problem without buying the very expensive Oracle Advance Security option?
  • Disallowing obvious passwords: We are currently using Oracle's password function verify_function as part of security in a 9i database. I would like to go further and disallow several hundred obvious passwords (e.g., password#1) that could still meet verification standards.
  • Accessing applications from the Internet: If you have applications installed on an application server running on an internal network and you want to access them from the Internet, there are a number of methods to do this, but the underlying concern is of course security.
  • Checking table changes: How can I check which table is updated/inserted by which machine/user at what time, using LogMiner or auditing?
  • Security guidelines for different user groups on Unix: I am currently researching how best to secure our database environment. There will be a number of different databases on the database server, each with its own DBA and developers. What are your recommendations with regards to Unix users, groups and security?
  • Relying on the system to grant system objects: Our 9i databases now have the "07_dictionary_compatibility" set to false for security (Sarbanes-Oxley) purposes. However, we need to rely on system to grant us these system objects as we encounter them. Are we missing some role/privilege as a DBA?
  • How to scramble salary data?: Are you aware of a way to scramble salary data? Our production instance has all the appropriate security that we need, as we limit developer and user access. However, with our development and test instance clones we would like to be able to give our support staff wide access.
  • Renaming accounts for security: Can default database accounts still active in the system be renamed to increase security?
  • Using roles/grants vs. public synonym: What is the difference between these two approaches? Is there any question of efficiency or security?
  • "Grant failed" error with password file: I created a password file for my database by using oradim -new -sid db7 -intpwd db7. I have four users. When I grant sysdba to one of them, I'm getting the error "ORA-1994: grant failed: cannot add user to public password file." Why is this error given?

Dig deeper on Oracle DBA jobs, training and certification

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchDataManagement

SearchBusinessAnalytics

SearchSAP

SearchSQLServer

TheServerSide

SearchDataCenter

SearchContentManagement

SearchFinancialApplications

Close