Article

Spotlight on Oracle security

Elisa Gabbert, Assistant Editor

 

Learning guide
Check out our newly updated learning guide on Oracle security.

    Requires Free Membership to View

Keeping your company's data and systems secure is a must for any Oracle DBA. Beyond patching known security flaws, there is a great deal you can do to protect your Oracle DBMS and applications from security breaches, both from inside and outside your organization. All this month, SearchOracle.com examined security issues and how they impact Oracle products and users. This special report compiles news, analysis, white papers and expert advice on this topic, including breaking articles and content from our archives, to help you conquer your daily security challenges. We've also updated our popular learning guide on Oracle security -- browse through it for even more tips and advice on passwords, encryption and more.

 

  Patches and security updates  

 

 

  Basics for increasing security  

 

  In-depth security advice  
  • Cryptography in the database: The last line of defense: This book excerpt presents a start-to-finish blueprint and execution plan for designing and building -- or selecting and integrating -- a complete database cryptosystem.
  • Defense tactics for SQL injection attacks: The rate of application intrusions continues to rise, and many result from SQL injection attacks. However, while SQL injection holes can be easy to exploit, they can also be simple to defend against.
  • Setting up password values: What are the best practices for setting up the password values and other parameters within the dba_profile table?
  • Proof of installed security patches: We are being audited by our internal security group and I have to prove that I have installed Oracle security patches from Alert #68. How do I prove that these patches were installed on Unix and Windows servers?
  • Method for securing data when using SQL*Plus: Our management is concerned with the fact that developers using SQL*Plus have sensitive data moving in the open between the client and the database. Any advice on methods of dealing with this problem without buying the very expensive Oracle Advance Security option?
  • Disallowing obvious passwords: We are currently using Oracle's password function verify_function as part of security in a 9i database. I would like to go further and disallow several hundred obvious passwords (e.g., password#1) that could still meet verification standards.
  • Accessing applications from the Internet: If you have applications installed on an application server running on an internal network and you want to access them from the Internet, there are a number of methods to do this, but the underlying concern is of course security.
  • Checking table changes: How can I check which table is updated/inserted by which machine/user at what time, using LogMiner or auditing?
  • Security guidelines for different user groups on Unix: I am currently researching how best to secure our database environment. There will be a number of different databases on the database server, each with its own DBA and developers. What are your recommendations with regards to Unix users, groups and security?
  • Relying on the system to grant system objects: Our 9i databases now have the "07_dictionary_compatibility" set to false for security (Sarbanes-Oxley) purposes. However, we need to rely on system to grant us these system objects as we encounter them. Are we missing some role/privilege as a DBA?
  • How to scramble salary data?: Are you aware of a way to scramble salary data? Our production instance has all the appropriate security that we need, as we limit developer and user access. However, with our development and test instance clones we would like to be able to give our support staff wide access.
  • Renaming accounts for security: Can default database accounts still active in the system be renamed to increase security?
  • Using roles/grants vs. public synonym: What is the difference between these two approaches? Is there any question of efficiency or security?
  • "Grant failed" error with password file: I created a password file for my database by using oradim -new -sid db7 -intpwd db7. I have four users. When I grant sysdba to one of them, I'm getting the error "ORA-1994: grant failed: cannot add user to public password file." Why is this error given?

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: