Call for Oracle support & training (800) 766-1884
Free Oracle Tips

Corporate Oracle Training
Custom Oracle Training
Oracle New Features Training
Advanced Oracle DBA Classes
Oracle Tuning Courses
Oracle Tips & Tricks
Oracle Training Links
Oracle Training Links
Oracle Training Links

We are top for USA Oracle Training Clients


Free Oracle Tips


Free Oracle App Server Tips


Oracle support

Oracle training

Oracle tuning


Remote Oracle

Custom Oracle Training


  Oracle Tips by Burleson

Chapter 4 General Oracle Security

not by the user. If, at some point in the future, the code for processed is changed from P to, say, R, the users don't have to know about it. The program logic is the only place it has to be changed.

The third, but the most important one is security.

By making the table hidden from the applications, we keep the structure of the table hidden from most users. Since the users are not given any privilege to update the table data directly, a malicious attacker cannot update the table directly, he or she has to use the procedure. Inside the procedure, we can place various types of checks to ensure that the calling of the procedure is genuine. By retaining a single point of control for the table changes, we achieve some degree of control on the changes. In most cases, this is desirable to enforce a security policy.

This is one model of security for the data. However, we will unearth some potential problems and issues with this approach later.

This approach is very useful in the case of procedures that are frequently called to validate something or do something repeatedly. For instance, a procedure can be constructed to authenticate users of an application, not the database. A typical approach is to create a table to hold the user ids and passwords. The application connects using a generic id, reads the table for the password of the user, and matches it with the one supplied by the user.

However, the system is fraught with large security holes. Anyone can select the password table and read the password of another user. It's not acceptable in the security model we propose. Here is another approach.

Application Password Management

The above text is an excerpt from:

Oracle Privacy Security Auditing

The Final Word on Oracle Security


This is the only authoritative book on Oracle Security, Oracle Privacy, and Oracle Auditing written by two of the world’s leading Oracle Security experts.

This indispensable book is only


 and has an immediate download of working security scripts:


Oracle performance tuning book



Oracle performance tuning software

Oracle performance tuning software
Oracle performance Tuning 10g reference poster
Oracle training in Linux commands
Oracle training Excel


email BC:

Copyright © 1996 -  2014 by Burleson Inc. All rights reserved.

Oracle® is the registered trademark of Oracle Corporation.