Databases Illuminated by Ricardo Catherine M.; Urban Susan D.;

Author:Ricardo, Catherine M.; Urban, Susan D.;
Language: eng
Format: epub
Publisher: Jones & Bartlett Learning
Published: 2015-03-15T04:00:00+00:00

8.8 Security in Oracle

Oracle provides robust security that goes far beyond the SQL authorization language commands. There are many different ways to set up and manage the security of an Oracle database installation besides the methods discussed here.

8.8.1 Security Features

Security features include facilities for all the following activities:

› Management of user accounts. User accounts can be created, user rights defined, and password and profile policies set up in several ways. Strong passwords can be enforced. User views, user privileges, and roles can be used to limit user access to data.

› Authentication of users can be performed for the database from the operating system level and from a network.

› Application security policies can be set for all applications that access the database.

› Privilege analysis allows the DBA to identify privileges that are being used, track the source of the privileges, and identify privileges that are not being used. This information can be used to tighten security.

› User session information for applications. Information such as the user name and location can be gathered automatically and used to control the user’s access through an application.

› Virtual Private Database (VPD) is an additional level of security that can be used to control access on the row and column level.

› Data redaction is a method of masking data at run time, when queries are executed. Some or all of the characters are hidden or replaced in the results set. For example, only the last four digits of a Social Security number or a credit card number may be displayed. Redaction is often done to comply with regulations such as PCI DSS or SOX.

› Transparent sensitive data protection can be used as a method of identifying and protecting all columns that hold sensitive data, even across several databases. Once identified, the columns may be protected using VPD or data redaction.

› Network data encryption can be performed automatically or manually using the DBMS_CRYPTO PL/SQL package. Oracle Net Services can be configured to provide data encryption and integrity on servers and clients. Thin Java Database Connectivity (JDBC) clients can be configured for secure connections to databases.

› Strong authentication. Available industry-standard authentication methods include centralized authentication and single sign-on, Secure Sockets Layer (SSL), Remote Authentication Dial-In User Service (RADIUS), and Kerberos.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.