Database Security
CHAPTER 8
SQL Data Control Language
◦ SQL has an authorization sublanguage, Data Control Language, that includes statements to grant
privileges to and revoke privileges from users.
◦ A privilege is an action, such as creating, executing, reading, updating, or deleting, that a user is
permitted to perform on database objects.
◦ The UPDATE privilege can be made more restrictive by specifying a column list in parentheses after the
word UPDATE, restricting the user to updating only certain columns, as in:
GRANT UPDATE ON Student(major) TO U101
◦ The optional WITH GRANT OPTION clause gives the newly authorized user(s) permission to pass the
same privileges to others. For example, we could write:
GRANT SELECT, INSERT, UPDATE ON Student TO U101, U102, U103 WITH GRANT OPTION;
Users U101, U102, and U103 would then be permitted to write SQL SELECT, INSERT, and UPDATE
statements for the Student table, and to pass that permission on to other users.
Revoke
For example, for U101, to whom we previously granted SELECT, INSERT, and UPDATE on
Student with the grant option, we could remove some privileges by writing this:
REVOKE INSERT ON Student FROM U101;
This revokes U101’s ability both to insert Student records and to authorize others to insert
Student records. We can revoke just the grant option, without revoking the insert, by writing
this:
REVOKE GRANT OPTION FOR INSERT ON Student FROM U101;
Security in Oracle
Security Features
Security features include facilities for all the following activities:
◦ Management of user accounts. User accounts can be created, user rights defined, and
password and profile policies set up in several ways. Strong passwords can be
enforced. User views, user privileges, and roles can be used to limit user
access to data.
◦ Authentication of users can be performed for the database from the operating system
level and from a network.
◦ Application security policies can be set for all applications that access the
database.
◦ Privilege analysis allows the DBA to identify privileges that are being used,
track the source of the privileges, and identify privileges that are not being
used. This information can be used to tighten security.
◦ User session information for applications. Information such as the user name
and location can be gathered automatically and used to control the user’s access
through an application
o Virtual Private Database (VPD) is an additional level of security that can be used to
control access on the row and column level.
o Data redaction is a method of masking data at run time, when queries are executed.
Some or all of the characters are hidden or replaced in the results set. For example,
only the last four digits of a Social Security number or a credit card number may be
displayed. Redaction is often done to comply with regulations such as PCI DSS or SOX.
o Transparent sensitive data protection can be used as a method of identifying and
protecting all columns that hold sensitive data, even across several databases. Once
identified, the columns may be protected using VPD or data redaction.
o Network data encryption can be performed automatically or manually using the
DBMS_CRYPTO PL/SQL package. Oracle Net Services can be configured to provide data
encryption and integrity on servers and clients. Thin Java Database Connectivity (JDBC)
clients can be configured for secure connections to databases.
o Strong authentication. Available industry-standard authentication methods include
centralized authentication and single sign-on, Secure Sockets Layer (SSL), Remote
Authentication Dial-In User Service (RADIUS), and Kerberos
Security Tools
Oracle Database Configuration Assistant has options to create, configure, or
delete databases and other operations, including setting an audit policy.
Oracle Enterprise Manager is a Web-based facility that offers options for
granting and revoking privileges. The DBA has to log in initially using a privileged
account such as SYSTEM to the Oracle Database home page to access the
Enterprise Manager. To create user accounts from there, the DBA can choose the
Administration icon, then Users, then Create. The DBA fills in the new user name
and password, enters a temporary password, and can choose to have the
password expire immediately
Database Security and the Internet
A proxy server is a computer or program that acts as an intermediary
between a client and another server, handling messages in both
directions.
◦ When the client requests a service such as a connection or Web page, the proxy
evaluates it and determines whether it can fulfill the request itself.
◦ If not, it filters the request, perhaps altering it, and requests the service from the
server or other resource.
Database Security and the Internet
A firewall is a hardware and/or software barrier that is used to
protect an organization’s internal network (intranet) from
unauthorized access. Various techniques are used to ensure that
messages entering or leaving the intranet comply with the
organization’s standards.
◦ For example, a proxy server can be used to hide the actual network address.
◦ Another technique is a packet filter, which examines each packet of information before it
enters or leaves the intranet, making sure it complies with a set of rules.
◦ Various gateway techniques can apply security mechanisms to applications or connections
Database Security and the Internet
Digital signatures use a double form of public-key encryption to
create secure two-way communications that cannot be repudiated.
◦ A digital signature allows a user to verify the authenticity of the person
they are communicating with, and provides a means to prove that a
message must have come from that person and that it has not been
tampered with in transmission