Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: DBMS_RLS and Security

Re: DBMS_RLS and Security

From: rjamya <rjamya_at_gmail.com>
Date: Tue, 1 May 2007 20:39:35 -0400
Message-ID: <9177895d0705011739u62527a00w278953edb3325d81@mail.gmail.com> 





Bill,



Not sure if you can really hide it from the dba. My understanding is if a
user has 'access exempt policy' privilege, then policies don't apply.



The article states that by 'wrapping' plsql code, you can hide the policy
implementation from the dbas. But a malicious dba can set an event to dump
the full sqltext on the next hard parse. Plus if you do db_extended_audit,
that information will be visible to any dba, including bind values in the
fga audit trail (if so enabled) ... oh and you can head to Pete Finnigan's
site to see how one an attempt to unwrap the wrapped code. In 10g, you can
compress the code after wrapping it, but there is an event to disable that
compression too,



As for loosing data, not sure, but if the policies are not implemented
appropriately, that data will not be seen and users might think it is
missing. Because unless you see the actual sql, you can't really say if the
data isn't there or it is restricted by policy.



AFAIK, oracle application server is not required for dbms_rls usage. The
only thing that can protect data from DBAs is database vault outside of
encryption. Then again, think about it, if you don't trust your DBAs, you
have got a bigger problem. The buck has to stop somewhere.



we have used dbms_rls in 9i to restrict data that each user can see, no app
server, it is oracle forms client/server application.



rjamya




On 5/1/07, William Wagman <wjwagman_at_ucdavis.edu> wrote:


>

> Greetings,

>

> One of my users sent me this URL for a paper on improving security,

> http://www.oracle.com/technology/pub/articles/jucan_security.html. The

> writer presents a technique for hiding columns using DBMS_RL to create

> policies to hide data. Apparently one can even hide data from a user

> with full DBA access. I had a conversation with one of my co-workers who

> had just attended an Oracle taught security class and she reported that

> there are numerous examples of users losing data when attenpting to do

> this. Apparently the class instructor also did not have real good

> feelings about this technique as well. It apparently also takes

> advantage of Oracle Application server's security which makes it appear

> that application server is required in order to utilize this

> methodology. Unfortunately I don't have a good enough understanding of

> the process to give a concise explanation. I am interested in knowing if

> others are familiar with this technique, have used it and what your

> experiences were.

>

> Thanks.

>

> Bill Wagman

> Univ. of California at Davis

> IET Campus Data Center

> wjwagman_at_ucdavis.edu

> (530) 754-6208

> --

> http://www.freelists.org/webpage/oracle-l

>

>

>




-- 
-----
Best regards
RJamya

--
http://www.freelists.org/webpage/oracle-l


Received on Tue May 01 2007 - 19:39:35 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US