tailieunhanh - Applied Oracle Security: Developing Secure Database and Middleware Environments- P33

Applied Oracle Security: Developing Secure Database and Middleware Environments- P33:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 294 Part II Oracle Database Vault OBJECTSCHEMA OE 1 row selected. OBJECTNAME CUSTOMERS Identify Realm Objects Based on Row-level Security Policy The existence of row-level security RLS policies on any tables in the database should also serve as an indicator that the table contains sensitive data. If a table is being protected by Oracle VPD policy or Oracle Label Security OLS policy creating DBV realms that protect these tables is also warranted. The following query will help identify those tables that are being protected by either an Oracle VPD policy or an Oracle OLS policy sys@aos -- allow LBACSYS to query the VPD configuration table sys@aos GRANT SELECT ON TO lbacsys sys@aos -- connect as LBACSYS to run the query sys@aos CONNECT lbacsys Enter password Connected. lbacsys oracle@aos SELECT VPD policy_type object_owner object_name FROM WHERE object_owner NOT IN XDB UNION SELECT OLS policy_type schema_name object_owner table_name object_name FROM ORDER BY 1 2 3 POL OBJECTOWNER OBJECTNAME OLS SH VPD OE VPD SH VPD SYSTEM CUSTOMERS PURCHASEORDER CUSTOMERS AUD 4 rows selected. lbacsys@aos -- revoke the previous grant used to enable the query lbacsys@aos CONNECT AS SYSDBA Connected. sys@aos REVOKE SELECT ON FROM lbacsys Revoke succeeded. The Oracle Sample Schemas are installed with a VPD policy on the table . Our example application does not access this table so it was not accessed when we generated the test workload used to populate our audit trail. The configuration queries exposed an additional security policy defined in the database and exposed another sensitive data object we need to account for in the candidate DBV policy. Chapter 7 Applied Database Vault for Existing Applications 295 Identify Roles to Protect as Realm In many database applications collections of database roles with direct object privileges are intended to be used to access or manipulate sensitive .