Oracle Security

Larger Cover

Oracle Security

By William Heney, Marlene Theriault

Publisher: O'Reilly Media

Released: October 1998

Pages: 456

Security in a relational database management system is complex, and too few DBAs, system administrators, managers, and developers understand how Oracle implements system and database security. This book gives you the guidance you need to protect your databases.

Oracle security has many facets:

Establishing an organization's security policy and plan
Protecting system files and passwords
Controlling access to database objects (tables, views, rows, columns, etc.)
Building appropriate user profiles, roles, and privileges
Monitoring system access via audit trails

Oracle Security describes how these basic database security features are implemented and provides many practical strategies for securing Oracle systems and databases. It explains how to use the Oracle Enterprise Manager and Oracle Security Server to enhance your site's security, and it touches on such advanced security features as encryption, Trusted Oracle, and various Internet and World Wide Web protection strategies.

A table of contents follows:

Preface Part I: Security in an Oracle System

Oracle and Security
Oracle System Files
Oracle Database Objects
The Oracle Data Dictionary
Default Roles and User Accounts
Profiles, Passwords, and Synonyms

Part II: Implementing Security

Developing a Database Security Plan
Installing and Starting Oracle
Developing a Simple Security Application
Developing an Audit Plan
Developing a Sample Audit Application
Backing Up and Recovering a Database
Using the Oracle Enterprise Manager
Maintaining User Accounts

Part III: Enhanced Oracle Security

Using the Oracle Security Server
Using the Internet and the Web
Using Extra-Cost Options

Appendix A. References

Security in an oracle System
1. Chapter 1 Oracle and Security
  1. What’s It All About?
  2. The Oracle Security Model
  3. Procedures, Policies, and Plans
  4. If I Had a Hammer...
2. Chapter 2 Oracle System Files
  1. What’s in the Files?
  2. The Instance and the Database: Starting an Oracle Database
  3. Types of Database Files
3. Chapter 3 Oracle Database Objects
  1. The User Interface: User Versus Schema
  2. Objects
  3. Tables
  4. Table Triggers
  5. Views
  6. Stored Programs
  7. Synonyms
  8. Privileges
  9. Roles
  10. Profiles
4. Chapter 4 The Oracle Data Dictionary
  1. Creating and Maintaining the Data Dictionary
  2. The Data Dictionary Views
  3. About SQL.BSQ
  4. Views Used for Security
  5. The Composition of the Views
5. Chapter 5 Oracle Default Roles and User Accounts
  1. About the Defaults
  2. The CONNECT Role
  3. The RESOURCE Role
  4. The DBA Role
  5. The SYSDBA and SYSOPER Roles
  6. Using the Default Roles
  7. Default User Accounts
  8. Segmenting Authority in the Database
6. Chapter 6 Profiles, Passwords, and Synonyms
  1. Profiles
  2. Passwords
  3. Synonyms
Implementing Security
1. Chapter 7 Developing a Database Security Plan
  1. About the Security Policy and Security Plan
  2. Types of Accounts
  3. Standards for Accounts
  4. Standards for Usernames
  5. Standards for Passwords
  6. Standards for Roles
  7. Standards for Views
  8. Standards for the Oracle Security Server
  9. Standards for Employees
  10. Sample Security Plan Index
  11. Sample Security Plan Checklist
2. Chapter 8 Installing and Starting Oracle
  1. Segmenting Application Processing
  2. Installing Oracle Securely
  3. Connecting to the Database Without a Password
  4. Installing and Configuring SQL*Net
  5. Setting Up Initialization Parameters for Security
3. Chapter 9 Developing a Simple Security Application
  1. The Application Overview
  2. Preparing the Role-Object Matrix
  3. Views
  4. Roles
  5. Grants
  6. Application Control of Access
4. Chapter 10 Developing an Audit Plan
  1. Why Audit?
  2. Where to Audit
  3. How Auditing Works
  4. Auditing and Performance
  5. Default Auditing
  6. Types of Auditing
  7. Purging Audit Information
5. Chapter 11 Developing a Sample Audit Application
  1. About the Audit Trail Application
  2. About Performance and Storage
  3. Using the Audit Data in Reports
  4. SQL Scripts to Generate Scripts
6. Chapter 12 Backing Up and Recovering the Database
  1. What Are the Backup Options?
  2. What’s New for Oracle8?
  3. What Are the Recovery Options?
7. Chapter 13 Using the Oracle Enterprise Manager
  1. What Is the OEM?
  2. The DBA Toolkit and Security
  3. OEM and the Job Scheduler
  4. OEM and the Event Management System
8. Chapter 14 Maintaining User Accounts
  1. Application Design Requirements
  2. Running the Application
  3. Documenting the User State
  4. A Sample Script
Enhanced Oracle Security
1. Chapter 15 Using the Oracle Security Server
  1. About Cryptography
  2. Ways to Authenticate Users
  3. What’s in the OSS?
  4. Configuring and Using the OSS
2. Chapter 16 Using the Internet and the Web
  1. Web Basics
  2. Evaluating Web Assets and Risks
  3. Protecting a Web Site
  4. Getting Users Involved
3. Chapter 17 Using Extra-Cost Options
  1. Trusted Oracle
  2. Advanced Networking Option
  3. Oracle Application Server
4. Appendix References
  1. Oracle Books
  2. Security Books
  3. Oracle Electronic References
  4. Security Electronic References

Colophon

William Heney

William Heney started working with version 2 of the Oracle database in 1980. After doing application development in FORTRAN and what then passed for "Forms," he began to specialize in DBA work. In the ensuing years he has worked for a wide variety of customers, many of whom wanted some form of access control implemented in the database. Some of the techniques acquired during these experiences are reflected in this book.

View William Heney's full profile page.
Marlene Theriault

Marlene Theriault has over 14 years of experience as a database administrator, starting with version 2.0 of the Oracle RDBMS. She has presented papers at numerous conferences throughout the world, including various IOUG-A, DECUS, EOUG, and Oracle OpenWorld conferences. At the 1997 East Coast Oracle conference, Marlene tied for first place with Steven Feuerstein, receiving an "Outstanding Speaker" award. She also received the "Distinguished Speaker" award two years in a row at ECO-'95 and ECO-'96. Marlene's articles have appeared in Pinnacle Press' Oracle Developer magazine, IOUG-A's SELECT magazine, and many user group publications. Marlene reactivated the Mid-Atlantic Association of Oracle Professionals' Database Administration Special Interest Group and is the current chair of the MAOP DBA SIG. She authors an "Ask The DBA" column for the MAOP newsletter, and her articles and columns are available at http://www.maop.org/sig-dba/. For recreation, Marlene is an avid volksmarcher who has, with her significant other, Nelson Cahill, walked at least 6.2 miles in every one of the United States. She loves to travel and has been on numerous cruises. She can be reached via email at Marlene.Theriault@jhuapl.edu.

View Marlene Theriault's full profile page.

Colophon

Our look is the result of reader comments, our own experimentation, and feedback from distribution channels. Distinctive covers complement our distinctive approach to technical topics, breathing personality and life into potentially dry subjects. The animal on the cover of Oracle Security is a tarantula, one of a family (Theraphosidae) of hairy spiders, which includes many species -- over 30 known species (such as the trap-door spider) are found in the United States alone (mostly in the South and Southwest). Tarantulas are more common in tropical or subtropical areas; they generally live in holes in the ground or under stones, but are occasionally found in human dwellings or in trees. Species vary in size and appearance, with the largest having a leg span of about nine inches. Most species eat large insects such as beetles, but some prey on small reptiles. Some tarantulas live up to 20 years; females live much longer than males. The tarantula can also survive for very long periods without food or water.

The tarantula's vicious, deadly reputation is undeserved; the bite of most species, while about as painful as a bee sting, contains venom that is relatively harmless to humans. Tarantulas are actually shy and nocturnal: they rarely bite people. Another defense is to use one of their four sets of legs to fling hairs from the abdomen at perceived threats. Tarantulas often appear sluggish, but can move quickly when necessary.

Tarantulas molt their skins several times a year until they reach maturity at about three years of age; after this time, they molt about twice a year. The molting process frequently restores lost limbs. The legs of the tarantula each end in two claws, used to climb walls and rocks; the legs rely on blood pressure to function.

Various tarantula species are kept by many people as pets. The name is thought to have come from the Italian town Taranto. Popular wisdom held that the only cure for tarantula bites (tarantism) was a folk dance called the tarantella. Ellie Fountain Maden was the production editor for Oracle Security and performed the copyedit. Seth Maislin wrote the index. Ellie Cutler proofread the book, and Sheryl Avruch, John Files, and Claire Cloutier LeBlanc performed quality checks.

Edie Freedman designed the cover of this book, using a 19th-century engraving from the Dover Pictorial Archive. The cover layout was produced with Quark XPress 3.32 using the ITC Garamond font.

The inside layout was designed by Nancy Priest and implemented in FrameMaker 5.5 by Mike Sierra. The text and heading fonts are ITC Garamond Light and Garamond Book. The illustrations that appear in the book were created in Macromedia FreeHand 8 and Adobe Photoshop 5 by Robert Romano. This colophon was written by Nancy Kotary.

Description

Table of Contents

Product Details

About the Author

Colophon