| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: 65 Oracle security papers,articles and presentations
Pete Finnigan <pete_at_petefinnigan.com> wrote in message news:<u4SD9HBFpak+EwmW_at_peterfinnigan.demon.co.uk>...
> Hi Everyone
>
> For some time now I have been trying to update my website to include
> links to the many Oracle security white papers, articles and
> presentations and info that I have collected over the last few years
> whilst I have been researching into Oracle security.
>
> I have now finally updated my site and added links to some 65 Oracle
> security papers, articles and presentations. If anyone is interested in
> Oracle security they are at http://www.petefinnigan.com/orasec.htm or
> you can go to http://www.petefinnigan.com and choose "white papers" from
> the pull down menus.
>
> If anyone has any links to other Oracle security papers I have not yet
> listed then I would be very grateful if you could please email me at
> pete_at_petefinnigan.com with the links.
>
> kind regards
>
> Pete
Pete,
Wow - great stuff. Thanks much for putting this together.
Looks like I have train reading for awhile - just when I was cranking again on the Geoff Ingram "high performance oracle" book. The other DBA got ahold of my copy of Mike Ault's "database admin and management" book and won't let it go ...
Your book (which stays at home right next to Stefan Norberg's) presented a considerable list of items to check/implement, some of which are not easily tacked onto an existing application already in production.
I'm planning (hoping?) that the during an upcoming migration to 9i R2 - that sufficient time is available in the development and QA cycle, that many of the items that are listed your text (and elsewhere) that can be implemented in the new db prior to any application schemas being imported/created.
(I rather dislike remodeling - would rather level it and build from foundation up - you don't have to compromise as much).
One of the excuses^H^H^H^H^H^H^H reasons that environments aren't more locked down is fear of "breaking the existing app". If the database is locked down first, before the app is brought into the environment - and set auditing of failed permissions on - it should be much easier to determine where the app is making very liberal assumptions concerning object sys privs - and approach using only the minimal privs required for the app to function, nothing more.
Anyone care to post the security feature that they'd like to implement most, such as "revoke DBA from :app_owner_schema;"? when they move from 8i R3 to 9i R2?
Paul
Apply a security template to your MS Windows 2000 Server OS today. Received on Mon Apr 07 2003 - 18:33:18 CDT
 |
 |