Oracle database security policy analysis of iii
- 2020-05-09 19:31:05
- OfStack
Data generation considerations should be based on the importance of the data. If the data is not important, the data security policy can be relaxed a bit. However, if the data is important, a prudent security policy should be in place to maintain effective control over access to data objects.
User security policy:
(1) the security of users
Security of the A password
If the user is through the database to confirm the user identity, then it is recommended to use password encryption to connect to the database.
This method is set as follows:
This is set in the client's oracle.ini file
The number ora_encrypt_login is true;
This is set in the server-side initORACLE_SID.ora file
The dbling_encypt_login parameter is true.
B permission management
For databases with many users, applications, and data objects, the convenience of the role mechanism should be fully utilized to effectively manage permissions. For complex system environments, roles can greatly simplify the management of permissions.
(2) end user security
You must develop security policies for end users. For example, for a large database with a large number of users, the security manager may decide to categorize user groups, create user roles for these user groups, grant the required permissions and application roles to each user role, and assign users corresponding user roles. Security managers must also explicitly grant users specific permission requirements when dealing with specific application requirements. You can use roles to manage permissions for end users.
Database administrator security policy:
(1) protect the connection of sys and system users. When the database is created, immediately change the password of sys and system users with administrative authority to prevent illegal users from accessing the database. When connected to the database as sys and system users, users have powerful permissions to change the database in a variety of ways.
(2) protect the connection between the administrator and the database
Only the database manager should be able to connect to the database with administrative permissions when performing operations with sysdba or startup, shutdown, and recover or database objects (such as create,drop, delete, etc.) without any restrictions.
(3) use the role to manage the authority of the manager
Security policies for application developers:
(1) application developers and their permission database application developers are the only 11 categories of database users that require special permission groups to do their work. Developers need system permissions such as createtable,createprocedure, etc. However, in order to limit developers' access to the database, only certain system permissions should be granted to developers.
(2) the environment of application developers
A developers should not compete with end users for database resources;
B developers must not compromise the database with other applications.
(3) free and controlled application development
Application developers have one of the following two rights:
A free development
Application developer allows you to create new schema objects, including table, index, procedure, package etc., it allows application developers to application independently of other objects.
B controlled development
Application developers are not allowed to create new schema objects. All required table,indes procedure,indes procedure, etc. are created by the database manager, which ensures that the database manager has complete control over the use of data space and access to database information. But sometimes application developers need a mix of the two.
(4) roles and permissions of application developers
The database security manager can create roles to manage the permission requirements of a typical application developer.
A create system permissions are often granted to application developers so that they can create their data objects.
B data object roles are rarely granted to roles used by application developers.
As a database security manager, you should specifically set the following limits for each application developer:
A developers can create table or index table Spaces;
B is the share of space owned by the developer per tablespace. Application manager security in a database system with many database applications, you may need an application manager who is responsible for the following tasks:
C creates roles for each application and manages roles for each application;
D creates and manages data objects used by database applications;
Maintain and update the application code and Oracle stored procedures and packages as needed.