Contents
- Audience
- Organization
- Related Documentation
- Conventions
- Documentation Accessibility
- New Features in Virtual Private Database
- New Features in Auditing
- New PL/SQL Encryption Package: DBMS_CRYPTO
- Identity Management: Security in Complex, High Volume Environm
ents
- Desired Benefits of Identity Management
- Components of Oracle's Identity Management Infrastructure
- Physical Access Control
Checklist
- Personnel Checklist
- Secure Installation and Configuration Checklist
- Networking Security Checklists
- SSL (Secure Sockets Layer) Checklist
- Client Checklist
- Listener Checklist
- Network Checklist
- Introduction to Database Security Policies
- Security Threats and Countermeasures
- What
Information Security Policies Can Cover
- Reco
mmended Application Design Practices to Reduce Risk
-
- Tip 1: Enable and Disable Roles Promptly
- Tip 2: En
capsulate Privileges in Stored Procedures
- Tip 3: Use Role Passwords Unknown
to the User
- Tip 4: Use Proxy Authentication and a Secure Application Role<
/a>
- Tip 5: Use Secure Application Role to Verify IP Address
- Tip 6: Use Application Context and Fine-Grained Access Control
- Authenticati
on by the Operating System
- Authentication by
the Network
- Authentication by the Secure Socket Lay
er Protocol
- Authentication Using Third-Party Services
- DCE Authentication
- Kerb
eros Authentication
- Public Key Infrastructure-Based Authentication
- Authentication with RADIUS
- Directory-based Services
- Authent
ication by the Oracle Database
- Password Encryption
While Connecting
- Account Locking
- Password Lifetime and Expiration
- Password History
- Password Complexity Verification
- Multitier Authentication and Authorization
- <
a href="authmeth.htm#1006458">Clients, Application Servers, and Database Servers
- Security Issues for Middle-Tier Applications
- Identity Issues in a Mul
titier Environment
- Restricted Privileges in a Multitier Environment
- Client Privileges
- Application Server Privileges
- Authentication of Database Administrators
- Introduction to Privileges
- System Privileges
- Granting and Revoking System Privileges
- Who Can Grant or Revoke Sys
tem Privileges?
- Schema Object Privileges
- Granting and Revoking Schema Object Privileges
- Who Can Grant Schema Object Privileges?
- Using Privileg
es with Synonyms
- Table Privileges
- Data Manipulation Language (DML) Operations
- Data Definition Language (DDL) Operations
- View Privile
ges
- Privileges Required to Create Views
- Increasing Table Security with Views
- Procedure Privileges
- Procedure Execution and Secur
ity Domains
- System Privileges Needed to Create or Alter a Procedure
- Packages and Package Objects
- Type Privileges
- System Privileges for Named T
ypes
- Object Privileges
- Method Execution Model
- Privileges Required to Create Types and Tables
Using Types
- Example of Privileges for Creating Types and Tables Using Type
s
- Privileges on Type Access and Object Access
- Type Dependencies
- Introduction to Roles
- Properties of Ro
les
- Common Uses for Roles
- Application Roles
- User Roles
- Granting and Revoking Roles
- Who Can Grant or Revoke Roles?
- Security Domains of
Roles and Users
- PL/SQL Blocks and Roles
- Named Blocks with Definer's Rights
- An
onymous Blocks with Invoker's Rights
- Data Definition Language Sta
tements and Roles
- Predefined Roles
- The Operating System and Roles
- Roles in a Distributed Env
ironment
- Secure Application Roles
- Creation of Secure Application Roles
- User Resource Limits
- Types of System Resources and Limits
- Session Level<
/dd>
- Call Level
- CPU Time
- Logical Reads
- Limi
ting Other Resources
- Profiles<
/strong>
-
- Determining Values for Resource
Limits
- Introduction to Views
- Fine-Grained Access Control
- Dynamic Predicate
s
- Application Context
- Dynamic Contexts
- Security Followup: Aud
iting as well as Prevention
- System Security Policy
- Database User Management
- User Authentication
- Operating System Security
- Data Security
Policy
- User Security Policy
- General User Security
- Password Security
- Privilege Management
<
/dl>
- End-User Security
- Using Roles for End-User Privilege Management
- Using a Dire
ctory Service for End-User Privilege Management
- Administrator Sec
urity
- Protection for Connections as SYS and SYSTEM
- Protection for Administrator Connections
- Using Roles for Administrator Privilege Management
- Application Developer Security
- Application Developers and T
heir Privileges
- The Application Developer's Environment: Test and Productio
n Databases
- Free Versus Controlled Application Development
- Roles and Privileges for Application Developers
- Space Restrictions Imposed on Application Developers
- Application Administrator Security
- Passwo
rd Management Policy
- Account Locking
- Password Aging and Expiration
- P
assword History
- Password Complexity Verification
Password Verification Routine Formatting Guidelines
- Sample Password Verification Routine
Auditing Policy
A
Security Checklist
- Auditing Types and Records
- Audi
t Records and the Audit Trails
- Database Audit Trail (DBA_AUD
IT_TRAIL)
- Operating System Audit Trail
- Operating System Audit Records
- Records Always in the
Operating System Audit Trail
- When Are Audit Records Created?<
/dd>
- Statement Auditing
- Privilege Auditing
- Schema Object Auditing
- Schema Object Audit Options for Views, Procedures, and Other Elements
-
Focusing Statement, Privilege, and Schema Object Auditing
- Auditing Statement Executions: Successful, Unsuccessful, or Both
- Number of Audit Records from Multiple Executions of a Statement
- BY SESSION
- BY ACCESS
- Audit By User
- Auditing in a Multitier Environment
- Fine-Grained Auditing
- User Authentication Methods
- Database Authentication
- Cr
eating a User Who is Authenticated by the Database
- Advantages of Database A
uthentication
- External Authentication
- Creating a User Who is Authenticated Externally
- Operating System Authentication
- Network Authentication
- Advantages of External Authentication
- <
a href="admnauth.htm#1006271">Global Authentication and Authorization
- Creating a User Who is Authorized by a Directory Service
- Advantag
es of Global Authentication and Global Authorization
- Proxy Authen
tication and Authorization
- Authorizing a Middle Tier to Prox
y and Authenticate a User
- Authorizing a Middle Tier to Proxy a User Authent
icated by Other Means
- Managing Oracle Users
- Creating Users
- Specifying a Name
- Setting a User's Authentication
- Assigning a Default Tablespace
- Assigning Tablespace Quotas
- Assigning a Temporary Tablespace
- Specifying a Profile
- Setting Default Roles
- Altering Users
- Changin
g a User's Authentication Mechanism
- Changing a User's Default Roles
- Dropping Users
- Viewing Information About Database Users and Profiles
- User and Profile Information in Data Dictionary Views
- Listing All Users and Associated Information
- Listing All Tabl
espace Quotas
- Listing All Profiles and Assigned Limits
- Viewing Memory Use for Each User Session
- Managing Resources with Profiles
- Dropping Profiles
- Understan
ding User Privileges and Roles
- System Privileges
- Restricting System Privileges
- Accessing Objects in the SYS Schema
- Obj
ect Privileges
- User Roles
- Managing User Roles
- Creating a Role
- Specifying the Type of Role Authorization
- Role Authorization by the Database
- Role Authorization by an Application
- Role Authoriz
ation by an External Source
- Role Authorization by an Enterprise Directory S
ervice
- Dropping Roles
- Granting User Privileges and Roles
- <
a href="admusers.htm#1007745">Granting System Privileges and Roles
- Granting the ADMIN OPTION
- Creating a New User with the GRANT Stateme
nt
- Granting Object Privileges
- Specifying the GRANT OPTION
- Granting
Object Privileges on Behalf of the Object Owner
- Granting Privileges on Colu
mns
- Row-Level Access Control
- Revoking User Privileges and Roles
- Revoking System Privileges and Roles
- R
evoking Object Privileges
- Revoking Object Privileges on Beha
lf of the Object Owner
- Revoking Column-Selective Object Privileges
- Revoking the REFERENCES Object Privilege
- Cascading Effects of Revoking Privileges
- System Privileges
- Object Privileges
- Granting to and Revoking from the User Group PUBLIC
- When Do Grants and Revokes Take Effect?
- The SET ROLE Statement
- Specifying Default Roles
- Restricting the Number of Roles that a
User Can Enable
- Granting Roles Using the Ope
rating System or Network
- Using Operating System Rol
e Identification
- Using Operating System Role Management
- Granting and Revoking Roles When OS_ROLES=TRUE
- Enabling and Disabling Roles When OS_ROLES=TRUE
- Using Network Co
nnections with Operating System Role Management
- Viewing Privilege and Role Information
- Listing
All System Privilege Grants
- Listing All Role Grants
- Listing Object Privileges Granted to a User
- Listing the Current Privilege Domain of Your Session
- Listing Roles of t
he Database
- Listing Information About the Privilege Domains of Roles
- Actions
Audited by Default
- Guidelines for Auditing
- Keep Audited Information Manageable
- Auditing Normal Database Activity
- Auditing Suspicious Database Activity
- Auditing Administrative Users
- Using Triggers
- Decide W
hether to Use the Database or Operating System Audit Trail
- What Information is Contained in the Audit Trail?
- Database Audit Trail Contents
- Audit Information Stored in an
Operating System File
- Managing the Standard
Audit Trail
- Enabling and Disabling Standard Auditin
g
- Setting the AUDIT_TRAIL Initialization Parameter
- Setting the AUDIT_FILE_DEST Initialization Parameter
- Standard Auditing in a Multitier Environment
- Setting Standard Auditing Options
- Specifying Statemen
t Auditing
- Specifying Privilege Auditing
- Specifying Object Auditing
- Turning Off St
andard Audit Options
- Turning Off Statement and Privilege Aud
iting
- Turning Off Object Auditing
- Controlling the Growth and Size of the Standard Audit Trail
- Purging Audit Records from the Audit Trail
- Archi
ving Audit Trail Information
- Reducing the Size of the Audit Trail
<
/dl>
- Protecting the Standard Audit Trail
- Auditing the Standard Audit Trail
- Viewing Database Audit Trail Information
-
Audit Trail Views
- Using Audit Trail Views to Investigate Suspicious Activit
ies
- Listing Active Statement Audit Options
- Listing Active Privilege Audit Options
- Listing Active Object Audit Options for Specific Objects
- Listing Defau
lt Object Audit Options
- Listing Audit Records
- Listing Audit Records for the AUDIT SESSION Option
- Deleting the Audit Trail Views
- Example of Auditing Table SYS
.AUD$
- Fine-Grained Auditing
- Policies in Fine-Grained Auditing
- Advantages of Fine-Grained Auditing over Triggers
- Extensible Interface Using Event Handler Functions
- Functions
and Relevant Columns in Fine-Grained Auditing
- Audit Records in Fine-Graine
d Auditing
- NULL Audit Conditions
- Defining FGA Policies
- An Added Benefit to Fine-Gr
ained Auditing
The DBMS_FGA Package
- ADD_POLICY Procedure
- Syntax
- Parameters
- Usage Notes
- DROP_POLICY Proce
dure
- Syntax
- Parameters
- Usage Notes
- ENABLE_POLICY Procedure
- Syntax
- Parameters
- DISABLE_POLICY Procedure
- Syntax
-
Parameters
<
dd class="H1TOC">About Application Security Policies
- Considerations for Using Application-Based Security
- Are Application Users Also Database Users?
- Is Security Enforced in the Application or in the Database?
- Managing Application Privileges
- Creating Secure Application Roles
- Example of Creating a Secure Application Role
- Associating Privileges with the User's Database Role
- Using the SET ROLE Statement
- Using the SET_ROLE Procedur
e
- Examples of Assigning Roles with Static and Dynamic SQL
- Protecting Database Objects Through the Use of Schemas
- Unique Schemas
- Shared Schemas
- Managing Obje
ct Privileges
- What Application Developers Need to K
now About Object Privileges
- SQL Statements Permitted by Object Privileges
- About Virtual Private Database, Fine-Grained Access Control, and Application Context
<
dl class="H2TOC">
- Introduction to VPD
- Column-level VPD
- Column-level VPD with Column Ma
sking Behavior
- VPD Security Policies and Applications
- Introduction to Fine-Grained Access Control
- Features of Fine-Grained Access Control
- Table-, View-, or Synonym-Based Security Policies
- Multiple Policies for Each Table, View, or Synonym
- Grouping of Security Policies
- High Performance
- Default Security Policies
- About C
reating a Virtual Private Database Policy with Oracle Policy Manager
- Introduction to Application Context
- Features of Application Context
- Specifying Attribu
tes for Each Application
- Providing Access to Predefined Attributes through
the USERENV Namespace
- Externalized Application Contexts
- Ways to Use Application Context with Fine-Grained Access Control
- Using Application Context as a Secure Data Cache
- Using Application Context to Return a Specific Predicate (Security Policy)
- Using Application Context to Provide Attributes Similar to Bind Variables in a Predicate
- Introduction to Global Application Context
- Enforcing Application Security
- Use of Ad Hoc Tools a Potential Security Problem
- Restricting SQL*Plus Users from Using Database Roles
- Limit Roles Through PRODUCT_USER_PROFILE
- Use St
ored Procedures to Encapsulate Business Logic
- Use Virtual Private Database
for Highest Security
- Virtual Private Database and Oracle Label Se
curity Exceptions and Exemptions
- User Models
and Virtual Private Database
- About Implementing Application Context
- How to Use Application Context
- Task 1: Create a PL/SQL Package that Sets the Context for Your Application
- SYS_CONTEXT Example
- SYS_CONTEXT
Syntax
- Using Dynamic SQL with SYS_CONTEXT
- Using SYS_CONTEXT in a Parallel Query
- Using SYS_CO
NTEXT with Database Links
- Task 2: Create a Unique Context and Ass
ociate It with the PL/SQL Package
- Task 3: Set the Context Before the User R
etrieves Data
- Task 4. Use the Context in a VPD Policy Function
- Examples: Application Context Within a Fine-Grained Acce
ss Control Function
- Example 1: Implementing the Pol
icy
- Step 1. Create a PL/SQL Package Which Sets the Context f
or the Application
- Step 2. Create an Application Context
- Step 3. Access the Application Context Inside the Package
- Step 4. Create the New Security Policy
- Exa
mple 2: Controlling User Access by Way of an Application
- Ste
p 1. Create a PL/SQL Package to Set the Context
- Step 2. Create the Context
and Associate It with the Package
- Step 3. Create the Initialization Script
for the Application
- Example 3: Event Triggers, Application Contex
t, Fine-Grained Access Control, and Encapsulation of Privileges
- Initializing Application Context Externally
- Obtaining Default Values from Users
- Obtaining Values from Othe
r External Resources
- Initializing Applicatio
n Context Globally
- Application Context Utilizing LD
AP
- How Globally Initialized Application Context Works
- Example: Initializing Application Context Globally
- How to Use Global Application Context
-
Using the DBMS_SESSION Interface to Manage Application Context in Client Sessions
- Examples: Global Application Context
- Example 1: Global Application Context
- Example 2: Global Appl
ication Context for Lightweight Users
- How Fine-Grained Access Control Works
- How
to Establish Policy Groups
- The Default Policy Grou
p: SYS_DEFAULT
- New Policy Groups
- How to Implement Policy Groups
- Step 1: Set U
p a Driving Context
- Step 2: Add a Policy to the Default Policy Group.
- Step 3: Add a Policy to the HR Policy Group
- Step 4: Add a Policy to the FINANCE Policy Group
- Validation of the Application Used to Connect
- How to Add a Policy to a Table, View, or Synonym
- DBMS_RLS.ADD_POLICY Procedure Policy Types
- Optimizing Performance by
Enabling Static and Context Sensitive Policies
- About Static
Policies
- About Context Sensitive Policies
- Adding Policies for Column-Level VPD
- Default Behavior
- Column Masking Behavior
- Enforcing VPD Policies on Specific SQL Statement Types
- Enforcing Policies on Index Maintenance
- How to Check for Policies Applied to a SQL Statement
- Users Who Are Exempt from VPD Policies
- SYS User Exempted from VPD Policies
- EXEMPT ACCESS POLICY System Privilege
- Au
tomatic Reparse
- VPD Policies and Flashback Qu
ery
- Security Challenges of Three-tier Computing
- Who Is the Real User?
- Does the Middle Tier Have Too Much Privilege
?
- How to Audit? Whom to Audit?
- What Are the Authentication Requirements for Three-tier Systems?
- Client to Middle Tier Authentication
- Middle Tier to Data
base Authentication
- Client Re-Authentication Through Middle Tier to Databas
e
- Oracle Database Solutions for Pr
eserving User Identity
- Proxy Authentication
- Passing Through the Identity of the Real User by Using Proxy Authen
tication
- Limiting the Privilege of the Middle Tier
- Re-authenticating The User through the Middle Tier to the Database
- Auditing Actions Taken on Behalf of the Real User
- Advantages of Proxy Authentication
- Client Identifiers
- Support for Application User Models by Using Client Identifiers
- Using the CLIENT_IDENTIFIER Attribute to Preserve User Identity
- Using CLIENT_IDENTIFIER Independent of Global Application Context
- Securing S
ensitive Information
- Principles of Data Encry
ption
- Principle 1: Encryption Does Not Solve Access
Control Problems
- Principle 2: Encryption Does Not Protect Against a Malici
ous DBA
- Principle 3: Encrypting Everything Does Not Make Data Secure
- Solutions For Stored Data Encryption in Oracle Dat
abase
- Oracle Database Data Encryption Capabilities<
/a>
- Data Encryption Challenges
- Encrypting Indexed Data
- Key Management
- Key Transmission
- Key Storage
- Storing the Keys in
the Database
- Storing the Keys in the Operating System
- Users Managing Their Own Keys
- Changing Encryption Keys
- Binary Large Objects (BLOBS)
- Example of a Data Encryption PL/SQL Program
- Example of Encrypt/Decrypt Procedures for BLOB Data
