Security Guide

Chia sẻ: Thu Xuan | Ngày: | Loại File: PDF | Số trang:424

0
46
lượt xem
5
download

Security Guide

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Part I presents fundamental concepts of data security requirements and threats that pertain to connecting to a database, accessing and altering tables, and using applications. In addition, security checklists are provided for DBAs and application developers, which cover installation preparation, database administration best practices, and recommendations for developing secure applications.

Chủ đề:
Lưu

Nội dung Text: Security Guide

  1. Oracle Database Security Guide 10g Release 1 (10.1) Part No. B10773-01 December 2003
  2. Oracle Database Security Guide, 10g Release 1 (10.1) Part No. B10773-01 Copyright © 2003 Oracle Corporation. All rights reserved. Primary Authors: Laurel P. Hale, Jeffrey Levinger Contributing Authors: Ruth Baylis, Michele Cyran, John Russell Graphic Designer: Valarie Moore The Programs (which include both the software and documentation) contain proprietary information of Oracle Corporation; they are provided under a license agreement containing restrictions on use and disclosure and are also protected by copyright, patent and other intellectual and industrial property laws. Reverse engineering, disassembly or decompilation of the Programs, except to the extent required to obtain interoperability with other independently created software or as specified by law, is prohibited. The information contained in this document is subject to change without notice. If you find any problems in the documentation, please report them to us in writing. Oracle Corporation does not warrant that this document is error-free. Except as may be expressly permitted in your license agreement for these Programs, no part of these Programs may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Oracle Corporation. If the Programs are delivered to the U.S. Government or anyone licensing or using the programs on behalf of the U.S. Government, the following notice is applicable: Restricted Rights Notice Programs delivered subject to the DOD FAR Supplement are "commercial computer software" and use, duplication, and disclosure of the Programs, including documentation, shall be subject to the licensing restrictions set forth in the applicable Oracle license agreement. Otherwise, Programs delivered subject to the Federal Acquisition Regulations are "restricted computer software" and use, duplication, and disclosure of the Programs shall be subject to the restrictions in FAR 52.227-19, Commercial Computer Software - Restricted Rights (June, 1987). Oracle Corporation, 500 Oracle Parkway, Redwood City, CA 94065. The Programs are not intended for use in any nuclear, aviation, mass transit, medical, or other inherently dangerous applications. It shall be the licensee's responsibility to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use of such applications if the Programs are used for such purposes, and Oracle Corporation disclaims liability for any damages caused by such use of the Programs. Oracle is a registered trademark, and Oracle Store, Oracle8i, Oracle9i, PL/SQL, SQL*Net, and SQL*Plus are trademarks or registered trademarks of Oracle Corporation. Other names may be trademarks of their respective owners.
  3. Contents List of Figures Tables Send Us Your Comments ................................................................................................................. xxi Preface........................................................................................................................................................ xxiii Audience ............................................................................................................................................. xxiv Organization....................................................................................................................................... xxiv Related Documentation ................................................................................................................... xxvii Conventions...................................................................................................................................... xxviii Documentation Accessibility .......................................................................................................... xxxii What's New in Oracle Database Security? ......................................................................... xxxv New Features in Virtual Private Database................................................................................... xxxvi New Features in Auditing ............................................................................................................. xxxvii New PL/SQL Encryption Package: DBMS_CRYPTO.............................................................. xxxviii Part I Overview of Security Considerations and Requirements 1 Security Requirements, Threats, and Concepts Identity Management: Security in Complex, High Volume Environments ............................ 1-4 Desired Benefits of Identity Management ................................................................................ 1-5 Components of Oracle's Identity Management Infrastructure.............................................. 1-6 iii
  4. 2 Security Checklists and Recommendations Physical Access Control Checklist................................................................................................... 2-2 Personnel Checklist ............................................................................................................................ 2-2 Secure Installation and Configuration Checklist ......................................................................... 2-3 Networking Security Checklists ...................................................................................................... 2-7 SSL (Secure Sockets Layer) Checklist......................................................................................... 2-7 Client Checklist ............................................................................................................................. 2-8 Listener Checklist.......................................................................................................................... 2-9 Network Checklist ........................................................................................................................ 2-9 3 Security Policies and Tips Introduction to Database Security Policies.................................................................................... 3-1 Security Threats and Countermeasures .................................................................................... 3-1 What Information Security Policies Can Cover ....................................................................... 3-2 Recommended Application Design Practices to Reduce Risk................................................... 3-4 Tip 1: Enable and Disable Roles Promptly......................................................................... 3-5 Tip 2: Encapsulate Privileges in Stored Procedures ......................................................... 3-6 Tip 3: Use Role Passwords Unknown to the User ............................................................ 3-7 Tip 4: Use Proxy Authentication and a Secure Application Role................................... 3-7 Tip 5: Use Secure Application Role to Verify IP Address ............................................... 3-8 Tip 6: Use Application Context and Fine-Grained Access Control................................ 3-9 Part II Security Features, Concepts, and Alternatives 4 Authentication Methods Authentication by the Operating System....................................................................................... 4-2 Authentication by the Network ....................................................................................................... 4-2 Authentication by the Secure Socket Layer Protocol............................................................... 4-3 Authentication Using Third-Party Services .............................................................................. 4-3 DCE Authentication .............................................................................................................. 4-4 Kerberos Authentication ...................................................................................................... 4-4 Public Key Infrastructure-Based Authentication.............................................................. 4-4 Authentication with RADIUS .............................................................................................. 4-6 Directory-based Services ...................................................................................................... 4-7 iv
  5. Authentication by the Oracle Database ......................................................................................... 4-8 Password Encryption While Connecting .................................................................................. 4-8 Account Locking........................................................................................................................... 4-9 Password Lifetime and Expiration............................................................................................. 4-9 Password History ......................................................................................................................... 4-9 Password Complexity Verification .......................................................................................... 4-10 Multitier Authentication and Authorization .............................................................................. 4-10 Clients, Application Servers, and Database Servers.............................................................. 4-11 Security Issues for Middle-Tier Applications......................................................................... 4-13 Identity Issues in a Multitier Environment............................................................................. 4-14 Restricted Privileges in a Multitier Environment .................................................................. 4-14 Client Privileges................................................................................................................... 4-14 Application Server Privileges ............................................................................................ 4-14 Authentication of Database Administrators ............................................................................... 4-14 5 Authorization: Privileges, Roles, Profiles, and Resource Limitations Introduction to Privileges ................................................................................................................. 5-2 System Privileges.......................................................................................................................... 5-3 Granting and Revoking System Privileges ........................................................................ 5-3 Who Can Grant or Revoke System Privileges? ................................................................. 5-4 Schema Object Privileges............................................................................................................. 5-4 Granting and Revoking Schema Object Privileges........................................................... 5-5 Who Can Grant Schema Object Privileges?....................................................................... 5-5 Using Privileges with Synonyms ........................................................................................ 5-6 Table Privileges............................................................................................................................. 5-6 Data Manipulation Language (DML) Operations ............................................................ 5-6 Data Definition Language (DDL) Operations ................................................................... 5-7 View Privileges ............................................................................................................................. 5-7 Privileges Required to Create Views .................................................................................. 5-8 Increasing Table Security with Views ................................................................................ 5-8 Procedure Privileges .................................................................................................................... 5-9 Procedure Execution and Security Domains................................................................... 5-10 System Privileges Needed to Create or Alter a Procedure............................................ 5-12 Packages and Package Objects .......................................................................................... 5-12 Type Privileges............................................................................................................................ 5-14 v
  6. System Privileges for Named Types................................................................................. 5-14 Object Privileges .................................................................................................................. 5-15 Method Execution Model ................................................................................................... 5-15 Privileges Required to Create Types and Tables Using Types ..................................... 5-15 Example of Privileges for Creating Types and Tables Using Types ............................ 5-16 Privileges on Type Access and Object Access ................................................................. 5-17 Type Dependencies ............................................................................................................. 5-19 Introduction to Roles........................................................................................................................ 5-19 Properties of Roles ...................................................................................................................... 5-20 Common Uses for Roles............................................................................................................. 5-21 Application Roles ................................................................................................................ 5-22 User Roles ............................................................................................................................. 5-22 Granting and Revoking Roles ................................................................................................... 5-22 Who Can Grant or Revoke Roles?..................................................................................... 5-23 Security Domains of Roles and Users ...................................................................................... 5-23 PL/SQL Blocks and Roles ......................................................................................................... 5-24 Named Blocks with Definer’s Rights................................................................................ 5-24 Anonymous Blocks with Invoker’s Rights ...................................................................... 5-24 Data Definition Language Statements and Roles................................................................... 5-24 Predefined Roles ......................................................................................................................... 5-26 The Operating System and Roles ............................................................................................. 5-26 Roles in a Distributed Environment......................................................................................... 5-26 Secure Application Roles ........................................................................................................... 5-27 Creation of Secure Application Roles ............................................................................... 5-27 User Resource Limits........................................................................................................................ 5-28 Types of System Resources and Limits ................................................................................... 5-29 Session Level ........................................................................................................................ 5-29 Call Level .............................................................................................................................. 5-30 CPU Time.............................................................................................................................. 5-30 Logical Reads ....................................................................................................................... 5-30 Limiting Other Resources................................................................................................... 5-30 Profiles................................................................................................................................................. 5-32 Determining Values for Resource Limits ......................................................................... 5-32 vi
  7. 6 Access Controls on Tables, Views, Synonyms, or Rows Introduction to Views ........................................................................................................................ 6-2 Fine-Grained Access Control............................................................................................................ 6-3 Dynamic Predicates...................................................................................................................... 6-5 Application Context ..................................................................................................................... 6-6 Dynamic Contexts ........................................................................................................................ 6-8 Security Followup: Auditing as well as Prevention .................................................................... 6-9 7 Security Policies System Security Policy....................................................................................................................... 7-1 Database User Management ....................................................................................................... 7-2 User Authentication ..................................................................................................................... 7-2 Operating System Security.......................................................................................................... 7-2 Data Security Policy ........................................................................................................................... 7-3 User Security Policy ........................................................................................................................... 7-4 General User Security .................................................................................................................. 7-4 Password Security ................................................................................................................. 7-4 Privilege Management.......................................................................................................... 7-5 End-User Security......................................................................................................................... 7-5 Using Roles for End-User Privilege Management............................................................ 7-5 Using a Directory Service for End-User Privilege Management.................................... 7-7 Administrator Security ................................................................................................................ 7-7 Protection for Connections as SYS and SYSTEM.............................................................. 7-7 Protection for Administrator Connections ........................................................................ 7-7 Using Roles for Administrator Privilege Management ................................................... 7-8 Application Developer Security ................................................................................................. 7-9 Application Developers and Their Privileges ................................................................... 7-9 The Application Developer's Environment: Test and Production Databases ............ 7-10 Free Versus Controlled Application Development ........................................................ 7-10 Roles and Privileges for Application Developers........................................................... 7-10 Space Restrictions Imposed on Application Developers............................................... 7-11 Application Administrator Security ........................................................................................ 7-11 Password Management Policy ....................................................................................................... 7-12 Account Locking......................................................................................................................... 7-12 Password Aging and Expiration .............................................................................................. 7-13 vii
  8. Password History ....................................................................................................................... 7-15 Password Complexity Verification .......................................................................................... 7-16 Password Verification Routine Formatting Guidelines................................................. 7-16 Sample Password Verification Routine............................................................................ 7-17 Auditing Policy.................................................................................................................................. 7-20 A Security Checklist ......................................................................................................................... 7-20 8 Database Auditing: Security Considerations Auditing Types and Records............................................................................................................. 8-2 Audit Records and the Audit Trails........................................................................................... 8-3 Database Audit Trail (DBA_AUDIT_TRAIL).................................................................... 8-4 Operating System Audit Trail ............................................................................................. 8-5 Operating System Audit Records........................................................................................ 8-6 Records Always in the Operating System Audit Trail..................................................... 8-7 When Are Audit Records Created?............................................................................................ 8-7 Statement Auditing ............................................................................................................................ 8-9 Privilege Auditing .............................................................................................................................. 8-9 Schema Object Auditing ................................................................................................................. 8-10 Schema Object Audit Options for Views, Procedures, and Other Elements ..................... 8-10 Focusing Statement, Privilege, and Schema Object Auditing ................................................. 8-12 Auditing Statement Executions: Successful, Unsuccessful, or Both.................................... 8-12 Number of Audit Records from Multiple Executions of a Statement................................. 8-13 BY SESSION ......................................................................................................................... 8-13 BY ACCESS........................................................................................................................... 8-14 Audit By User.............................................................................................................................. 8-15 Auditing in a Multitier Environment ........................................................................................... 8-15 Fine-Grained Auditing .................................................................................................................... 8-16 Part III Security Implementation, Configuration, and Administration 9 Administering Authentication User Authentication Methods .......................................................................................................... 9-1 Database Authentication ............................................................................................................. 9-1 Creating a User Who is Authenticated by the Database.................................................. 9-2 viii
  9. Advantages of Database Authentication ........................................................................... 9-3 External Authentication............................................................................................................... 9-3 Creating a User Who is Authenticated Externally ........................................................... 9-4 Operating System Authentication ...................................................................................... 9-4 Network Authentication ...................................................................................................... 9-5 Advantages of External Authentication............................................................................. 9-5 Global Authentication and Authorization................................................................................ 9-5 Creating a User Who is Authorized by a Directory Service ........................................... 9-6 Advantages of Global Authentication and Global Authorization ................................. 9-7 Proxy Authentication and Authorization ................................................................................. 9-8 Authorizing a Middle Tier to Proxy and Authenticate a User ....................................... 9-9 Authorizing a Middle Tier to Proxy a User Authenticated by Other Means ............... 9-9 10 Administering User Privileges, Roles, and Profiles Managing Oracle Users ................................................................................................................... 10-1 Creating Users............................................................................................................................. 10-2 Specifying a Name .............................................................................................................. 10-3 Setting a User's Authentication ......................................................................................... 10-3 Assigning a Default Tablespace ........................................................................................ 10-3 Assigning Tablespace Quotas............................................................................................ 10-4 Assigning a Temporary Tablespace.................................................................................. 10-5 Specifying a Profile.............................................................................................................. 10-6 Setting Default Roles........................................................................................................... 10-6 Altering Users ............................................................................................................................. 10-7 Changing a User's Authentication Mechanism .............................................................. 10-7 Changing a User's Default Roles....................................................................................... 10-8 Dropping Users........................................................................................................................... 10-8 Viewing Information About Database Users and Profiles ....................................................... 10-9 User and Profile Information in Data Dictionary Views ...................................................... 10-9 Listing All Users and Associated Information ..................................................................... 10-11 Listing All Tablespace Quotas ................................................................................................ 10-11 Listing All Profiles and Assigned Limits .............................................................................. 10-11 Viewing Memory Use for Each User Session ....................................................................... 10-12 Managing Resources with Profiles .............................................................................................. 10-13 Dropping Profiles ..................................................................................................................... 10-14 ix
  10. Understanding User Privileges and Roles ................................................................................. 10-15 System Privileges ...................................................................................................................... 10-15 Restricting System Privileges........................................................................................... 10-15 Accessing Objects in the SYS Schema............................................................................. 10-16 Object Privileges........................................................................................................................ 10-17 User Roles .................................................................................................................................. 10-18 Managing User Roles ..................................................................................................................... 10-20 Creating a Role .......................................................................................................................... 10-20 Specifying the Type of Role Authorization........................................................................... 10-21 Role Authorization by the Database............................................................................... 10-21 Role Authorization by an Application ........................................................................... 10-22 Role Authorization by an External Source..................................................................... 10-22 Role Authorization by an Enterprise Directory Service .............................................. 10-23 Dropping Roles ......................................................................................................................... 10-24 Granting User Privileges and Roles ............................................................................................ 10-24 Granting System Privileges and Roles................................................................................... 10-24 Granting the ADMIN OPTION ....................................................................................... 10-25 Creating a New User with the GRANT Statement....................................................... 10-26 Granting Object Privileges....................................................................................................... 10-26 Specifying the GRANT OPTION .................................................................................... 10-27 Granting Object Privileges on Behalf of the Object Owner ......................................... 10-27 Granting Privileges on Columns ..................................................................................... 10-29 Row-Level Access Control ............................................................................................... 10-29 Revoking User Privileges and Roles ........................................................................................... 10-29 Revoking System Privileges and Roles.................................................................................. 10-30 Revoking Object Privileges...................................................................................................... 10-30 Revoking Object Privileges on Behalf of the Object Owner ........................................ 10-31 Revoking Column-Selective Object Privileges .............................................................. 10-32 Revoking the REFERENCES Object Privilege............................................................... 10-32 Cascading Effects of Revoking Privileges ............................................................................. 10-32 System Privileges............................................................................................................... 10-33 Object Privileges ................................................................................................................ 10-33 Granting to and Revoking from the User Group PUBLIC ..................................................... 10-34 When Do Grants and Revokes Take Effect? .............................................................................. 10-35 The SET ROLE Statement ........................................................................................................ 10-35 x
  11. Specifying Default Roles.......................................................................................................... 10-35 Restricting the Number of Roles that a User Can Enable................................................... 10-36 Granting Roles Using the Operating System or Network ..................................................... 10-36 Using Operating System Role Identification ........................................................................ 10-37 Using Operating System Role Management ........................................................................ 10-39 Granting and Revoking Roles When OS_ROLES=TRUE ................................................... 10-39 Enabling and Disabling Roles When OS_ROLES=TRUE ................................................... 10-39 Using Network Connections with Operating System Role Management ....................... 10-40 Viewing Privilege and Role Information................................................................................... 10-40 Listing All System Privilege Grants....................................................................................... 10-42 Listing All Role Grants ............................................................................................................ 10-42 Listing Object Privileges Granted to a User.......................................................................... 10-42 Listing the Current Privilege Domain of Your Session....................................................... 10-43 Listing Roles of the Database.................................................................................................. 10-44 Listing Information About the Privilege Domains of Roles............................................... 10-44 11 Configuring and Administering Auditing Actions Audited by Default............................................................................................................ 11-1 Guidelines for Auditing.................................................................................................................. 11-2 Keep Audited Information Manageable ................................................................................. 11-3 Auditing Normal Database Activity........................................................................................ 11-3 Auditing Suspicious Database Activity .................................................................................. 11-4 Auditing Administrative Users ................................................................................................ 11-4 Using Triggers............................................................................................................................. 11-6 Decide Whether to Use the Database or Operating System Audit Trail ............................ 11-7 What Information is Contained in the Audit Trail?................................................................... 11-7 Database Audit Trail Contents ................................................................................................. 11-8 Audit Information Stored in an Operating System File........................................................ 11-9 Managing the Standard Audit Trail ............................................................................................ 11-10 Enabling and Disabling Standard Auditing ......................................................................... 11-10 Setting the AUDIT_TRAIL Initialization Parameter .................................................... 11-11 Setting the AUDIT_FILE_DEST Initialization Parameter ........................................... 11-12 Standard Auditing in a Multitier Environment ................................................................... 11-13 Setting Standard Auditing Options ....................................................................................... 11-13 Specifying Statement Auditing ....................................................................................... 11-15 xi
  12. Specifying Privilege Auditing.......................................................................................... 11-15 Specifying Object Auditing .............................................................................................. 11-16 Turning Off Standard Audit Options .................................................................................... 11-17 Turning Off Statement and Privilege Auditing ............................................................ 11-17 Turning Off Object Auditing .......................................................................................... 11-18 Controlling the Growth and Size of the Standard Audit Trail .......................................... 11-18 Purging Audit Records from the Audit Trail ................................................................ 11-19 Archiving Audit Trail Information ................................................................................. 11-20 Reducing the Size of the Audit Trail............................................................................... 11-20 Protecting the Standard Audit Trail....................................................................................... 11-21 Auditing the Standard Audit Trail......................................................................................... 11-21 Viewing Database Audit Trail Information............................................................................... 11-22 Audit Trail Views...................................................................................................................... 11-22 Using Audit Trail Views to Investigate Suspicious Activities ........................................... 11-23 Listing Active Statement Audit Options........................................................................ 11-25 Listing Active Privilege Audit Options.......................................................................... 11-25 Listing Active Object Audit Options for Specific Objects............................................ 11-25 Listing Default Object Audit Options............................................................................. 11-26 Listing Audit Records ....................................................................................................... 11-26 Listing Audit Records for the AUDIT SESSION Option ............................................. 11-26 Deleting the Audit Trail Views............................................................................................... 11-26 Example of Auditing Table SYS.AUD$ ................................................................................. 11-27 Fine-Grained Auditing .................................................................................................................. 11-29 Policies in Fine-Grained Auditing.......................................................................................... 11-30 Advantages of Fine-Grained Auditing over Triggers .................................................. 11-30 Extensible Interface Using Event Handler Functions .................................................. 11-31 Functions and Relevant Columns in Fine-Grained Auditing ..................................... 11-31 Audit Records in Fine-Grained Auditing ...................................................................... 11-32 NULL Audit Conditions................................................................................................... 11-32 Defining FGA Policies....................................................................................................... 11-32 An Added Benefit to Fine-Grained Auditing ....................................................................... 11-33 The DBMS_FGA Package ............................................................................................................. 11-35 ADD_POLICY Procedure ........................................................................................................ 11-35 Syntax .................................................................................................................................. 11-35 Parameters .......................................................................................................................... 11-36 xii
  13. Usage Notes........................................................................................................................ 11-36 DROP_POLICY Procedure...................................................................................................... 11-38 Syntax.................................................................................................................................. 11-38 Parameters .......................................................................................................................... 11-38 Usage Notes........................................................................................................................ 11-39 ENABLE_POLICY Procedure................................................................................................. 11-39 Syntax.................................................................................................................................. 11-39 Parameters .......................................................................................................................... 11-39 DISABLE_POLICY Procedure ................................................................................................ 11-39 Syntax.................................................................................................................................. 11-39 Parameters .......................................................................................................................... 11-40 12 Introducing Database Security for Application Developers About Application Security Policies............................................................................................. 12-2 Considerations for Using Application-Based Security ............................................................. 12-2 Are Application Users Also Database Users? ....................................................................... 12-2 Is Security Enforced in the Application or in the Database?................................................ 12-4 Managing Application Privileges.................................................................................................. 12-4 Creating Secure Application Roles ............................................................................................... 12-5 Example of Creating a Secure Application Role .................................................................... 12-6 Associating Privileges with the User's Database Role ............................................................. 12-8 Using the SET ROLE Statement................................................................................................ 12-9 Using the SET_ROLE Procedure .............................................................................................. 12-9 Examples of Assigning Roles with Static and Dynamic SQL ............................................ 12-10 Protecting Database Objects Through the Use of Schemas ................................................... 12-12 Unique Schemas........................................................................................................................ 12-12 Shared Schemas ........................................................................................................................ 12-13 Managing Object Privileges ........................................................................................................ 12-13 What Application Developers Need to Know About Object Privileges .......................... 12-13 SQL Statements Permitted by Object Privileges .................................................................. 12-15 13 Using Virtual Private Database to Implement Application Security Policies About Virtual Private Database, Fine-Grained Access Control, and Application Context 13-2 Introduction to VPD................................................................................................................... 13-2 Column-level VPD .............................................................................................................. 13-4 xiii
  14. Column-level VPD with Column Masking Behavior..................................................... 13-4 VPD Security Policies and Applications .......................................................................... 13-4 Introduction to Fine-Grained Access Control ............................................................................. 13-6 Features of Fine-Grained Access Control................................................................................ 13-6 Table-, View-, or Synonym-Based Security Policies ....................................................... 13-6 Multiple Policies for Each Table, View, or Synonym ..................................................... 13-7 Grouping of Security Policies ............................................................................................ 13-7 High Performance ............................................................................................................... 13-8 Default Security Policies ..................................................................................................... 13-8 About Creating a Virtual Private Database Policy with Oracle Policy Manager .............. 13-9 Introduction to Application Context........................................................................................... 13-10 Features of Application Context............................................................................................. 13-10 Specifying Attributes for Each Application................................................................... 13-10 Providing Access to Predefined Attributes through the USERENV Namespace .... 13-11 Externalized Application Contexts ................................................................................. 13-15 Ways to Use Application Context with Fine-Grained Access Control ............................. 13-16 Using Application Context as a Secure Data Cache ..................................................... 13-16 Using Application Context to Return a Specific Predicate (Security Policy)............ 13-16 Using Application Context to Provide Attributes Similar to Bind Variables in a Predicate .............................................................................................................................. 13-17 Introduction to Global Application Context ............................................................................. 13-17 Enforcing Application Security.................................................................................................... 13-18 Use of Ad Hoc Tools a Potential Security Problem ............................................................. 13-18 Restricting SQL*Plus Users from Using Database Roles ................................................... 13-19 Limit Roles Through PRODUCT_USER_PROFILE...................................................... 13-19 Use Stored Procedures to Encapsulate Business Logic................................................ 13-20 Use Virtual Private Database for Highest Security ...................................................... 13-20 Virtual Private Database and Oracle Label Security Exceptions and Exemptions ......... 13-20 User Models and Virtual Private Database................................................................................ 13-22 14 Implementing Application Context and Fine-Grained Access Control About Implementing Application Context.................................................................................. 14-2 How to Use Application Context ................................................................................................... 14-3 Task 1: Create a PL/SQL Package that Sets the Context for Your Application ................ 14-3 SYS_CONTEXT Example ................................................................................................... 14-3 xiv
  15. SYS_CONTEXT Syntax....................................................................................................... 14-4 Using Dynamic SQL with SYS_CONTEXT ..................................................................... 14-5 Using SYS_CONTEXT in a Parallel Query ...................................................................... 14-5 Using SYS_CONTEXT with Database Links ................................................................... 14-6 Task 2: Create a Unique Context and Associate It with the PL/SQL Package.................. 14-6 Task 3: Set the Context Before the User Retrieves Data........................................................ 14-7 Task 4. Use the Context in a VPD Policy Function ................................................................ 14-7 Examples: Application Context Within a Fine-Grained Access Control Function .............. 14-7 Example 1: Implementing the Policy ....................................................................................... 14-7 Step 1. Create a PL/SQL Package Which Sets the Context for the Application ........ 14-8 Step 2. Create an Application Context ............................................................................. 14-9 Step 3. Access the Application Context Inside the Package.......................................... 14-9 Step 4. Create the New Security Policy .......................................................................... 14-10 Example 2: Controlling User Access by Way of an Application ....................................... 14-11 Step 1. Create a PL/SQL Package to Set the Context................................................... 14-12 Step 2. Create the Context and Associate It with the Package.................................... 14-13 Step 3. Create the Initialization Script for the Application ......................................... 14-13 Example 3: Event Triggers, Application Context, Fine-Grained Access Control, and Encapsulation of Privileges ..................................................................................................... 14-13 Initializing Application Context Externally .............................................................................. 14-18 Obtaining Default Values from Users ................................................................................... 14-18 Obtaining Values from Other External Resources............................................................... 14-19 Initializing Application Context Globally ................................................................................ 14-19 Application Context Utilizing LDAP .................................................................................... 14-20 How Globally Initialized Application Context Works ....................................................... 14-22 Example: Initializing Application Context Globally ........................................................... 14-22 How to Use Global Application Context ................................................................................... 14-24 Using the DBMS_SESSION Interface to Manage Application Context in Client Sessions ..................................................................................................................................................... 14-25 Examples: Global Application Context ................................................................................. 14-25 Example 1: Global Application Context......................................................................... 14-25 Example 2: Global Application Context for Lightweight Users................................. 14-27 How Fine-Grained Access Control Works ................................................................................. 14-29 How to Establish Policy Groups.................................................................................................. 14-30 The Default Policy Group: SYS_DEFAULT.......................................................................... 14-30 New Policy Groups .................................................................................................................. 14-31 xv
  16. How to Implement Policy Groups ......................................................................................... 14-32 Step 1: Set Up a Driving Context..................................................................................... 14-32 Step 2: Add a Policy to the Default Policy Group......................................................... 14-33 Step 3: Add a Policy to the HR Policy Group................................................................ 14-33 Step 4: Add a Policy to the FINANCE Policy Group ................................................... 14-34 Validation of the Application Used to Connect ................................................................... 14-34 How to Add a Policy to a Table, View, or Synonym................................................................. 14-35 DBMS_RLS.ADD_POLICY Procedure Policy Types........................................................... 14-36 Optimizing Performance by Enabling Static and Context Sensitive Policies .................. 14-38 About Static Policies.......................................................................................................... 14-39 About Context Sensitive Policies..................................................................................... 14-39 Adding Policies for Column-Level VPD ............................................................................... 14-40 Default Behavior ................................................................................................................ 14-41 Column Masking Behavior .............................................................................................. 14-42 Enforcing VPD Policies on Specific SQL Statement Types................................................. 14-44 Enforcing Policies on Index Maintenance...................................................................... 14-44 How to Check for Policies Applied to a SQL Statement......................................................... 14-44 Users Who Are Exempt from VPD Policies ............................................................................... 14-45 SYS User Exempted from VPD Policies................................................................................. 14-45 EXEMPT ACCESS POLICY System Privilege ...................................................................... 14-46 Automatic Reparse.......................................................................................................................... 14-46 VPD Policies and Flashback Query............................................................................................. 14-47 15 Preserving User Identity in Multitiered Environments Security Challenges of Three-tier Computing ............................................................................ 15-2 Who Is the Real User? ................................................................................................................ 15-2 Does the Middle Tier Have Too Much Privilege?.................................................................. 15-2 How to Audit? Whom to Audit? .............................................................................................. 15-3 What Are the Authentication Requirements for Three-tier Systems? ................................ 15-3 Client to Middle Tier Authentication ............................................................................... 15-3 Middle Tier to Database Authentication.......................................................................... 15-3 Client Re-Authentication Through Middle Tier to Database........................................ 15-4 Oracle Database Solutions for Preserving User Identity .......................................................... 15-5 Proxy Authentication ................................................................................................................. 15-5 Passing Through the Identity of the Real User by Using Proxy Authentication ....... 15-5 xvi
  17. Limiting the Privilege of the Middle Tier ........................................................................ 15-7 Re-authenticating The User through the Middle Tier to the Database ....................... 15-8 Auditing Actions Taken on Behalf of the Real User .................................................... 15-10 Advantages of Proxy Authentication ............................................................................. 15-10 Client Identifiers ....................................................................................................................... 15-11 Support for Application User Models by Using Client Identifiers ............................ 15-11 Using the CLIENT_IDENTIFIER Attribute to Preserve User Identity...................... 15-12 Using CLIENT_IDENTIFIER Independent of Global Application Context ............. 15-12 16 Developing Applications Using Data Encryption Securing Sensitive Information ..................................................................................................... 16-2 Principles of Data Encryption ........................................................................................................ 16-3 Principle 1: Encryption Does Not Solve Access Control Problems..................................... 16-3 Principle 2: Encryption Does Not Protect Against a Malicious DBA ................................. 16-4 Principle 3: Encrypting Everything Does Not Make Data Secure ....................................... 16-5 Solutions For Stored Data Encryption in Oracle Database ...................................................... 16-6 Oracle Database Data Encryption Capabilities ...................................................................... 16-6 Data Encryption Challenges ........................................................................................................... 16-8 Encrypting Indexed Data .......................................................................................................... 16-9 Key Management........................................................................................................................ 16-9 Key Transmission ..................................................................................................................... 16-10 Key Storage................................................................................................................................ 16-10 Storing the Keys in the Database .................................................................................... 16-10 Storing the Keys in the Operating System..................................................................... 16-12 Users Managing Their Own Keys................................................................................... 16-12 Changing Encryption Keys ..................................................................................................... 16-12 Binary Large Objects (BLOBS) ................................................................................................ 16-13 Example of a Data Encryption PL/SQL Program ...................................................................... 16-13 Example of Encrypt/Decrypt Procedures for BLOB Data ....................................................... 16-15 Glossary Index xvii
  18. List of Figures 1–1 Realms Needing Protection in an Internet World ............................................................ 1-2 4–1 Oracle Public Key Infrastructure......................................................................................... 4-6 4–2 Multitier Authentication..................................................................................................... 4-13 4–3 Database Administrator Authentication Methods ......................................................... 4-15 5–1 Common Uses for Roles ..................................................................................................... 5-22 6–1 An Example of a View .......................................................................................................... 6-3 7–1 User Role................................................................................................................................. 7-6 7–2 Chronology of Password Lifetime and Grace Period .................................................... 7-14 14–1 Location of Application Context in LDAP Directory Information Tree (DIT) ......... 14-21 xviii
  19. List of Tables 1–1 Security Issues by Category ................................................................................................ 1-3 3–1 Issues and Actions for Policies to Address....................................................................... 3-2 3–2 References Terms and Chapters for Oracle Features and Products.............................. 3-4 5–1 System Privileges for Named Types................................................................................ 5-15 5–2 Privileges for Object Tables............................................................................................... 5-17 5–3 Topics and Sections in This Section ................................................................................. 5-20 6–1 Policy Types and Run-Time Efficiencies........................................................................... 6-9 7–1 Parameters Controlling Re-Use of an Old Password .................................................... 7-15 7–2 Default Accounts and Their Status (Standard Installation) ......................................... 7-22 8–1 Auditing Types and Descriptions ...................................................................................... 8-3 8–2 Columns Shown in the Database Audit Trail (DBA_AUDIT_TRAIL) ......................... 8-4 8–3 Auditing Actions Newly Enabled by Oracle Database 10g ......................................... 8-11 10–1 Predefined Roles............................................................................................................... 10-18 11–1 ADD_POLICY Procedure Parameters........................................................................... 11-36 11–2 DROP_POLICY Procedure Parameters......................................................................... 11-38 11–3 ENABLE_POLICY Procedure Parameters.................................................................... 11-39 11–4 DISABLE_POLICY Procedure Parameters................................................................... 11-40 12–1 How Privileges Relate to Schema Objects ..................................................................... 12-14 12–2 SQL Statements Permitted by Database Object Privileges......................................... 12-15 13–1 Key to Predefined Attributes in USERENV Namespace............................................ 13-12 14–1 Types of Application Contexts ......................................................................................... 14-2 14–2 DBMS_RLS Procedures ................................................................................................... 14-35 14–3 DBMS_RLS.ADD_POLICY Policy Types At a Glance................................................ 14-37 14–4 V$VPD_POLICY............................................................................................................... 14-45 16–1 DBMS_CRYPTO and DBMS_OBFUSCATION_TOOLKIT Feature Comparison..... 16-7 xix
  20. xx
Đồng bộ tài khoản