Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Oracle Database 12c Security Cookbook
  • Table Of Contents Toc
  • Feedback & Rating feedback
Oracle Database 12c Security Cookbook

Oracle Database 12c Security Cookbook

By : Maja Veselica & Zoran Pavlovic, Pavlovic, Veselica
4.7 (3)
Buy this Book
close
close
Oracle Database 12c Security Cookbook

Oracle Database 12c Security Cookbook

4.7 (3)
By: Maja Veselica & Zoran Pavlovic, Pavlovic, Veselica
Buy this Book

Overview of this book

Businesses around the world are paying much greater attention toward database security than they ever have before. Not only does the current regulatory environment require tight security, particularly when dealing with sensitive and personal data, data is also arguably a company’s most valuable asset - why wouldn’t you want to protect it in a secure and reliable database? Oracle Database lets you do exactly that. It’s why it is one of the world’s leading databases – with a rich portfolio of features to protect data from contemporary vulnerabilities, it’s the go-to database for many organizations. Oracle Database 12c Security Cookbook helps DBAs, developers, and architects to better understand database security challenges. Let it guide you through the process of implementing appropriate security mechanisms, helping you to ensure you are taking proactive steps to keep your data safe. Featuring solutions for common security problems in the new Oracle Database 12c, with this book you can be confident about securing your database from a range of different threats and problems.
Table of Contents (13 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Sections
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Free Chapter
1
1. Basic Database Security
chevron up
Icon
1. Basic Database Security
Icon
Introduction
Icon
Creating a password profile
Icon
Creating password-authenticated users
Icon
Changing a user's password
Icon
Creating a user with the same credentials on another database
Icon
Locking a user account
Icon
Expiring a user's password
Icon
Creating and using OS-authenticated users
Icon
Creating and using proxy users
Icon
Creating and using database roles
Icon
The sysbackup privilege – how, when, and why should you use it?
Icon
The syskm privilege – how, when, and why should you use it?
Icon
The sysdg privilege – how, when, and why should you use it?
2
2. Security Considerations in Multitenant Environment
Icon
2. Security Considerations in Multitenant Environment
Icon
Introduction
Icon
Creating a common user
Icon
Creating a local user
Icon
Creating a common role
Icon
Creating a local role
Icon
Granting privileges and roles commonly
Icon
Granting privileges and roles locally
Icon
Effects of plugging/unplugging operations on users, roles, and privileges
3
3. PL/SQL Security
Icon
3. PL/SQL Security
Icon
Introduction
Icon
Creating and using definer's rights procedures
Icon
Creating and using invoker's right procedures
Icon
Using code-based access control
Icon
Restricting access to program units by using accessible by
4
4. Virtual Private Database
Icon
4. Virtual Private Database
Icon
Introduction
Icon
Creating different policy functions
Icon
Creating Oracle Virtual Private Database row-level policies
Icon
Creating column-level policies
Icon
Creating a driving context
Icon
Creating policy groups
Icon
Setting context as a driving context
Icon
Adding policy to a group
Icon
Exempting users from VPD policies
5
5. Data Redaction
Icon
5. Data Redaction
Icon
Introduction
Icon
Creating a redaction policy when using full redaction
Icon
Creating a redaction policy when using partial redaction
Icon
Creating a redaction policy when using random redaction
Icon
Creating a redaction policy when using regular expression redaction
Icon
Using Oracle Enterprise Manager Cloud Control 12c to manage redaction policies
Icon
Changing the function parameters for a specified column
Icon
Add a column to the redaction policy
Icon
Enabling, disabling, and dropping redaction policy
Icon
Exempting users from data redaction policies
6
6. Transparent Sensitive Data Protection
Icon
6. Transparent Sensitive Data Protection
Icon
Introduction
Icon
Creating a sensitive type
Icon
Determining sensitive columns
Icon
Creating transparent sensitive data protection policy
Icon
Associating transparent sensitive data protection policy with sensitive type
Icon
Enabling, disabling, and dropping policy
Icon
Altering transparent sensitive data protection policy
7
7. Privilege Analysis
Icon
7. Privilege Analysis
Icon
Introduction
Icon
Creating database analysis policy
Icon
Creating role analysis policy
Icon
Creating context analysis policy
Icon
Creating combined analysis policy
Icon
Starting and stopping privilege analysis
Icon
Reporting on used system privileges
Icon
Reporting on used object privileges
Icon
Reporting on unused system privileges
Icon
Reporting on unused object privileges
Icon
How to revoke unused privileges
Icon
Dropping the analysis
8
8. Transparent Data Encryption
Icon
8. Transparent Data Encryption
Icon
Introduction
Icon
Configuring keystore location in sqlnet.ora
Icon
Creating and opening the keystore
Icon
Setting master encryption key in software keystore
Icon
Column encryption - adding new encrypted column to table
Icon
Column encryption - creating new table that has encrypted column(s)
Icon
Using salt and MAC
Icon
Column encryption - encrypting existing column
Icon
Auto-login keystore
Icon
Encrypting tablespace
Icon
Rekeying
Icon
Backup and Recovery
9
9. Database Vault
Icon
9. Database Vault
Icon
Introduction
Icon
Registering Database Vault
Icon
Preventing users from exercising system privileges on schema objects
Icon
Securing roles
Icon
Preventing users from executing specific command on specific object
Icon
Creating a rule set
Icon
Creating a secure application role
Icon
Using Database Vault to implement that administrators cannot view data
Icon
Running Oracle Database Vault reports
Icon
Disabling Database Vault
Icon
Re-enabling Database Vault
10
10. Unified Auditing
Icon
10. Unified Auditing
Icon
Introduction
Icon
Enabling Unified Auditing mode
Icon
Configuring whether loss of audit data is acceptable
Icon
Which roles do you need to have to be able to create audit policies and to view audit data?
Icon
Auditing RMAN operations
Icon
Auditing Data Pump operations
Icon
Auditing Database Vault operations
Icon
Creating audit policies to audit privileges, actions and roles under specified conditions
Icon
Enabling audit policy
Icon
Finding information about audit policies and audited data
Icon
Auditing application contexts
Icon
Purging audit trail
Icon
Disabling and dropping audit policies
11
11. Additional Topics
Icon
11. Additional Topics
Icon
Introduction
Icon
Exporting data using Oracle Data Pump in Oracle Database Vault environment
Icon
Creating factors in Oracle Database Vault
Icon
Using TDE in a multitenant environment
12
12. Appendix – Application Contexts
Icon
12. Appendix – Application Contexts
Icon
Introduction
Icon
Exploring and using built-in contexts
Icon
Creating an application context
Icon
Setting application context attributes
Icon
Using an application context

Creating a password profile

You can use a profile to implement your password policy.

Getting ready

To complete this recipe, you'll need an existing user who has create profile privilege (such as an OS-authenticated user who has database administrators (dba) role, for example, ops$zoran). Also, you'll need an unlocked user account named scott.

Make sure that the resource_limit parameter is set to true.

How to do it...

  1. Connect to the database as a user who has create profile privilege:
           sqlplus /
  2. Create a password profile:
           create profile userprofile limit
       failed_login_attempts 4
       password_lock_time 2
       password_life_time 180;
  3. Alter the user to use a newly created password profile:
           alter user scott profile userprofile;
  4. Alter the default password profile:
           alter profile default limit
failed_login_attempts 4;

How it works...

In step 1, you used OS authentication to connect to the database.

In step 2, you created a password profile with the name userprofile that has the following restrictions:

  • The system allows four login attempts before locking a user account (failed_login_attempts)
  • After locking a user account, it will remain locked for two days (password_lock_time)
  • A password for the user can remain unchanged for 180 days - after which the password will expire, and the user will have to change the password for his next login (password_life_time)

In step 3, we assigned a newly created password profile to the user scott. If we don't assign a password profile to the user, that user uses the default password profile.

In step 4, we altered the default password profile with the failed_login_attempts restriction.

There's more...

You can create different password profiles for different users in the database. There are a lot of restrictions that can be applied to a password profile.

In Oracle Database 12c, there are three password verify functions, out of which, two are new and improved:

  • verify_function_11G (carried over)
  • ora12c_verify_function (new)
  • ora12c_strong_verify_function (new)

If password complexity checking is not enabled, and you want to use it, you should run the utlpwdmg.sql script provided by Oracle. It's located in $ORACLE_HOME/rdbms/admin. The ora12c_verify_function function is the default function that the utlpwdmg.sql script uses. If you want, you can customize password verify functions.

Note

Password complexity checking, even when enabled, doesn't apply to sys user.

If you want to choose which verify function will be used in the default profile, you can achieve that by using the following statement:

alter profile default limit password_verify_function ora12c_strong_verify_function;

In subsequent recipes, it is assumed that default values are set for the default profile and the password verify function is not used.

See also

  • Creating password-authenticated users
  • Locking a user account
  • Creating and using OS-authenticated users
End of Section 3
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY