Oracle Security [Paperback]

William Heney (Author), Marlene L. Theriault (Author)

Book Description

Publication Date: December 1, 1998

Security in a relational database management system is complex, and too few DBAs, system administrators, managers, and developers understand how Oracle implements system and database security. This book gives you the guidance you need to protect your databases.

Oracle security has many facets:

• Establishing an organization's security policy and plan
• Protecting system files and passwords
• Controlling access to database objects (tables, views, rows, columns, etc.)
• Building appropriate user profiles, roles, and privileges
• Monitoring system access via audit trails

Oracle Security describes how these basic database security features are implemented and provides many practical strategies for securing Oracle systems and databases. It explains how to use the Oracle Enterprise Manager and Oracle Security Server to enhance your site's security, and it touches on such advanced security features as encryption, Trusted Oracle, and various Internet and World Wide Web protection strategies.

A table of contents follows:

Preface Part I: Security in an Oracle System

• Oracle and Security
• Oracle System Files
• Oracle Database Objects
• The Oracle Data Dictionary
• Default Roles and User Accounts
• Profiles, Passwords, and Synonyms

Part II: Implementing Security

• Developing a Database Security Plan
• Installing and Starting Oracle
• Developing a Simple Security Application
• Developing an Audit Plan
• Developing a Sample Audit Application
• Backing Up and Recovering a Database
• Using the Oracle Enterprise Manager
• Maintaining User Accounts

Part III: Enhanced Oracle Security

• Using the Oracle Security Server
• Using the Internet and the Web
• Using Extra-Cost Options

Appendix A. References

Editorial Reviews

About the Author

William Heney started working with version 2 of the Oracle database in 1980. After doing application development in FORTRAN and what then passed for "Forms," he began to specialize in DBA work. In the ensuing years he has worked for a wide variety of customers, many of whom wanted some form of access control implemented in the database. Some of the techniques acquired during these experiences are reflected in this book.

Marlene Theriault has over 14 years of experience as a database administrator, starting with version 2.0 of the Oracle RDBMS. She has presented papers at numerous conferences throughout the world, including various IOUG-A, DECUS, EOUG, and Oracle OpenWorld conferences. At the 1997 East Coast Oracle conference, Marlene tied for first place with Steven Feuerstein, receiving an "Outstanding Speaker" award. She also received the "Distinguished Speaker" award two years in a row at ECO-'95 and ECO-'96. Marlene's articles have appeared in Pinnacle Press' Oracle Developer magazine, IOUG-A's SELECT magazine, and many user group publications. Marlene reactivated the Mid-Atlantic Association of Oracle Professionals' Database Administration Special Interest Group and is the current chair of the MAOP DBA SIG. She authors an "Ask The DBA" column for the MAOP newsletter, and her articles and columns are available at http://www.maop.org/sig-dba/. For recreation, Marlene is an avid volksmarcher who has, with her significant other, Nelson Cahill, walked at least 6.2 miles in every one of the United States. She loves to travel and has been on numerous cruises. She can be reached via email at Marlene.Theriault@jhuapl.edu.

Product Details

• Paperback: 446 pages
• Publisher: O'Reilly Media; 1 Ed edition (December 1, 1998)
• Language: English
• ISBN-10: 1565924509
• ISBN-13: 978-1565924505
• Product Dimensions: 9.1 x 7.1 x 1.1 inches
• Shipping Weight: 1.6 pounds
• Average Customer Review: 3.0 out of 5 stars  See all reviews (6 customer reviews)
• Amazon Best Sellers Rank: #2,853,409 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

9 of 9 people found the following review helpful:

3.0 out of 5 stars disappointingly vague, but at par with my expectations, March 12, 1999

By 

Bruce D. Wilner "polymathic bibliophile" (Virginia, USA) - See all my reviews
(REAL NAME)   

This review is from: Oracle Security (Paperback)

A brief scan of one chapter told me all I needed to know about the authors' range and depth of knowledge. The use of views to restrict access to underlying tables was discussed without ever once stating clearly whether or not access to the underlying tables must be granted separately. The technique was also incorrectly and vaguely (but, as the authors state, "commonly") referred to as "row-level security," despite the fact that it can be used to restrict access to either columns (SELECT) or rows (WHERE) with equal facility. (A more professional term for the concept is "data-dependent" or "content-dependent" access control.) Only a few pages later, when discussing synonyms, the authors say, "...then grants access privileges to the synonym ..." A synonym is a passive entity that does not enjoy privileges. Rather, privileges are granted to users and roles BY MEANS OF the synonym. There is absolutely no room for such vague, paraprofessional handwaving or such freewheelingly inaccurate use of terminology in the database security sphere.

7 of 7 people found the following review helpful:

2.0 out of 5 stars time for a re-write, January 5, 2001

By 

robert j flaherty - See all my reviews

This review is from: Oracle Security (Paperback)

This book is ok as far as it goes,but it concentrates on the traditional aspects of database security; passwords, profiles, roles and privileges etc. As organisations move into web-enabling their databases, these security techniques are shown to be inadequate.

Oracle 8i has introduced a stack of new security features, which are not covered in this book, or given a very broad coverage. Issues such as LDAP(Oracle Internet Directory) Advanced Security (the old Advanced Networkiing Option) Schema-less logins, single sign on, preserving user identity, secure application roles and virtual private databases should be addressed to help DBA's and IT managers formulate and plan a security strategy for web-enabled/ multi-tier databases.

So the book as it stands is of limited usefulness. Unfortunately, there doesn't seem to be any other texts out there that cover these issues at the moment.

7 of 8 people found the following review helpful:

5.0 out of 5 stars The first and the best profound book on Oracle Security, February 17, 1999

By A Customer

This review is from: Oracle Security (Paperback)

We believe this book will be helpful for everyone who is responsible for Oracle Database or application security at all levels of expertise. This is the first comprehensive book on Oracle Security concepts, methods, and software. The authors are very experienced in Oracle in general (M. Theriault has more than14 years and W. Heney - more than 18 years of Oracle experience) and in implementing different Oracle security systems in particular. The book is written clearly and is well organized so that simple ideas are followed by more complex concepts. From my perspective, especially useful are such topics as the analysis of the Oracle Data Dictionary from the security point of view, their approach to Security Policy, Security Plan, and Audit Plan, as well as their methods and software for maintaining user accounts. Another important part of the book is the discussion of goals and core principles of building system security. The authors give a profound review of Oracle tools and methods, which can make security systems and applications more powerful and efficient. The authors' web site includes basic scripts, which were described and used in the book. Ilya Pliner