new oracle row level security paper

Hi everyone,

I have recently written a paper on row level security in Oracle for publication by security focus. This paper is a two part paper and the first part is published, the second part will be published later this week.

part one introduces row level security, talks about the various names it has and also why you might want to use it with listed advantages. I go on to talk about how it works and how to implement a simple example working through the various steps with example code. I then go on to test the example with differing scenarios to check it performs against the business rules defined. I talk about a couple of issues and tips.

part two goes on to look into how to explore the database looking at what row level security settings are in use or indeed if it is in use, by querying v$ views, I also discuss how to use the dictionary views to understand the setup and then go on to explore how to derive the SQL including predicate from the database and also how to see if row level security is in use by inference. I also discuss some of the issues with its use. As usual I also throughout make suggestions about protecting what configuration can be read from the database.

A link to part one can be found here:

http://www.petefinnigan.com/orasec.htm

kind regards

Pete

-- 
Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.