Security, Policies and Tips - Part 6

Dear Readers,

My name is Franz Devantier, creator of this blog.  I am an Oracle Certified Professional (OCP DBA 11g) Security DBA.  I will be sharing with you the basic duties of an Oracle DBA, and also some of the undocumented, and not so well known tasks. 

Security, Policies and Tips  -  Part 6

 Encapsulate Privileges in Stored Procedures

Restrict or prevent ad hoc query tools from using or exercising application privileges.  You can do this by encapsulating these privileges into stored procedures.

You can grant users execute privileges on these procedures.  This way you avoid having to grant the privileges directly to the users.  In this way the privileges can’t be used outside of the appropriate procedure.

This will force users to exercise privileges only in the context of well-formed business applications, even if they are using an ad-hoc query tool.  You could for example only allow a user to update a table by executing  a stored procedure, instead of updating the table directly.  In this way the update is controlled, and inappropriate updates are not allowed by the procedure.  In this way you will effectively prevent the user from selecting and updating certain tables outside of the application.

Franz Devantier,

Need a database health check, or a security audit?

devantierf@gmail.com

Income stabilizer (win-win opportunity)

Join the carefully selected and tested cash-flow generating program below to potentially create a long-term residual or annuity type income enhancer for yourself.

Traffic Wave - Free Report:  The report will give you all the information you need to start making a nice long-term residual income stream for yourself.