160 likes | 371 Views
Oracle Database Security. …from the application perspective. Agenda. Oracle architecture System architecture Network architecture Common Oracle objects Schema/object security Java security Application integration techniques. Authentication & credentials. Can be… OS authentication
E N D
Oracle Database Security …from the application perspective
Agenda • Oracle architecture • System architecture • Network architecture • Common Oracle objects • Schema/object security • Java security • Application integration techniques
Authentication & credentials • Can be… • OS authentication • Userid/password • X.509 certificates • Smart card • Etc. • Stored in Oracle • As MD5 hash Oracle architecture
Authentication & credentials (cont.) • Transport encryption • DES encryption of db-selected random number w/user’s password hash • OS-integrated authentication available too • Password changes travel unencrypted • Password management features available • Aging & expiration • History (e.g., can prohibit reuse of last 3 passwords) • Composition & complexity (e.g., require letters + numbers) • Account lockout
grant select on EMPLOYEES to ASOK; alice’s schema employees candidates orders customers all_users Public objects Oracle object security asok’s schema
hr_steward DBA hrdata schema employees candidates Oracle role-based security grant all privileges on EMPLOYEES to role HR_STEWARD; grant HR_STEWARD to CATBERT;
Auditing • Obviously impacts database performance • Writes high-level info to a common table • Database user • Object (table, role, etc.) • Action (select, insert, etc.) • Date/time • Currently enabled on-request to DBA team • Difficult to trace actions to a live human • Can correlate with IP address
orders customers Typical modern application application application schema
orders customers Shared schemas Application #1 Application #2 insert update delete select grant select insert update select application #2’s schema
Summary Oracle provides a variety of security features including: • Identification/Authentication • Authorization via privileges, roles, and fine grained security • Encryption • Audit trails
SQL Security Background • Windows Live Security Mission
Platform Security SQL Server Follow best practices for application and database configuration Roles and permissions Authentication Validation Administration Server structure Propagation Encryption