Customer Reviews

Oracle Security

5 star:		(2)
4 star:		(0)
3 star:		(1)
2 star:		(2)
1 star:		(1)

 

 

A brief scan of one chapter told me all I needed to know about the authors' range and depth of knowledge. The use of views to restrict access to underlying tables was discussed without ever once stating clearly whether or not access to the underlying tables must be granted separately. The technique was also incorrectly and vaguely (but, as the authors state, "commonly") referred to as "row-level security," despite the fact that it can be used to restrict access to either columns (SELECT) or rows (WHERE) with equal facility. (A more professional term for the concept is "data-dependent" or "content-dependent" access control.) Only a few pages later, when discussing synonyms, the authors say, "...then grants access privileges to the synonym ..." A synonym is a passive entity that does not enjoy privileges. Rather, privileges are granted to users and roles BY MEANS OF the synonym. There is absolutely no room for such vague, paraprofessional handwaving or such freewheelingly inaccurate use of terminology in the database security sphere.

This book is ok as far as it goes,but it concentrates on the traditional aspects of database security; passwords, profiles, roles and privileges etc. As organisations move into web-enabling their databases, these security techniques are shown to be inadequate.

Oracle 8i has introduced a stack of new security features, which are not covered in this book, or given a very broad coverage. Issues such as LDAP(Oracle Internet Directory) Advanced Security (the old Advanced Networkiing Option) Schema-less logins, single sign on, preserving user identity, secure application roles and virtual private databases should be addressed to help DBA's and IT managers formulate and plan a security strategy for web-enabled/ multi-tier databases.

So the book as it stands is of limited usefulness. Unfortunately, there doesn't seem to be any other texts out there that cover these issues at the moment.

We believe this book will be helpful for everyone who is responsible for Oracle Database or application security at all levels of expertise. This is the first comprehensive book on Oracle Security concepts, methods, and software. The authors are very experienced in Oracle in general (M. Theriault has more than14 years and W. Heney - more than 18 years of Oracle experience) and in implementing different Oracle security systems in particular. The book is written clearly and is well organized so that simple ideas are followed by more complex concepts. From my perspective, especially useful are such topics as the analysis of the Oracle Data Dictionary from the security point of view, their approach to Security Policy, Security Plan, and Audit Plan, as well as their methods and software for maintaining user accounts. Another important part of the book is the discussion of goals and core principles of building system security. The authors give a profound review of Oracle tools and methods, which can make security systems and applications more powerful and efficient. The authors' web site includes basic scripts, which were described and used in the book. Ilya Pliner

Too vague and full of incoherent theory. This book does not give any practical advice and simply talks about some basic security techniques. Not enough technical depth for implementing any meaningful security.

Good book but now sort of out of date given that Oracle is long past 8.0.4 that this book covers. No discussion concerning 8i and 9i. Needs an update - why hasn't O'Rielly done it yet?

I highly recommend this book to any professional interested in implementing or improving security within their database system. Ms Theriault and Mr Heney should be commended for their comprehensive and common sense approach to Oracle Security. There has never been a research and tool for implementing Oracle Security. This book provides not only the experienced Oracle DBA with tips and reasoning for implementing a security structure within a database, but it also offers the beginner and journeyman computer specialist with the functions of security. The book touches on many topics that are essential to maintaining any computer system. It details the reasoning behind what happens when you do a certain function and you run into problems.