Oracle Security

Marlene Theriault has over 14 years of experience as a database administrator, starting with version 2.0 of the Oracle RDBMS. She has presented papers at numerous conferences throughout the world, including various IOUG-A, DECUS, EOUG, and Oracle OpenWorld conferences. At the 1997 East Coast Oracle conference, Marlene tied for first place with Steven Feuerstein, receiving an "Outstanding Speaker" award. She also received the "Distinguished Speaker" award two years in a row at ECO-'95 and ECO-'96. Marlene's articles have appeared in Pinnacle Press' Oracle Developer magazine, IOUG-A's SELECT magazine, and many user group publications. Marlene reactivated the Mid-Atlantic Association of Oracle Professionals' Database Administration Special Interest Group and is the current chair of the MAOP DBA SIG. She authors an "Ask The DBA" column for the MAOP newsletter, and her articles and columns are available at http://www.maop.org/sig-dba/. For recreation, Marlene is an avid volksmarcher who has, with her significant other, Nelson Cahill, walked at least 6.2 miles in every one of the United States. She loves to travel and has been on numerous cruises. She can be reached via email at Marlene.Theriault@jhuapl.edu. William Heney started working with version 2 of the Oracle database in 1980. After doing application development in FORTRAN and what then passed for "Forms," he began to specialize in DBA work. In the ensuing years he has worked for a wide variety of customers, many of whom wanted some form of access control implemented in the database. Some of the techniques acquired during these experiences are reflected in this book. Computer programming was not Bill's original occupation. His first bachelor's degree is in music education. It was while serving in the U.S. Navy that he became interested in electronics and, later on, computers. For relaxation, Bill likes to spend time outdoors with Ellen, his wife, enjoying their mutual interests of camping, biking, and skiing.

Preface. I. Security in an Oracle System. 1. Oracle and Security What's It All About? The Oracle Security Model Procedures, Policies, and Plans If I Had a Hammer-. 2. Oracle System Files What's in the Files? The Instance and the Database: Starting an Oracle Database Types of Database Files. 3. Oracle Database Objects The User Interface: User Versus Schema Objects Tables Table Triggers Views Stored Programs Synonyms Privileges Roles Profiles. 4. The Oracle Data Dictionary Creating and Maintaining the Data Dictionary The Data Dictionary Views About SQL.BSQ Views Used for Security The Composition of the Views. 5. Oracle Default Roles and User Accounts About the Defaults The CONNECT Role The RESOURCE Role The DBA Role The SYSDBA and SYSOPER Roles Using the Default Roles Default User Accounts Segmenting Authority in the Database. 6. Profiles, Passwords, and Synonyms Profiles Passwords Synonyms. II. Implementing Security. 7. Developing a Database Security Plan About the Security Policy and Security Plan Types of Accounts Standards for Accounts Standards for Usernames Standards for Passwords Standards for Roles Standards for Views Standards for the Oracle Security Server Standards for Employees Sample Security Plan Index Sample Security Plan Checklist. 8. Installing and Starting Oracle Segmenting Application Processing Installing Oracle Securely Connecting to the Database Without a Password Installing and Configuring SQL*Net Setting Up Initialization Parameters for Security. 9. Developing a Simple Security Application The Application Overview Preparing the Role-Object Matrix Views Roles Grants Application Control of Access. 10. Developing an Audit Plan Why Audit? Where to Audit How Auditing Works Auditing and Performance Default Auditing Types of Auditing Purging Audit Information. 11. Developing a Sample Audit Application About the Audit Trail Application About Performance and Storage Using the Audit Data in Reports SQL Scripts to Generate Scripts. 12. Backing Up and Recovering the Database What Are the Backup Options? What's New for Oracle8? What Are the Recovery Options? 13. Using the Oracle Enterprise Manager What Is the OEM? The DBA Toolkit and Security OEM and the Job Scheduler OEM and the Event Management System. 14. Maintaining User Accounts Application Design Requirements Running the Application Documenting the User State A Sample Script. III. Enhanced Oracle Security. 15. Using the Oracle Security Server About Cryptography Ways to Authenticate Users What's in the OSS? Configuring and Using the OSS. 16. Using the Internet and the Web Web Basics Evaluating Web Assets and Risks Protecting a Web Site Getting Users Involved. 17. Using Extra-Cost Options Trusted Oracle Advanced Networking Option Oracle Application Server A. References. Index