tailieunhanh - Applied Oracle Security: Developing Secure Database and Middleware Environments- P18

Applied Oracle Security: Developing Secure Database and Middleware Environments- P18:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 144 Part II Oracle Database Vault Data Definition Language Database structure related commands that typically have the form CREATE object type ALTER object type and DROP object type such as CREATE TABLE ALTER TABLE and DROP TABLE. This category also includes privilege-related commands such as GRANT and REVOKE auditing commands such as AUDIT and NOAUDIT and data table administration commands such as ANALYZE COMMENT FLASHBACK PURGE RENAME and TRUNCATE. System control Commands such as ALTER SYSTEM and ALTER DATABASE. Session control Commands such as ALTER SESSION and SET ROLE. Transaction control Commands such as COMMIT and ROLLBACK. SELECT and DML commands cannot use for both the object owner and object name and command rules for these commands cannot be applied for the SYS or DVSYS account. DBV does not offer command rules for transaction control commands as these commands are not security relevant nor do they operate on database objects. By security relevant we mean the commands do not change session user change the current user or give the session user any additional system or object privileges for the session. Command rules cannot be defined on the ALTER DATABASE or ALTER SESSION commands. The SET ROLE command is not directly supported but the DBV Secure Application Role feature offers a mechanism to control the activation of a database role with a DBV rule set providing the decision point. With the remaining command categories more than 100 distinct commands can be controlled by the security administrator with DBV command rules. DBV CONNECT Command Rule One of the most powerful command rules available controls when accounts that have been granted specific roles can establish connections to the database. This command rule uses a special DBV database operation named CONNECT that simply implies a command rule that authorizes a database connection once the standard authentication processing within Oracle has completed. Using this command rule we can offer higher .