| |
 |
|
Oracle Tips by Burleson |
Chapter 2 Introducti
on
to Oracle Security
We will see more examples, caveats, and how to
use them in building a complete system in Chapter 4.
Use the Invoker Rights model of stored
programs whenever possible to tie required privileges to the user
calling the procedure, allowing a finer granular privilege
management.
Finally, HIPAA refers to the security related
to the protection of data not from human abuse, but from machine and
system failures, too. What if the machine suffers component damage
while transactions are being executed? Oracle's transaction
processing model ensures that data integrity will be protected, i.e.
committed data is recovered and uncommitted data is rolled back. Is
that acceptable?
Like most other questions, the answer is
obvious – it depends. In particular, it depends on the type of
transaction processing that is employed at the organization. In some
of the corporations the authors worked in, the transactions – the
claims or payments – are fed into a queue-based system such as MQ
Series, and data is fed from the queues to the database. If the
database fails, and the transaction rolls back, the data is intact
in the queue – as if nothing happened. When the database comes back
up, the same message in the queue can be processed.
However, if the
transactions do not flow through a queue, but happen directly on the
database, or the handler does not handle uncommitted transactions
this way, there could be cases of lost transactions, a clearly
unacceptable situation. The solution in that case is to
The above text is
an excerpt from:
Oracle Privacy Security Auditing
The
Final Word on Oracle Security
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only
$39.95
and has an
immediate download of working security scripts:
|
