||Oracle Tips by Burleson
Chapter 4 General Oracle Security
can be a very effective tool to discourage
malicious users from getting what they want.
Think of an example – if a burglar breaks into
your house to rob the family safe, would he or she look inside the
laundry closet? Probably not. The thief will look for a box-like
object that may appear similar to the thief’s image of the safe. If
the safe was designed to look like, say, a dirty clothes hamper,
with some actual dirty underwear on the top, the thief would
probably never be able to guess that, and thus the safe will be
indeed exactly that - safe. (Now everybody knows where the safe is
in my house! However, I assure you, there is nothing of value
inside, just a few stones my wife collects!)
A similar concept can be applied to database
objects, too. A hacker will look for a table named credit_card or
something similar. If the credit card numbers are stored in a table
named process_data, the hacker will most likely ignore it. However,
all the legitimate users will know exactly where to find the data.
This technique not only applies to table names, but to column names
as well, e.g. the credit card numbers are represented by a column
name PROC_DATA_VALUE, or something similar.
This technique of hiding
an object behind a meaningless name is adapted from the concept of
camouflage in everyday life. Although it may be a little complex to
use, in a small development group this can easily be implemented.
The added advantage of this object masquerading as a form of
security is that it protects against the prying eyes of internal
employees who have
The above text is
an excerpt from:
Oracle Privacy Security Auditing
Final Word on Oracle Security
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only
and has an
immediate download of working security scripts: