Call for Oracle support & training (800) 766-1884
Free Oracle Tips

Home
Corporate Oracle Training
Custom Oracle Training
Oracle New Features Training
Advanced Oracle DBA Classes
Oracle Tuning Courses
Oracle Tips & Tricks
Oracle Training Links
Oracle Training Links
Oracle Training Links

We are top for USA Oracle Training Clients

 

Free Oracle Tips


 
HTML Text AOL

Free Oracle App Server Tips


 
HTML Text

Oracle support

Oracle training

Oracle tuning

Rednecks!

Remote Oracle

Custom Oracle Training

 

   
  Oracle Tips by Burleson

Chapter 4 General Oracle Security

not by the user. If, at some point in the future, the code for processed is changed from P to, say, R, the users don't have to know about it. The program logic is the only place it has to be changed.

The third, but the most important one is security.

By making the table hidden from the applications, we keep the structure of the table hidden from most users. Since the users are not given any privilege to update the table data directly, a malicious attacker cannot update the table directly, he or she has to use the procedure. Inside the procedure, we can place various types of checks to ensure that the calling of the procedure is genuine. By retaining a single point of control for the table changes, we achieve some degree of control on the changes. In most cases, this is desirable to enforce a security policy.

This is one model of security for the data. However, we will unearth some potential problems and issues with this approach later.

This approach is very useful in the case of procedures that are frequently called to validate something or do something repeatedly. For instance, a procedure can be constructed to authenticate users of an application, not the database. A typical approach is to create a table to hold the user ids and passwords. The application connects using a generic id, reads the table for the password of the user, and matches it with the one supplied by the user.

However, the system is fraught with large security holes. Anyone can select the password table and read the password of another user. It's not acceptable in the security model we propose. Here is another approach.

Application Password Management


The above text is an excerpt from:

Oracle Privacy Security Auditing

The Final Word on Oracle Security

 

This is the only authoritative book on Oracle Security, Oracle Privacy, and Oracle Auditing written by two of the world’s leading Oracle Security experts.

This indispensable book is only

$39.95

 and has an immediate download of working security scripts:

 

http://rampant-books.com/book_2003_2_audit.htm



 
 
 
 

Oracle performance tuning book

 

 

Oracle performance tuning software

 
Oracle performance tuning software
 
Oracle performance Tuning 10g reference poster
 
Oracle training in Linux commands
 
Oracle training Excel
 
 
 
 

 

email BC:


Copyright © 1996 -  2014 by Burleson Inc. All rights reserved.

Oracle® is the registered trademark of Oracle Corporation.