Security in a relational database management system is complex, and too few DBAs, system administrators, managers, and developers understand how Oracle implements system and database security. This book gives you the guidance you need to protect your databases.
Oracle security has many facets:
Establishing an organization's security policy and plan
Protecting system files and passwords
Controlling access to database objects (tables, views, rows, columns, etc.)
Building appropriate user profiles, roles, and privileges
Monitoring system access via audit trails
Oracle Security describes how these basic database security features are implemented and provides many practical strategies for securing Oracle systems and databases. It explains how to use the Oracle Enterprise Manager and Oracle Security Server to enhance your site's security, and it touches on such advanced security features as encryption, Trusted Oracle, and various Internet and World Wide Web protection strategies.
A table of contents follows:
Preface Part I: Security in an Oracle System
Oracle and Security
Oracle System Files
Oracle Database Objects
The Oracle Data Dictionary
Default Roles and User Accounts
Profiles, Passwords, and Synonyms
Part II: Implementing Security
Developing a Database Security Plan
Installing and Starting Oracle
Developing a Simple Security Application
Developing an Audit Plan
Developing a Sample Audit Application
Backing Up and Recovering a Database
Using the Oracle Enterprise Manager
Maintaining User Accounts
Part III: Enhanced Oracle Security
Using the Oracle Security Server
Using the Internet and the Web
Using Extra-Cost Options
Appendix A. References
Security in an oracle System
Chapter 1 Oracle and Security
What’s It All About?
The Oracle Security Model
Procedures, Policies, and Plans
If I Had a Hammer...
Chapter 2 Oracle System Files
What’s in the Files?
The Instance and the Database: Starting an Oracle Database
Types of Database Files
Chapter 3 Oracle Database Objects
The User Interface: User Versus Schema
Chapter 4 The Oracle Data Dictionary
Creating and Maintaining the Data Dictionary
The Data Dictionary Views
Views Used for Security
The Composition of the Views
Chapter 5 Oracle Default Roles and User Accounts
About the Defaults
The CONNECT Role
The RESOURCE Role
The DBA Role
The SYSDBA and SYSOPER Roles
Using the Default Roles
Default User Accounts
Segmenting Authority in the Database
Chapter 6 Profiles, Passwords, and Synonyms
Chapter 7 Developing a Database Security Plan
About the Security Policy and Security Plan
Types of Accounts
Standards for Accounts
Standards for Usernames
Standards for Passwords
Standards for Roles
Standards for Views
Standards for the Oracle Security Server
Standards for Employees
Sample Security Plan Index
Sample Security Plan Checklist
Chapter 8 Installing and Starting Oracle
Segmenting Application Processing
Installing Oracle Securely
Connecting to the Database Without a Password
Installing and Configuring SQL*Net
Setting Up Initialization Parameters for Security
Chapter 9 Developing a Simple Security Application
William Heney started working with version 2 of the Oracle database in 1980. After doing application development in FORTRAN and what then passed for "Forms," he began to specialize in DBA work. In the ensuing years he has worked for a wide variety of customers, many of whom wanted some form of access control implemented in the database. Some of the techniques acquired during these experiences are reflected in this book.
Marlene Theriault has over 14 years of experience as a database administrator, starting with version 2.0 of the Oracle RDBMS. She has presented papers at numerous conferences throughout the world, including various IOUG-A, DECUS, EOUG, and Oracle OpenWorld conferences. At the 1997 East Coast Oracle conference, Marlene tied for first place with Steven Feuerstein, receiving an "Outstanding Speaker" award. She also received the "Distinguished Speaker" award two years in a row at ECO-'95 and ECO-'96. Marlene's articles have appeared in Pinnacle Press' Oracle Developer magazine, IOUG-A's SELECT magazine, and many user group publications. Marlene reactivated the Mid-Atlantic Association of Oracle Professionals' Database Administration Special Interest Group and is the current chair of the MAOP DBA SIG. She authors an "Ask The DBA" column for the MAOP newsletter, and her articles and columns are available at http://www.maop.org/sig-dba/. For recreation, Marlene is an avid volksmarcher who has, with her significant other, Nelson Cahill, walked at least 6.2 miles in every one of the United States. She loves to travel and has been on numerous cruises. She can be reached via email at Marlene.Theriault@jhuapl.edu.
Our look is the result of reader comments, our own experimentation, and feedback from distribution channels. Distinctive covers complement our distinctive approach to technical topics, breathing personality and life into potentially dry subjects. The animal on the cover of Oracle Security is a tarantula, one of a family (Theraphosidae) of hairy spiders, which includes many species -- over 30 known species (such as the trap-door spider) are found in the United States alone (mostly in the South and Southwest). Tarantulas are more common in tropical or subtropical areas; they generally live in holes in the ground or under stones, but are occasionally found in human dwellings or in trees. Species vary in size and appearance, with the largest having a leg span of about nine inches. Most species eat large insects such as beetles, but some prey on small reptiles. Some tarantulas live up to 20 years; females live much longer than males. The tarantula can also survive for very long periods without food or water.
The tarantula's vicious, deadly reputation is undeserved; the bite of most species, while about as painful as a bee sting, contains venom that is relatively harmless to humans. Tarantulas are actually shy and nocturnal: they rarely bite people. Another defense is to use one of their four sets of legs to fling hairs from the abdomen at perceived threats. Tarantulas often appear sluggish, but can move quickly when necessary.
Tarantulas molt their skins several times a year until they reach maturity at about three years of age; after this time, they molt about twice a year. The molting process frequently restores lost limbs. The legs of the tarantula each end in two claws, used to climb walls and rocks; the legs rely on blood pressure to function.
Various tarantula species are kept by many people as pets. The name is thought to have come from the Italian town Taranto. Popular wisdom held that the only cure for tarantula bites (tarantism) was a folk dance called the tarantella. Ellie Fountain Maden was the production editor for Oracle Security and performed the copyedit. Seth Maislin wrote the index. Ellie Cutler proofread the book, and Sheryl Avruch, John Files, and Claire Cloutier LeBlanc performed quality checks.
Edie Freedman designed the cover of this book, using a 19th-century engraving from the Dover Pictorial Archive. The cover layout was produced with Quark XPress 3.32 using the ITC Garamond font.
The inside layout was designed by Nancy Priest and implemented in FrameMaker 5.5 by Mike Sierra. The text and heading fonts are ITC Garamond Light and Garamond Book. The illustrations that appear in the book were created in Macromedia FreeHand 8 and Adobe Photoshop 5 by Robert Romano. This colophon was written by Nancy Kotary.