tables or views, 8-2 procedures enhance, 4-25 resources, additional, 1-2 roles, advantages in application use, 5-3 See also security risks security alerts, 10-2 security patches about, 10-2 downloading, 10-2 security policies See Oracle Virtual Private Database, policies security risks ad hoc tools, 4-18 application users not being database users, 5-2 applications enforcing rather than database, 5-2 audit records being tampered with, 6-35 bad packets to server, 5-12 database version displaying, 5-13 encryption keys, users managing, 9-8 password files, 3-20 passwords exposed in large deployments, 3-12 privileges carelessly granted, 4-5 PUBLIC privilege, objects created with, 4-5 remote user impersonating another user, 4-16 server falsifying identities, 10-14 standard audit trail, protecting, 6-19 users with multiple roles, 5-7 SELECT ANY DICTIONARY privilege data dictionary, accessing, 10-8 exclusion from GRANT ALL PRIVILEGES privilege, 10-9 SELECT privilege SQL statements permitted, 5-11 SELECT_CATALOG_ROLE role about, 4-12 SYS schema objects, enabling access to, 4-4 sequences auditing, 6-27 server.key file pass phrase to read and parse, 10-15 service-oriented architecture (SOA) security enhancements for Oracle XML DB, xxvi SESSION_ROLES view queried from PL/SQL block, 4-8 sessions about, 6-31 auditing by, 6-16, 6-31 listing privilege domain of, 4-60 memory use, viewing, 2-16 time limits on, 2-9 when auditing options take effect, 6-13 SET ROLE statement application code, including in, 5-7 associating privileges with role, 5-7 disabling roles with, 4-43 enabling roles with, 4-43 equivalent to SET_ROLE, 5-7 how password is set, 4-14 when using operating-system roles, 4-42 SGA
Index-16
See System Global Area (SGA) Shared Global Area (SGA) See System Global Area (SGA) shared server limiting private SQL areas, 2-10 operating system role management restrictions, 4-42 SHOW PARAMETERS statement, 6-13 smart cards guidelines for security, 10-8 SOA See service-oriented architecture SQL statements audit options, 6-24 auditing about, 6-23 disabling, 6-24 enabling, 6-24 executions, 6-30 when records generated, 6-12 dynamic, 7-7 object privileges permitting in applications, 5-11 privileges required for, 4-21, 5-11 resource limits and, 2-9 restricting ad hoc use, 4-18 SQL*Net See Oracle Net SQL*Plus connecting with, 3-21 restricting ad hoc use, 4-18 statistics monitor, 2-10 SSL See Secure Sockets Layer standard audit trail activities always recorded, 6-13 archiving, 6-18 AUDIT SQL statement, 6-15 auditing standard audit trail, 6-19 controlling size of, 6-17 disabling, 6-13 enabling, 6-13 maximum size of, 6-18 NOAUDIT SQL statement, 6-17 operating system, 6-5 protecting, 6-19 records, archiving, 6-18 records, purging, 6-18 size, reducing, 6-19 transaction independence, 6-13 when created, 6-12 standard auditing about, 6-11 administrative users on all platforms, 6-33 administrators on UNIX systems, 6-35 archiving audit trail, 6-47 audit option levels, 6-15 audit trails database, 6-6 auditing default auditing, enabling, 6-10