Re: Oracle Security Best Practices

Sandro,

There is an excellent book on ³Oracle Security² available online from ³http://www.sans.org². Concise, organized, and prioritized. Also, Newman and Theriault¹s ³Oracle Security Handbook² from Oracle Press is chock full of common sense...

Not sure what the question about ³automating the migration of stored procedures² refers to. Could you provide more information? I don¹t think I understand the problem...

Storing password files on the database server is mainly an exercise in ensuring that OS security and file permissions properly implemented. If you cannot ensure that OS files are properly secured, then the entire Oracle database is at risk, not to mention files containing clear-text passwords. After all, one can view data within datafiles using programs other than the Oracle RDBMS...

The idea of creating production schemas/logins to separate object ownership from application/end-user access is excellent. To avoid using synonyms, consider the functionality of the ³ALTER SESSION SET CURRENT_SCHEMA = <ownership-schema>² command being executed in an AFTER LOGON trigger in all accounts used for end-user access. It is a little-known but wonderfully manageable bit of functionality...

Hope this helps...

-Tim

on 8/7/03 5:44 AM, SSILVA9_at_BKB.com.br at SSILVA9_at_BKB.com.br wrote:

> Can anybody help-me in finding a security approach to a Oracle database?
>
>
>
> We are trying to set up a security policy for Oracle but we are having some
> problem in questions like:
>
>
>
> 1) Automatic process: How to create a single login user that automates the
> migration of stored procedures
>
> 2) How to store password-files safely in order to avoid users reading it
> (encryption may be)
>
> 3) How to create production logins that are not the owner of the
> tables/procedures and without creating synonyms avoiding them to have to
> prefix the objects with the owner
>
>
>
> Is there any documentation or site you can suggest me?
>
>
>
> Thanks,
>
>
>
> Sandro Augusto da Silva
> Technology Services & Support
> NLA Technology Services
> Phone: +55 11 3398-8438
> Fax: +55 11 3398-7522
>
>
>
>
>
> Esta mensagem, incluindo seus anexos, pode conter informação confidencial e/ou
> privilegiada. Se você recebeu este e-mail por engano, não utilize, copie ou
> divulgue as informações nele contidas. E, por favor, avise imediatamente o
> remetente, respondendo ao e-mail, e em seguida apague-o. Este e-mail possui
> conteúdo informativo e não transacional. Caso necessite de atendimento
> imediato, recomendamos utilizar um dos canais disponíveis: Internet Banking
> <http://www.bankboston.com.br> , BankBoston por telefone
> <http://www.bankboston.com.br/bpt> ou agência/representante de atendimento de
> sua conveniência. Agradecemos sua colaboração.
>
> This message, including its attachments, may contain confidential and/or
> privileged information. If you received this email by mistake, do not use,
> copy or disseminate any information herein contained. Please notify us
> immediately by replying to the sender and then delete it. This email is for
> information purposes only, not for transactions. In case you need immediate
> assistance, please use one of the following channels: Internet Banking
> <http://www.bankboston.com.br> , BankBoston by phone
> <http://www.bankboston.com.br/bpt> or branch/relationship manager at your
> convenience. Thank you for your cooperation.
>

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Tim Gorman
  INET: tim_at_sagelogix.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).