Download Oracle Database Security (from the Application Perspective

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
Document related concepts

Extensible Storage Engine wikipedia , lookup

Concurrency control wikipedia , lookup

Entity–attribute–value model wikipedia , lookup

Microsoft SQL Server wikipedia , lookup

Database wikipedia , lookup

Microsoft Jet Database Engine wikipedia , lookup

Open Database Connectivity wikipedia , lookup

Relational model wikipedia , lookup

Clusterpoint wikipedia , lookup

Database model wikipedia , lookup

PL/SQL wikipedia , lookup

Versant Object Database wikipedia , lookup

Oracle Database wikipedia , lookup

Transcript 
Oracle Database
Security
…from the application perspective
Martin Nystrom
September 2003
Purpose
 In
scope: application security of Oracle
databases
 Out
of scope: system security of Oracle
databases
Agenda
 Oracle


architecture
System architecture
Network architecture
 Common
Oracle objects
 Schema/object security
 Java security
 Application integration techniques
 Current challenges at Cisco
Grossly oversimplified Oracle
network architecture
Client host
Oracle
client
software
ONS server
ONS query
Oracle
1526 Names
service
SQL*Net (Net8)
1521
(ADDRESS=(PROTOCOL=TCP)
(HOST=db.company.com)
(PORT=1521))
Database server
TNS
Listener
Database
Oracle architecture
Oracle networking example
fields-sj-1
ons-sj
Oracle
client
software
ONS query
Oracle
1526 Names
service
1521
(ADDRESS=(PROTOCOL=TCP)
(HOST=cmrsdb.cisco.com)
(PORT=1521))
cmrsdb
TNS
Listener
cmrs
Oracle architecture
Simplified Oracle
Network Architecture w/OCM
Host #1
Oracle
client
software
Host #2
Oracle
client
software
OCM Server
1521
TNS
Listener
Allowed
Host #1
Host #2
rejected
rejected 1521
Database server
TNS
Listener
Host #3
Oracle
client
software
Oracle architecture
Database
SQL*Net
 Introduced
in Oracle V5
 Renamed “Net8” in Oracle8
 Supports multiple protocols (TCP/IP,
DECnet, SPX/IPX, etc.)
Oracle architecture
Authentication & credentials
 Can





be…
OS authentication
Userid/password
X.509 certificates
Smart card
Etc.
 Stored


in Oracle
As MD5 hash
…not so for dblinks or FND_USERS
Oracle architecture
Authentication & credentials (cont.)

Transport encryption




DES encryption of db-selected random number
w/user’s password hash
OS-integrated authentication available too
Password changes travel unencrypted
Password management features available




Aging & expiration
History (e.g., can prohibit reuse of last 3 passwords)
Composition & complexity (e.g., require letters +
numbers)
Account lockout
Common Oracle objects
Database instance
schema
stored
procedure
schema
view
function
table
table
trigger
index
Public area
synonym
Oracle object security
grant select on
EMPLOYEES to ASOK;
orders
candidates
customers
employees
asok’s schema
alice’s schema
all_users
Public objects
Oracle role-based security
grant all privileges
on EMPLOYEES to role
HR_STEWARD;
hr_steward
grant HR_STEWARD to
CATBERT;
DBA
candidates
employees
hrdata schema
Database links
Create database link EMPLINK
connect to DOGBERT identified
by CISCO123 using HR_DB;
ECOMMERCE_DB
orders
HR_DB
employees
EMPLINK
dogbert’s schema
dogbert’s schema
Java security in Oracle
• System classes loaded by default, accessible & shared by all sessions
com.cisco.ipc.*
wally session
java.*
com.cisco.myapp.calc
dilbert session
oracle.aurora.*
Java server classes (common, read-only)
oracle.jdbc.*
Java security in Oracle


System classes loaded in shared area
Users can load classes



Into their own schema/session
Can grant execution rights to other users
Permissions



Stored in Oracle objects, not files
Stored in PolicyTable table
Granted by DBA or JAVA_ADMIN roles
• “call dbms_java.grant_permission(
“mnystrom”,
“java.util.SocketPermission”,
“localhost:1024-”,
“connect”)

2 privilege models


Invoker’s rights
Definer’s rights (setuid)
Invoker’s rights
com.cisco.myapp.calc
com.cisco.ipc.*
salary
dogbert’s schema
salary
alice’s schema
Definer’s rights
com.cisco.myapp.calc
com.cisco.ipc.*
salary
dogbert’s schema
salary
alice’s schema
Access beyond the database



Languages: PL/SQL or Java
Techniques: Stored procs or functions
Examples




Execute, read, write local files
Make and receive network calls (HTTP, MMX, etc.)
Access data in remote databases
Send mail
Database server
Database
/oracle/apps/
Auditing
 Obviously
impacts database performance
 Writes high-level info to a common table




Database user
Object (table, role, etc.)
Action (select, insert, etc.)
Date/time
 Currently
enabled on-request to DBA team
 Difficult to trace actions to a live human

Can correlate with IP address
Common integration techniques
 Shared
database schemas
 Separate schemas/dbs


Grant direct access to each other’s schemas
Grant only stored proc access
Typical modern application
application
orders
application schema
customers
Shared schemas
Application
#1
select
insert
update
Application
#2
select
orders
customers
application #2’s schema
insert
update
delete
select
grant
Shared objects
Application
#1
select
insert
update
orders
Application #1’s schema
Application
#2
select
insert
update
delete
select
grant
customers
Application #2’s schema
Shared, protected objects
Application
#1
select
insert
update
orders
Application #1’s schema
Application
#2
insert
update
delete
select
grant
execute
stored
procedure
customers
Application #2’s schema
Application-level integration
Application
#1
select
insert
update
•Shared libraries
•MMX
•Web services
•IIOP
Application
#2
insert
update
delete
select
grant
orders
customers
Application #1’s schema
Application #2’s schema
Current problems in industry
 Account


management
Passwords never changed
Accounts/passwords widely known
• All developers
• cgi-bin trees
• CVS source repositories
 Privileges
too broad
 No data stewardship
 No segregation/special protection for sensitive
data
Related documents
Big Data Gives Artificial Intelligence Something to Think About
Big Data Gives Artificial Intelligence Something to Think About
Slide 1
Slide 1
Often times developers will use a simple, single
Often times developers will use a simple, single
IMS Maxims – Multinational Company
IMS Maxims – Multinational Company
Database Administrator
Database Administrator
How to export-import Oracle data Usually, the backup function for
How to export-import Oracle data Usually, the backup function for
Info
Info
post conditional offer contingencies
post conditional offer contingencies
Oracle Application Express
Oracle Application Express
Introduction to Databases
Introduction to Databases
Oracle vs. SQL Server
Oracle vs. SQL Server