![Page 1: Oracle Database Security …from the application perspective](https://reader035.vdocuments.us/reader035/viewer/2022081813/5697c0221a28abf838cd3970/html5/thumbnails/1.jpg)
Oracle Database Oracle Database SecuritySecurity
……from the application perspectivefrom the application perspective
![Page 2: Oracle Database Security …from the application perspective](https://reader035.vdocuments.us/reader035/viewer/2022081813/5697c0221a28abf838cd3970/html5/thumbnails/2.jpg)
AgendaAgenda
Oracle architectureOracle architecture System architectureSystem architecture Network architectureNetwork architecture
Common Oracle objectsCommon Oracle objects Schema/object securitySchema/object security Java securityJava security Application integration techniquesApplication integration techniques
![Page 3: Oracle Database Security …from the application perspective](https://reader035.vdocuments.us/reader035/viewer/2022081813/5697c0221a28abf838cd3970/html5/thumbnails/3.jpg)
Authentication & credentialsAuthentication & credentials
Can be…Can be… OS authenticationOS authentication Userid/passwordUserid/password X.509 certificatesX.509 certificates Smart cardSmart card Etc.Etc.
Stored in OracleStored in Oracle As MD5 hashAs MD5 hash
Oracle architecture
![Page 4: Oracle Database Security …from the application perspective](https://reader035.vdocuments.us/reader035/viewer/2022081813/5697c0221a28abf838cd3970/html5/thumbnails/4.jpg)
Authentication & credentials (cont.)Authentication & credentials (cont.)
Transport encryptionTransport encryption DES encryption of db-selected random number DES encryption of db-selected random number
w/user’s password hashw/user’s password hash OS-integrated authentication available tooOS-integrated authentication available too Password changes travel unencryptedPassword changes travel unencrypted
Password management features availablePassword management features available Aging & expirationAging & expiration History (e.g., can prohibit reuse of last 3 passwords)History (e.g., can prohibit reuse of last 3 passwords) Composition & complexity (e.g., require letters + Composition & complexity (e.g., require letters +
numbers)numbers) Account lockoutAccount lockout
![Page 5: Oracle Database Security …from the application perspective](https://reader035.vdocuments.us/reader035/viewer/2022081813/5697c0221a28abf838cd3970/html5/thumbnails/5.jpg)
Oracle object securityOracle object securitygrant select on EMPLOYEES to ASOK;
alice’s schema
employees
candidates
asok’s schema
orderscustomers
Public objects
all_users
![Page 6: Oracle Database Security …from the application perspective](https://reader035.vdocuments.us/reader035/viewer/2022081813/5697c0221a28abf838cd3970/html5/thumbnails/6.jpg)
Oracle role-based securityOracle role-based security
hrdata schema
employees
candidates
hr_steward grant all privileges on EMPLOYEES to role HR_STEWARD;
grant HR_STEWARD to CATBERT;
DBA
![Page 7: Oracle Database Security …from the application perspective](https://reader035.vdocuments.us/reader035/viewer/2022081813/5697c0221a28abf838cd3970/html5/thumbnails/7.jpg)
AuditingAuditing
Obviously impacts database performanceObviously impacts database performance Writes high-level info to a common tableWrites high-level info to a common table
Database userDatabase user Object (table, role, etc.)Object (table, role, etc.) Action (select, insert, etc.)Action (select, insert, etc.) Date/timeDate/time
Currently enabled on-request to DBA teamCurrently enabled on-request to DBA team Difficult to trace actions to a live humanDifficult to trace actions to a live human
Can correlate with IP addressCan correlate with IP address
![Page 8: Oracle Database Security …from the application perspective](https://reader035.vdocuments.us/reader035/viewer/2022081813/5697c0221a28abf838cd3970/html5/thumbnails/8.jpg)
Typical modern applicationTypical modern application
application schema
orders customers
application
![Page 9: Oracle Database Security …from the application perspective](https://reader035.vdocuments.us/reader035/viewer/2022081813/5697c0221a28abf838cd3970/html5/thumbnails/9.jpg)
Shared schemasShared schemas
application #2’s schema
orderscustomers
Application#1
Application#2
selectinsertupdate
insertupdatedeleteselectgrant
select
![Page 10: Oracle Database Security …from the application perspective](https://reader035.vdocuments.us/reader035/viewer/2022081813/5697c0221a28abf838cd3970/html5/thumbnails/10.jpg)
SummarySummary
Oracle provides a variety of security features Oracle provides a variety of security features including:including:
Identification/AuthenticationIdentification/Authentication Authorization via privileges, roles, and fine Authorization via privileges, roles, and fine
grained securitygrained security EncryptionEncryption Audit trailsAudit trails
![Page 11: Oracle Database Security …from the application perspective](https://reader035.vdocuments.us/reader035/viewer/2022081813/5697c0221a28abf838cd3970/html5/thumbnails/11.jpg)
SQL Security BackgroundSQL Security Background● Windows Live Security MissionWindows Live Security Mission
![Page 12: Oracle Database Security …from the application perspective](https://reader035.vdocuments.us/reader035/viewer/2022081813/5697c0221a28abf838cd3970/html5/thumbnails/12.jpg)
Platform SecurityPlatform Security
SQL Server SQL Server Follow best practices for application and Follow best practices for application and
database configurationdatabase configuration• Roles and permissionsRoles and permissions• AuthenticationAuthentication• ValidationValidation• AdministrationAdministration• Server structureServer structure• PropagationPropagation• EncryptionEncryption