Dear Readers,
My name is Franz Devantier, creator of this blog. I am an Oracle Certified
Professional (OCP DBA 11g) Security DBA.
I will be sharing with you the basic duties of an Oracle DBA, and also
some of the undocumented, and not so well known tasks.
Security, New Features 10.2
New
Features in Oracle Database Server 10.2
New
Features in Virtual Private Database (VPD)
You can now drill down to the column level in VPD, and employ
column-masking. Column-Level VPD,
provides a finer-grained access control on your data.
If a user has privileges on a table, then VPD can limit the individual
rows returned, only if the columns have sensitive information in them, such as
salary information, and Identity Number Information.
Column-level VPD, restricts the number of rows returned from a query,
based on the sensitive data in certain columns.
Column masking on the other hand will return all rows from the select
statement, but the columns containing the sensitive data will be returned as
NULL values. Column masking provides the
balance between returning all the data requested, whilst maintaining data
privacy.
·
Static and context-sensitive policy types optimize
VPD for significant performance improvements.
This is because the policy function does not execute for every SQL
query. Static policies will maintain the
same predicate for selects, updates, inserts and deletes within the confines of
a session. Application context attributes,
such as SYSDATE, can change the value returned by the predicate. With Context-sensitive policies, the
predicate can change after statement parse time. VPD will reexecute the policy function, only
if the application context changes.
Static and Context-Sensitive policies can be shared across multiple
database objects, which means that queries on another database object, can use
the same cached predicate, within the same session. Shared policies further decrease the overhead
of re-executing policy functions for every query.
·
Application context support for parallel
queries. If you use SYS_CONTEXT inside a
SQL function that is part of a parallel query, then the AQL Function picks up
the application context.
New Features in Auditing in 10.2
·
Improved
Fine Grained Auditing. You can now
redirect FGA records to a XML format file.
·
V$xml_audit_trail,
allows you to query audit records saved on the OS through a SQL Query.
·
Syslog
audit records: Audit records can be
written to the OS using the syslog audit trail.
Using syslog provides a measure of protection against a DBA or power
administrator from modifying or deleting audit records.
·
DBA_COMMON_AUDIT_TRAIL,
provides a uniform audit trail, which presents both the fine-grained and the
standard audit log records in a single view.
New PL/SQL Encryption Package: DBMS_CRYPTO
Dbms_crypto replaces
dbms_obfuscation_toolkit. Dbms_crypto is
easier to use, and supports a range of algorithms in order to accommodate new
and existing systems.
Dbms_crypto can be
used together with PL/SQL programs running network communications, or to
encrypt sensitive stored data.
Dbms_crypto provides
support,
-> For Encryption
algorithms:
·
AES
·
Triple
DES (112 and 168 bits)
·
DES
·
RC4
-> Cryptographic
has algorithms, for example SHA-1
-> Keyed hash -
Message Authentication Code (MAC) for example SHA-1
-> Padding forms
(PKCS #5, zeroes)
-> Block cipher
chaining mode modifiers (CBC, CFB, ECB, OFB)
Franz Devantier,
Need a database health check, or a security audit?
devantierf@gmail.com
Income stabilizer (win-win opportunity)
Join the carefully selected and tested cash-flow generating
program below to potentially create a long-term residual or annuity type income
enhancer for yourself.
|
Traffic Wave - Free Report: The report will
give you all the information you need to start making a nice long-term residual
income stream for yourself.
|
No comments:
Post a Comment