Skip Headers
Oracle® Database Security Guide
11g Release 1 (11.1)
Part Number B28531-01
Home
Book List
Index
Master Index
Contact Us
Next
View PDF
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in Oracle Database Security?
Automatic Secure Configuration
New Password Protections
SYSDBA and SYSOPER Strong Authentication
SYSASM Privilege for Automatic Storage Management
Encryption Enhancements
Fine-Grained Access Control on Network Services on the Database
Oracle XML DB Security Enhancements
Directory Security Enhancements
Oracle Call Interface Security Enhancements
1
Introducing Oracle Database Security
1.1
About Oracle Database Security
1.2
Additional Database Security Resources
2
Managing Security for Oracle Database Users
2.1
About User Security
2.2
Creating User Accounts
2.2.1
Creating a New User Account
2.2.2
Specifying a User Name
2.2.3
Assigning the User a Password
2.2.4
Assigning a Default Tablespace for the User
2.2.5
Assigning a Tablespace Quota for the User
2.2.5.1
Revoking the Ability for Users to Create Objects in a Tablespace
2.2.5.2
Granting Users the UNLIMITED TABLESPACE System Privilege
2.2.6
Assigning a Temporary Tablespace for the User
2.2.7
Specifying a Profile for the User
2.2.8
Setting a Default Role for the User
2.3
Altering User Accounts
2.3.1
Changing the User Password
2.4
Configuring User Resource Limits
2.4.1
About User Resource Limits
2.4.2
Types of System Resources and Limits
2.4.2.1
Limiting the User Session Level
2.4.2.2
Limiting Database Call Levels
2.4.2.3
Limiting CPU Time
2.4.2.4
Limiting Logical Reads
2.4.2.5
Limiting Other Resources
2.4.3
Determining Values for Resource Limits
2.4.4
Managing Resources with Profiles
2.4.4.1
Creating Profiles
2.4.4.2
Dropping Profiles
2.5
Deleting User Accounts
2.6
Finding Information About Database Users and Profiles
2.6.1
Using Data Dictionary Views to Find Information About Users and Profiles
2.6.2
Listing All Users and Associated Information
2.6.3
Listing All Tablespace Quotas
2.6.4
Listing All Profiles and Assigned Limits
2.6.5
Viewing Memory Use for Each User Session
3
Configuring Authentication
3.1
About Authentication
3.2
Configuring Password Protection
3.2.1
What Are the Oracle Database Built-in Password Protections?
3.2.2
Using a Password Management Policy
3.2.2.1
About Managing Passwords
3.2.2.2
Finding User Accounts That Have Default Passwords
3.2.2.3
Account Locking
3.2.2.4
Password Aging and Expiration
3.2.2.5
Controlling User Ability to Reuse Old Passwords
3.2.2.6
Enforcing Password Complexity Verification
3.2.2.7
Enabling or Disabling Password Case Sensitivity
3.2.3
Configuring Password Settings in the Default Profile
3.2.4
Managing the Secure External Password Store for Password Credentials
3.2.4.1
About the Secure External Password Store
3.2.4.2
How Does the External Password Store Work?
3.2.4.3
Configuring Clients to Use the External Password Store
3.2.4.4
Managing External Password Store Credentials
3.3
Authenticating Database Administrators
3.3.1
Strong Authentication and Centralized Management for Database Administrators
3.3.1.1
Configuring Directory Authentication for Administrative Users
3.3.1.2
Configuring Kerberos Authentication for Administrative Users
3.3.1.3
Configuring Secure Sockets Layer Authentication for Administrative Users
3.3.2
Authenticating Database Administrators by Using the Operating System
3.3.3
Authenticating Database Administrators by Using Their Passwords
3.4
Using the Database to Authenticate Users
3.4.1
About Database Authentication
3.4.2
Advantages of Database Authentication
3.4.3
Creating a User Who Is Authenticated by the Database
3.5
Using the Operating System to Authenticate Users
3.6
Using the Network to Authenticate Users
3.6.1
Authentication Using Secure Sockets Layer
3.6.2
Authentication Using Third-Party Services
3.7
Configuring Global User Authentication and Authorization
3.7.1
Creating a User Who Is Authorized by a Directory Service
3.7.1.1
Creating a Global User Who Has a Private Schema
3.7.1.2
Creating Multiple Enterprise Users Who Share Schemas
3.7.2
Advantages of Global Authentication and Global Authorization
3.8
Configuring an External Service to Authenticate Users and Passwords
3.8.1
About External Authentication
3.8.2
Advantages of External Authentication
3.8.3
Creating a User Who Is Authenticated Externally
3.8.4
Authenticating User Logins Using the Operating System
3.8.5
Authentication User Logins Using Network Authentication
3.9
Using Multitier Authentication and Authorization
3.9.1
Administration and Security in Clients, Application Servers, and Database Servers
3.10
Preserving User Identity in Multitiered Environments
3.10.1
Using a Middle Tier Server for Proxy Authentication
3.10.1.1
About Proxy Authentication
3.10.1.2
Advantages of Proxy Authentication
3.10.1.3
Altering a User Account to Connect Through a Proxy
3.10.1.4
Passing Through the Identity of the Real User by Using Proxy Authentication
3.10.1.5
Limiting the Privilege of the Middle Tier
3.10.1.6
Authorizing a Middle Tier to Proxy and Authenticate a User
3.10.1.7
Authorizing a Middle Tier to Proxy a User Authenticated by Other Means
3.10.1.8
Reauthenticating the User Through the Middle Tier to the Database
3.10.1.9
Auditing Actions Taken on Behalf of the Real User
3.10.2
Using Client Identifiers to Identify Application Users Not Known to the Database
3.10.2.1
How Client Identifiers Work in Middle Tier Systems
3.10.2.2
Using the CLIENT_IDENTIFIER Attribute to Preserve User Identity
3.10.2.3
Using CLIENT_IDENTIFIER Independent of Global Application Context
4
Configuring Privilege and Role Authorization
4.1
About Privileges and Roles
4.2
Who Should Be Granted Privileges?
4.3
Managing System Privileges
4.3.1
About System Privileges
4.3.2
Why It Is Important to Restrict System Privileges
4.3.2.1
Restricting System Privileges by Securing the Data Dictionary
4.3.2.2
Securing Scheduler Jobs That Run in the Schema of a Grantee
4.3.2.3
Allowing Access to Objects in the SYS Schema
4.3.3
Granting and Revoking System Privileges
4.3.4
Who Can Grant or Revoke System Privileges?
4.3.5
About ANY and PUBLIC Privileges
4.4
Managing User Roles
4.4.1
About User Roles
4.4.1.1
Properties of Roles and Why They Are Advantageous
4.4.1.2
Common Uses of Roles
4.4.1.3
How Roles Affect the Scope of a User's Privileges
4.4.1.4
How Roles Work in PL/SQL Blocks
4.4.1.5
How Roles Aid or Restrict DDL Usage
4.4.1.6
How Operating Systems Can Aid Roles
4.4.1.7
How Roles Work in a Distributed Environment
4.4.2
Predefined Roles in an Oracle Database Installation
4.4.3
Creating a Role
4.4.4
Specifying the Type of Role Authorization
4.4.4.1
Authorizing a Roles by Using the Database
4.4.4.2
Authorizing a Role by Using an Application
4.4.4.3
Authorizing a Role by Using an External Source
4.4.4.4
Global Role Authorization by an Enterprise Directory Service
4.4.5
Granting and Revoking Roles
4.4.5.1
Who Can Grant or Revoke Roles?
4.4.6
Dropping Roles
4.4.7
Restricting SQL*Plus Users from Using Database Roles
4.4.7.1
Potential Security Problems of Using Ad Hoc Tools
4.4.7.2
Limiting Roles Through the PRODUCT_USER_PROFILE Table
4.4.7.3
Using Stored Procedures to Encapsulate Business Logic
4.4.8
Further Securing Role Privileges by Using Secure Application Roles
4.5
Managing Object Privileges
4.5.1
About Object Privileges
4.5.2
Granting or Revoking Object Privileges
4.5.3
Managing Schema Object Privileges
4.5.3.1
Granting and Revoking Schema Object Privileges
4.5.3.2
Who Can Grant Schema Object Privileges?
4.5.3.3
Using Privileges with Synonyms
4.5.4
Managing Table Privileges
4.5.4.1
How Table Privileges Affect Data Manipulation Language Operations
4.5.4.2
How Table Privileges Affect Data Definition Language Operations
4.5.5
Managing View Privileges
4.5.5.1
About View Privileges
4.5.5.2
Privileges Required to Create Views
4.5.5.3
Increasing Table Security with Views
4.5.6
Managing Procedure Privileges
4.5.6.1
Using the EXECUTE Privilege for Procedure Privileges
4.5.6.2
Procedure Execution and Security Domains
4.5.6.3
System Privileges Needed to Create or Alter a Procedure
4.5.6.4
How Procedure Privileges Affect Packages and Package Objects
4.5.7
Managing Type Privileges
4.5.7.1
System Privileges for Named Types
4.5.7.2
Object Privileges
4.5.7.3
Method Execution Model
4.5.7.4
Privileges Required to Create Types and Tables Using Types
4.5.7.5
Example of Privileges for Creating Types and Tables Using Types
4.5.7.6
Privileges on Type Access and Object Access
4.5.7.7
Type Dependencies
4.6
Granting User Privileges and Roles
4.6.1
Granting System Privileges and Roles
4.6.1.1
Granting the ADMIN OPTION
4.6.1.2
Creating a New User with the GRANT Statement
4.6.2
Granting Object Privileges
4.6.2.1
Specifying the GRANT OPTION
4.6.2.2
Granting Object Privileges on Behalf of the Object Owner
4.6.2.3
Granting Privileges on Columns
4.6.2.4
Row-Level Access Control
4.7
Revoking User Privileges and Roles
4.7.1
Revoking System Privileges and Roles
4.7.2
Revoking Object Privileges
4.7.2.1
Revoking Object Privileges on Behalf of the Object Owner
4.7.2.2
Revoking Column-Selective Object Privileges
4.7.2.3
Revoking the REFERENCES Object Privilege
4.7.3
Cascading Effects of Revoking Privileges
4.7.3.1
Cascading Effects When Revoking System Privileges
4.7.3.2
Cascading Effects When Revoking Object Privileges
4.8
Granting to and Revoking from the PUBLIC User Group
4.9
Granting Roles Using the Operating System or Network
4.9.1
About Granting Roles Using the Operating System or Network
4.9.2
Using Operating System Role Identification
4.9.3
Using Operating System Role Management
4.9.4
Granting and Revoking Roles When OS_ROLES Is Set to TRUE
4.9.5
Enabling and Disabling Roles When OS_ROLES Is Set to TRUE
4.9.6
Using Network Connections with Operating System Role Management
4.10
When Do Grants and Revokes Take Effect?
4.10.1
How the SET ROLE Statement Affects Grants and Revokes
4.10.2
Specifying Default Roles
4.10.3
Restricting the Number of Roles That a User Can Enable
4.11
Managing Fine-Grained Access to External Network Services
4.11.1
About Fine-Grained Access to Database Network Services
4.11.2
Upgrading Applications That Depend on the PL/SQL Network Utility Packages
4.11.3
Creating an Access Control List for Database Network Services
4.11.3.1
Step 1: Create the Access Control List and Its Privilege Definitions
4.11.3.2
Step 2: Assign the Access Control List to One or More Network Hosts
4.11.4
Examples of Creating Access Control Lists
4.11.4.1
Example of Creating a Simple Access Control List
4.11.4.2
Example of an Access Control List with Multiple Roles Assigned to Multiple Hosts
4.11.5
Using Wildcard Characters in Network Host Computers
4.11.6
Precedence Order for a Host Computer in Multiple Access Control List Assignments
4.11.7
Precedence Order for a Host in Access Control List Assignments with Port Ranges
4.11.8
Checking Privilege Assignments That Affect User Access to a Network Host
4.11.8.1
How a DBA Can Check User Network Connection and Domain Privileges
4.11.8.2
How Users Can Check Their Network Connection and Domain Privileges
4.11.9
Setting the Precedence of Multiple Users and Roles in One Access Control List
4.11.10
Using Data Dictionary Views to Find Information About Access Control Lists
4.12
Finding Information About User Privileges and Roles
4.12.1
Listing All System Privilege Grants
4.12.2
Listing All Role Grants
4.12.3
Listing Object Privileges Granted to a User
4.12.4
Listing the Current Privilege Domain of Your Session
4.12.5
Listing Roles of the Database
4.12.6
Listing Information About the Privilege Domains of Roles
5
Managing Security for Application Developers
5.1
About Application Security Policies
5.2
Considerations for Using Application-Based Security
5.2.1
Are Application Users Also Database Users?
5.2.2
Is Security Better Enforced in the Application or in the Database?
5.3
Managing Application Privileges
5.4
Creating a Secure Application Role to Control Access to Applications
5.4.1
Step 1: Create the Secure Application Role
5.4.2
Step 2: Create a PL/SQL Package to Define the Access Policy for the Application
5.5
Associating Privileges with User Database Roles
5.5.1
Why Users Should Only Have the Privileges of the Current Database Role
5.5.2
Using the SET ROLE Statement to Automatically Enable or Disable Roles
5.5.3
Using the DBMS_SESSION.SET_ROLE Procedure to Enable or Disable Roles
5.5.4
Example of Assigning Roles with Static and Dynamic SQL
5.6
Protecting Database Objects by Using Schemas
5.6.1
Protecting Database Objects in a Unique Schema
5.6.2
Protecting Database Objects in a Shared Schema
5.7
Managing Object Privileges in an Application
5.7.1
What Application Developers Need to Know About Object Privileges
5.7.2
SQL Statements Permitted by Object Privileges
5.8
Parameters for Enhanced Security of Database Communication
5.8.1
Reporting Bad Packets Received on the Database from Protocol Errors
5.8.2
Terminating or Resuming Server Execution After Receiving a Bad Packet
5.8.3
Configuring the Maximum Number of Authentication Attempts
5.8.4
Controlling the Display of the Database Version Banner
5.8.5
Configuring Banners for Unauthorized Access and Auditing User Actions
6
Configuring Auditing
6.1
About Auditing
6.1.1
Why Is Auditing Used?
6.1.2
What Is Audited?
6.2
Creating a Record of Audited Activity
6.2.1
Where Are Audited Activities Recorded?
6.2.2
Activities That Are Always Audited
6.2.3
Activities That Are Always Recorded in the Operating System and Syslog Audit Trails
6.3
Managing the Database Audit Trail
6.3.1
Database Audit Trail Contents
6.3.2
Example of Auditing Changes to the SYS.AUD$ Table
6.3.2.1
Step 1: Create a User for This Example
6.3.2.2
Step 2: Enable Auditing and Truncate the SYS.AUD$ Table
6.3.2.3
Step 3: Perform and Audit Actions by the User
6.3.2.4
Step 4: Remove the Components for This Example
6.4
Using Default Auditing for Security-Relevant SQL Statements and Privileges
6.5
Using Standard Auditing to Monitor General Activities
6.5.1
About Standard Auditing
6.5.2
Who Can Perform Standard Auditing?
6.5.3
Managing the Standard Audit Trail
6.5.3.1
When Are Standard Audit Records Created?
6.5.3.2
Activities That Are Always Recorded in the Standard Audit Trail
6.5.3.3
Enabling or Disabling the Standard Audit Trail
6.5.3.4
Enabling Standard Auditing Options
6.5.3.5
Disabling Standard Audit Options
6.5.3.6
Controlling the Growth and Size of the Standard Audit Trail
6.5.3.7
Protecting the Standard Audit Trail
6.5.3.8
Auditing the Standard Audit Trail
6.5.4
Managing the Operating System Audit Trail
6.5.4.1
Contents of the Operating System Trail
6.5.4.2
How the Operating System Audit Trail Works
6.5.4.3
Specifying a Directory for the Operating System Audit Trail
6.5.4.4
Decoding Operating System Audit Trial Records
6.5.5
Deciding Whether to Use the Database or Operating System Audit Trail
6.5.6
Auditing SQL Statements
6.5.6.1
Types of SQL Statements That Are Audited
6.5.6.2
Enabling SQL Statement Auditing
6.5.6.3
Disabling SQL Statement Auditing
6.5.7
Auditing Privileges
6.5.7.1
Types of Privileges That Can Be Audited
6.5.7.2
Enabling Privilege Auditing
6.5.7.3
Disabling Privilege Auditing
6.5.8
Auditing SQL Statements and Privileges in a Multitier Environment
6.5.9
Auditing Schema Objects
6.5.9.1
Types of Schema Objects That Can Be Audited
6.5.9.2
Schema Object Audit Options for Views, Procedures, and Other Elements
6.5.9.3
Enabling Schema Object Auditing
6.5.9.4
Disabling Object Auditing
6.5.10
Focusing Statement, Privilege, and Schema Auditing
6.5.10.1
Auditing Statement Executions: Successful, Unsuccessful, or Both
6.5.10.2
Number of Audit Records from Multiple Executions of a Statement
6.5.10.3
Auditing Actions Performed by Specific Users
6.5.11
Auditing Network Activity
6.5.11.1
Enabling Network Auditing
6.5.11.2
Types of Errors Recorded in Network Auditing
6.5.11.3
Disabling Network Auditing
6.6
Auditing Administrative Users
6.6.1
Auditing Users Who Connect as SYS
6.6.2
Using the Syslog Audit Trail to Audit System Administrators on UNIX Systems
6.6.2.1
About the Syslog Audit Trail
6.6.2.2
Format of the Information Stored in the Syslog Audit Trail
6.6.2.3
Configuring Syslog Auditing
6.7
Using Triggers to Record Customized Standard Auditing Information
6.8
Using Fine-Grained Auditing to Monitor Specific Activities
6.8.1
About Fine-Grained Auditing
6.8.2
Who Can Perform Fine-Grained Auditing?
6.8.3
Activities That Are Always Recorded in Fine-Grained Auditing
6.8.4
Archiving and Purging the Fine-Grained Audit Trail
6.8.5
Using the DBMS_FGA Package to Manage Fine-Grained Audit Policies
6.8.5.1
About the DBMS_FGA PL/SQL Package
6.8.5.2
Creating a Fine-Grained Audit Policy
6.8.5.3
Adding Alerts to a Fine-Grained Audit Policy
6.8.5.4
Disabling and Enabling a Fine-Grained Audit Policy
6.8.5.5
Dropping a Fine-Grained Audit Policy
6.8.6
Creating Operating System XML Fine-Grained Audit Records
6.9
Archiving the Standard and Fine-Grained Audit Trails
6.10
Finding Information About Audited Activities
6.10.1
Using Data Dictionary Views to Find Information About the Audit Trial
6.10.2
Using Audit Trail Views to Investigate Suspicious Activities
6.10.2.1
Listing Active Statement Audit Options
6.10.2.2
Listing Active Privilege Audit Options
6.10.2.3
Listing Active Object Audit Options for Specific Objects
6.10.2.4
Listing Default Object Audit Options
6.10.2.5
Listing Audit Records
6.10.2.6
Listing Audit Records for the AUDIT SESSION Option
6.10.3
Deleting the Audit Trail Views
7
Using Application Contexts to Retrieve User Information
7.1
About Application Contexts
7.2
Types of Application Contexts
7.3
Using Database Session-Based Application Contexts
7.3.1
About Database Session-Based Application Contexts
7.3.2
Creating a Database Session-Based Application Context
7.3.3
Creating a PL/SQL Package to Set the Database Session-Based Application Context
7.3.3.1
About the Package That Manages the Database Session-Based Application Context
7.3.3.2
Using SYS_CONTEXT to Retrieve Session Information
7.3.3.3
Using Dynamic SQL with SYS_CONTEXT
7.3.3.4
Using SYS_CONTEXT in a Parallel Query
7.3.3.5
Using SYS_CONTEXT with Database Links
7.3.3.6
Using DBMS_SESSION.SET_CONTEXT to Set Session Information
7.3.4
Creating a Logon Trigger to Run a Database Session Application Context Package
7.3.5
Example of Creating and Using a Database Session-Based Application Context
7.3.5.1
Step 1: Create User Accounts and Ensure the User SCOTT Is Active
7.3.5.2
Step 2: Create the Database Session-Based Application Context
7.3.5.3
Step 3: Create a Package to Retrieve Session Data and Set the Application Context
7.3.5.4
Step 4: Create a Logon Trigger for the Package
7.3.5.5
Step 5: Test the Application Context
7.3.5.6
Step 6: Remove the Components for This Example
7.3.6
Initializing Database Session-Based Application Contexts Externally
7.3.6.1
Obtaining Default Values from Users
7.3.6.2
Obtaining Values from Other External Resources
7.3.6.3
Initializing Application Context Values from a Middle-Tier Server
7.3.7
Initializing Database Session-Based Application Contexts Globally
7.3.7.1
Using Database Session-Based Application Contexts with LDAP
7.3.7.2
How Globally Initialized Database Session-Based Application Contexts Work
7.3.7.3
Example of Initializing a Database Session-Based Application Context Globally
7.3.8
Using Externalized Database Session-Based Application Contexts
7.4
Using Global Application Contexts
7.4.1
About Global Application Contexts
7.4.2
Creating a Global Application Context
7.4.3
Creating a PL/SQL Package to Manage a Global Application Context
7.4.3.1
About the Package That Manages the Global Application Context
7.4.3.2
Setting the username and client_id DBMS_SESSION.SET_CONTEXT Parameters
7.4.3.3
Sharing Global Application Context Values for All Database Users
7.4.3.4
Setting a Global Context for Database Users Who Move Between Applications
7.4.3.5
Setting a Global Application Context for Nondatabase Users
7.4.3.6
Clearing Session Data When the Session Closes
7.4.4
Embedding Calls in Middle-Tier Applications to Manage the Client Session ID
7.4.4.1
About Managing Client Session IDs Using a Middle-Tier Application
7.4.4.2
Retrieving the Client Session ID Using a Middle-Tier Application
7.4.4.3
Setting the Client Session ID Using a Middle-Tier Application
7.4.4.4
Clearing Session Data Using a Middle-Tier Application
7.4.5
Example of Creating a Global Application Context That Uses a Client Session ID
7.4.5.1
Step 1: Create User Accounts
7.4.5.2
Step 2: Create the Global Application Context
7.4.5.3
Step 3: Create a Package for the Global Application Context
7.4.5.4
Step 4: Test the Global Application Context
7.4.5.5
Step 5: Remove the Components for This Example
7.4.6
Global Application Context Processes
7.4.6.1
Simple Global Application Context Process
7.4.6.2
Global Application Context Process for Lightweight Users
7.5
Using Client Session-Based Application Contexts
7.5.1
About Client Session-Based Application Contexts
7.5.2
Setting a Value in the CLIENTCONTEXT Namespace
7.5.3
Retrieving the Client Session ID
7.5.4
Clearing a Setting in the CLIENTCONTEXT Namespace
7.5.5
Clearing All Settings in the CLIENTCONTEXT Namespace
7.6
Finding Information About Application Contexts
8
Using Oracle Virtual Private Database to Control Data Access
8.1
About Oracle Virtual Private Database
8.1.1
What Is Oracle Virtual Private Database?
8.1.2
Benefits of Using Oracle Virtual Private Database Policies
8.1.2.1
Basing Security Policies on Database Objects Rather Than Applications
8.1.2.2
Controlling How Oracle Database Evaluates Policy Functions
8.1.3
Using Oracle Virtual Private Database with an Application Context
8.2
Components of an Oracle Virtual Private Database Policy
8.2.1
Creating a Function to Generate the Dynamic WHERE Clause
8.2.2
Creating a Policy to Attach the Function to the Objects You Want to Protect
8.3
Configuring an Oracle Virtual Private Database Policy
8.3.1
About Oracle Virtual Private Database Policies
8.3.2
Attaching a Policy a Database Table, View, or Synonym
8.3.3
Enforcing Policies on Specific SQL Statement Types
8.3.4
Controlling the Display of Column Data with Policies
8.3.4.1
Adding Policies for Column-Level Oracle Virtual Private Database
8.3.4.2
Displaying Only the Column Rows Relevant to the Query
8.3.4.3
Using Column Masking to Display Sensitive Columns as NULL Values
8.3.5
Working with Policy Groups
8.3.5.1
About Policy Groups
8.3.5.2
Creating a New Policy Group
8.3.5.3
Example of Implementing a Policy Group
8.3.5.4
Designating a Default Policy Group with the SYS_DEFAULT Policy Group
8.3.5.5
Establishing Multiple Policies for Each Table, View, or Synonym
8.3.5.6
Validating the Application Used to Connect to the Database
8.3.6
Optimizing Performance by Using Oracle Virtual Private Database Policy Types
8.3.6.1
Using the Dynamic Policy Type to Automatically Rerun Policy Functions
8.3.6.2
Using a Static Policy to Prevent Policy Functions from Rerunning for Each Query
8.3.6.3
Using a Shared Static Policy to Share a Policy with Multiple Objects
8.3.6.4
When to Use Static and Shared Static Policies
8.3.6.5
Using a Context-Sensitive Policy for Predicates That Do Not Change After Parsing
8.3.6.6
Using a Shared Context Sensitive Policy to Share a Policy with Multiple Objects
8.3.6.7
When to Use Context-Sensitive and Shared Context-Sensitive Policies
8.3.6.8
Summary of the Five Oracle Virtual Private Database Policy Types
8.4
Examples: Creating Oracle Virtual Private Database Policies
8.4.1
Simple Example of Creating an Oracle Virtual Private Database Policy
8.4.1.1
Step 1: Ensure That the OE User Account Is Active
8.4.1.2
Step 2: Create a Policy Function
8.4.1.3
Step 3: Create the Oracle Virtual Private Database Policy
8.4.1.4
Step 4: Test the Policy
8.4.1.5
Step 5: Remove the Components for This Example
8.4.2
Example of Implementing a Policy with a Database Session-Based Application Context
8.4.2.1
Step 1: Create User Accounts and Sample Tables
8.4.2.2
Step 2: Create a Database Session-Based Application Context
8.4.2.3
Step 3: Create a PL/SQL Package to Set the Application Context
8.4.2.4
Step 4: Create a Logon Trigger for the Application Context PL/SQL Package
8.4.2.5
Step 5: Create a PL/SQL Policy Function to Limit User Access to Their Orders
8.4.2.6
Step 6: Create the New Security Policy
8.4.2.7
Step 7: Test the New Policy
8.4.2.8
Step 8: Remove the Components for This Example
8.5
How Oracle Virtual Private Database Works with Other Oracle Features
8.5.1
How Oracle Virtual Private Database Security Policies Work with Applications
8.5.2
Using Automatic Reparsing for Fine-Grained Access Control Policy Functions
8.5.3
Oracle Virtual Private Database Policies and Flashback Query
8.5.4
Oracle Virtual Private Database and Oracle Label Security Exceptions
8.5.5
User Models and Oracle Virtual Private Database
8.6
Finding Information About Oracle Virtual Private Database Policies
9
Developing Applications Using the Data Encryption API
9.1
Securing Sensitive Information
9.2
Security Problems That Encryption Does Not Solve
9.2.1
Principle 1: Encryption Does Not Solve Access Control Problems
9.2.2
Principle 2: Encryption Does Not Protect Against a Malicious Database Administrator
9.2.3
Principle 3: Encrypting Everything Does Not Make Data Secure
9.3
Data Encryption Challenges
9.3.1
Encrypting Indexed Data
9.3.2
Generating Encryption Keys
9.3.3
Transmitting Encryption Keys
9.3.4
Storing Encryption Keys
9.3.4.1
Storing the Encryption Keys in the Database
9.3.4.2
Storing the Encryption Keys in the Operating System
9.3.4.3
Users Managing Their Own Encryption Keys
9.3.4.4
Using Transparent Database Encryption and Tablespace Encryption
9.3.5
Changing Encryption Keys
9.3.6
Encrypting Binary Large Objects
9.4
Storing Data Encryption by Using the DBMS_CRYPTO Package
9.5
Verifying Data Integrity with the DBMS_SQLHASH Package
9.5.1
About the DBMS_SQLHASH Package
9.5.2
Using the DBMS_SQLHASH.GETHASH Function
9.5.2.1
Syntax
9.5.2.2
Parameters
9.6
Examples of Using the Data Encryption API
9.6.1
Example of a Data Encryption Procedure
9.6.2
Example of AES 256-Bit Data Encryption and Decryption Procedures
9.6.3
Example of Encryption and Decryption Procedures for BLOB Data
9.7
Finding Information About Encrypted Data
10
Keeping Your Oracle Database Secure
10.1
About the Security Guidelines in This Chapter
10.2
Downloading Security Patches and Contacting Oracle Regarding Vulnerabilities
10.2.1
Applying Security Patches and Workaround Solutions
10.2.2
Contacting Oracle Security Regarding Vulnerabilities in Oracle Database
10.3
Guidelines for Securing User Accounts and Privileges
10.4
Guidelines for Securing Roles
10.5
Guidelines for Securing Passwords
10.6
Guidelines for Securing Data
10.7
Guidelines for Securing a Database Installation and Configuration
10.8
Guidelines for Securing the Network
10.8.1
Securing the Client Connection
10.8.2
Securing the Network Connection
10.8.3
Securing a Secure Sockets Layer Connection
10.9
Guidelines for Auditing
10.9.1
Enabling Default Auditing of SQL Statements and Privileges
10.9.2
Keeping Audited Information Manageable
10.9.3
Auditing Typical Database Activity
10.9.4
Auditing Suspicious Database Activity
10.10
Addressing the CONNECT Role Change
10.10.1
Why Was the CONNECT Role Changed?
10.10.2
How the CONNNECT Role Change Affects Applications
10.10.2.1
How the CONNECT Role Change Affects Database Upgrades
10.10.2.2
How the CONNECT Role Change Affects Account Provisioning
10.10.2.3
How the CONNECT Role Change Affects Applications Using New Databases
10.10.3
How the CONNECT Role Change Affects Users
10.10.3.1
How the CONNECT Role Change Affects General Users
10.10.3.2
How the CONNECT Role Change Affects Application Developers
10.10.3.3
How the CONNECT Role Change Affects Client Server Applications
10.10.4
Approaches to Addressing the CONNECT Role Change
10.10.4.1
Approach 1: Create a New Database Role
10.10.4.2
Approach 2: Restore CONNECT Privileges
10.10.4.3
Approach 3: Conduct Least Privilege Analysis
Glossary
Index
