 |
|
Oracle Tips by Burleson |
Chapter 2 Introduction
to Oracle Security
Sessions per User - This limits the
number of sessions or connections to the database a named user can
maintain at any point in time. By limiting the number of sessions,
the chance that a malicious user may hack his or her way into the
database is reduced.
Connect Time – This limits the maximum
time a user can stay connected to the database. After this limit
expires, the sessions are automatically disconnected. If the
application is set up in such a way that the legitimate access
occurs only during certain time periods – the sessions can be forced
to disconnect automatically.
Idle Time – This limits the maximum time
a session can stay connected without doing anything. Typically,
hackers target the inactive sessions to gain access into the
database. By reducing the period of time an inactive session stays
connected, the probability of that session being a victim of abuse
is reduced.
Use profiles extensively to restrict
multiple logons, unneeded idle times, etc. to achieve the HIPAA
mandated security compliance.
Profiles and how to set them for security will
be described in detail in Chapter 4.
View-Based Security
Another way to hide the implementation of the
table structure is to create a view. Oracle views are like portals
or windows into the real table data. Perhaps it is better explained
through an example. Imagine the user selects the tables through the
following query
select
c.claim_id,
claim_amount,
The above text is
an excerpt from:
Oracle Privacy Security Auditing
The
Final Word on Oracle Security
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only $39.95 and has an
immediate download of working security scripts:
http://rampant-books.com/book_2003_2_audit.htm
|
Download your Oracle scripts now:
www.oracle-script.com
The
definitive Oracle Script collection for every Oracle professional DBA
|
|
