tailieunhanh - Applied Oracle Security: Developing Secure Database and Middleware Environments- P32

Applied Oracle Security: Developing Secure Database and Middleware Environments- P32:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 284 Part II Oracle Database Vault If the operational DBA were to attempt to set one of these DBV SARs back on the database server the DBV rule set would return false and the attempt would be blocked based on the lack of a valid certificate for the session and because jean_oper_dba is not a sales department manager. jean_oper_dba@aos BEGIN SALES_WEB_SERVICE_APP_ROLE END BEGIN ERROR at line 1 ORA-47305 Rule Set violation on SET ROLE Can Set Sales Secure Application Role ORA-06512 at line 38 ORA-06512 at line 381 ORA-06512 at line 242 ORA-06512 at line 4 ORA-06512 at line 24 ORA-06512 at line 2 One final note on the use of DBV SARs follows from this final test. It is important that you ensure that the roles privileges and transactions you are attempting to protect with a DBV SAR cannot be accessed through some other means. Summary In this chapter we examined the detailed requirements for a new database application to introduce techniques and patterns for determining DBV security controls that could be applied to the design of the new application. The goal of this chapter was to help you increase the overall security posture of a new application by applying these techniques and patterns during the early stages of the development lifecycle no matter which software methodology your organization employs. It is important for you to focus on the key drivers of security for your enterprise and understand the penalty for not applying security. There is a cost for security there is a cost for not applying security and there is cost of not applying enough security. Applying security is a risk management process that must evaluate the cost and effort versus the risk of a security incident occurring. The costs of not applying security or enough of it can include the following Financial penalties Loss of credibility of the organization Personal .