Keeping data and systems secure is a must for any Oracle DBA. Beyond patching known security flaws, there is a great deal a DBA can do to protect Oracle DBMSs and applications from security breaches, both from inside and outside your organization. This
Requires Free Membership to View
learning guide covers a wide variety of topics on many aspects of Oracle
security to help you lock down your data.
| The basics: Database security | Return to Table of Contents |
- Basic database security guidelines
- DBAs should beware the hacker they know
- 'Tis the season for hackers
- Locking down your sensitive Oracle data
- Lock down database security in your Web-enabled apps
| General information on Oracle security | Return to Table of Contents |
- Oracle security alerts
- Fundamental precautions for Oracle DBMSs
- Three steps for securing Oracle databases
- Introduction to Oracle database security
- An overview of Oracle database security features
- Hack-proofing Oracle databases
- How Oracle databases are attacked
- Unbreakable: Oracle's commitment to security
- Secure import/export
- Manage your security openly
- Defense tactics for SQL injection attacks
- SQL injection and Oracle, part one
- SQL injection and Oracle, part two
- Renaming accounts for security
- Relying on the system to grant system objects
| Security info for specific Oracle products | Return to Table of Contents |
- Oracle 8i security
- A security checklist for Oracle 9i
- Secure configuration guide for Oracle9iR2
- Oracle Database Security Guide 10g Release 2
- Hackproofing Oracle Application Server
- Best practices on Oracle HTTP security
- Method for securing data when using SQL*Plus
- Accessing applications from the Internet
| User names and passwords | Return to Table of Contents |
- Best practices for setting up password values
- Disallowing obvious passwords
- "Grant failed" error with password file
- Enforcing password complexity
- Best practices for secure user creation
- Securing username and password for a Windows application connected to Oracle server
- Forgot SYS password
- Should passwords in table be encrypted?
- Creating a user who can't change his password
- Revoking ALTER USER X IDENTIFIED BY Y privilege
- Allowing one user to change other users' passwords
- Using ALTER USER for changing passwords
- Changing the initial defaults of SYSTEM, adding privileges through GUI
- Password protecting INTERNAL
- Hiding the Oracle password
- Hiding a user password
- Locking down SQL*Plus security
- Security holes opened by logging on with 'as sysdba'
- Can log in to SYSTEM without password
- Running SQL*Plus scripts without supplying password
| Restricting access | Return to Table of Contents |
- Restricting users at different branches from accessing certain objects
- Restricting a user's access
- Securing access to hosted database
- How to prevent unauthorized access to certain forms
- Preventing connections to the database
- Rights to views, not tables
- Accessing authorized, single Oracle user
- Can a single user be bound by a given TNS?
- Using roles/grants vs. public synonym
- Restricting particular IP addresses from Oracle databases
- Security guidelines for different user groups on Unix
- Closed vs. open security policies and permissions in an RBAC role hierarchy
- Control users' access to Oracle objects from SQL*Plus
- Forbid database access from SQL*Plus
- Stopping users from doing specific commands in SQL*Plus
- HTML from SQL
| Authentication and authorization | Return to Table of Contents |
| Securing the listener | Return to Table of Contents |
| Encryption | Return to Table of Contents |
- Encrypting data
- Securing data at rest: Developing a database encryption strategy
- Cryptography in the database: The last line of defense
- How to scramble salary data?
- Clarifying OpenSSL protocol vulnerabilities
- Working with SSH secure tunneling
- Security issues connecting to remote server
- Database encryption in Oracle 9i
| Row-level security and VPD | Return to Table of Contents |
- How to apply row level security
- Oracle row level security: Part 1
- Oracle row level security: Part 2
- Using virtual private databases with application servers
- Securing a table through PUP
| Securing Oracle Internet Directory (OID) | Return to Table of Contents |
- Integrating the Advanced Security Option with OID
- Steps for making OID Internet accessible
- Controlling access to Oracle with LDAP
| Keeping it clean: Housekeeping and auditing | Return to Table of Contents |
- Oracle housekeeping scripts
- Introduction to simple Oracle auditing
- Checking table changes with auditing
| Third-party security tools | Return to Table of Contents |
| Security certifications | Return to Table of Contents |
This was first published in August 2006
Join the conversationComment
Share
Comments
Results
Contribute to the conversation