1 Introducing Oracle Database Security

This chapter contains:

About Oracle Database Security

You can use the default Oracle Database features to configure security in the following areas for your Oracle Database installation:

  • User accounts. When you create user accounts, you can secure them in a variety of ways. You can also create password profiles to better secure password policies for your site. Chapter 2, "Managing Security for Oracle Database Users" describes how to manage user accounts.

  • Authentication methods. Oracle Database provides several ways to configure authentication for users and database administrators. For example, you can authenticate users on the database level, from the operating system, and on the network. Chapter 3, "Configuring Authentication" describes how authentication in Oracle Database works.

  • Privileges and roles. You can use privileges and roles to restrict user access to data. Appendix P, "Configuring Privilege and Role Authorization" describes how to create and manage user privileges and roles.

  • Application security. The first step to creating a database application is to ensure that it is properly secure. Appendix P, "Managing Security for Application Developers" discusses how to incorporate application security into your application security policies.

  • User session information using application context. An application context is a name-value pair that holds the session information. You can retrieve session information about a user, such as the user name or terminal, and restrict database and application access for that user based on this information. Chapter 6, "Using Application Contexts to Retrieve User Information" describes how to use application context.

  • Database access on the row and column level using Virtual Private Database. A Virtual Private Database policy dynamically imbeds a WHERE predicate into SQL statements the user issues. Chapter 7, "Using Oracle Virtual Private Database to Control Data Access" describes how to create and manage Virtual Private Database policies.

  • Encryption. You can disguise data on the network to prevent unauthorized access to that data. Appendix P, "Developing Applications Using the Data Encryption API" explains how to use the DBMS_CRYPTO and PL/SQL package to encrypt data.

  • Auditing database activities. You can audit database activities in general terms, such as auditing all SQL statements, SQL privileges, schema objects, and network activity. Or, you can audit in a granular manner, such as when the IP addresses from outside the corporate network is being used. This chapter also explains how to purge the database audit trail. Appendix P, "Verifying Security Access with Auditing" describes how to enable and configure database auditing.

In addition, Chapter 10, "Keeping Your Oracle Database Secure" provides guidelines that you should follow when you secure your Oracle Database installation.

Additional Database Security Resources

In addition to the security resources described in this guide, Oracle Database provides the following database security products:

  • Advanced security features. See Oracle Database Advanced Security Administrator's Guide for information about advanced features such as transparent data encryption, wallet management, network encryption, and the RADIUS, Kerberos, Secure Sockets Layer authentication.

  • Oracle Label Security. Oracle Label Security secures database tables at the row level, allowing you to filter user access to row data based on privileges. See Oracle Label Security Administrator's Guide for detailed information about Oracle Label Security.

  • Oracle Database Vault. Oracle Database Vault provides fine-grained access control to your sensitive data, including protecting data from privileged users. Oracle Database Vault Administrator's Guide describes how to use Oracle Database Vault.

  • Oracle Audit Vault. Oracle Audit Vault collects database audit data from sources such as Oracle Database audit trail tables, database operating system audit files, and database redo logs. Using Oracle Audit Vault, you can create alerts on suspicious activities, and create reports on the history of privileged user changes, schema modifications, and even data-level access. Oracle Audit Vault Administrator's Guide explains how to administer Oracle Audit Vault.

  • Oracle Enterprise User Security. Oracle Enterprise User Security enables you to manage user security at the enterprise level. Oracle Database Enterprise User Security Administrator's Guide explains how to configure Oracle Enterprise User Security.

In addition to these products, you can find the latest information about Oracle Database security, such as new products and important information about security patches and alerts, by visiting the Security Technology Center on Oracle Technology Network at

http://www.oracle.com/technetwork/topics/security/whatsnew/index.html">>http://www.oracle.com/technetwork/topics/security/whatsnew/index.html