没有合适的资源?快使用搜索试试~ 我知道了~
Oracle Database Security Guide 11g Release 2 (11.2)-444
需积分: 5 0 下载量 68 浏览量
2023-06-18
06:28:00
上传
评论
收藏 9.44MB PDF 举报
温馨提示
试读
444页
Oracle Database Security Guide 11g Release 2 (11.2)-444
资源推荐
资源详情
资源评论
Oracle® Database
Security Guide
11g Release 2 (11.2)
E36292-09
January 2017
Oracle Database Security Guide 11g Release 2 (11.2)
E36292-09
Copyright © 2006, 2017, Oracle and/or its affiliates. All rights reserved.
Primary Author: Patricia Huey
Contributors: Tammy Bednar, Naveen Gopal, Don Gosselin, Sumit Jeloka, Peter Knaggs, Sergei Kucherov,
Nina Lewis, Bryn Llewellyn, Rahil Mir, Narendra Manappa, Gopal Mulagund, Janaki Narasinghanallur,
Paul Needham, Deb Owens, Robert Pang, Preetam Ramakrishna, Vipin Samar, Digvijay Sirmukaddam,
Richard Smith, Sachin Sonawane, James Spiller, Ashwini Surpur, Srividya Tata, Kamal Tbeileh, Rodney
Ward, Daniel Wong
This software and related documentation are provided under a license agreement containing restrictions on
use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your
license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license,
transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse
engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is
prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If
you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it
on behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software,
any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users
are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and
agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and
adaptation of the programs, including any operating system, integrated software, any programs installed on
the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to
the programs. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management
applications. It is not developed or intended for use in any inherently dangerous applications, including
applications that may create a risk of personal injury. If you use this software or hardware in dangerous
applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other
measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages
caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of
their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks
are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD,
Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced
Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content,
products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and
expressly disclaim all warranties of any kind with respect to third-party content, products, and services
unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its
affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of
third-party content, products, or services, except as set forth in an applicable agreement between you and
Oracle.
iii
Contents
Preface ............................................................................................................................................................. xxiii
Audience................................................................................................................................................... xxiii
Documentation Accessibility................................................................................................................. xxiii
Related Documents ................................................................................................................................. xxiv
Conventions ............................................................................................................................................. xxiv
What's New in Oracle Database Security?................................................................................ xxv
Oracle Database 11g Release 2 (11.2.0.2) New Security Features..................................................... xxv
Oracle Database 11g Release 2 (11.2.0.1) New Security Features.................................................... xxvii
Oracle Database 11g Release 1 (11.1) New Security Features........................................................... xxxi
1 Introducing Oracle Database Security
About Oracle Database Security ........................................................................................................... 1-1
Additional Database Security Resources ............................................................................................ 1-2
2 Managing Security for Oracle Database Users
About User Security................................................................................................................................. 2-1
Creating User Accounts........................................................................................................................... 2-1
Creating a New User Account.......................................................................................................... 2-2
Specifying a User Name.................................................................................................................... 2-2
Assigning the User a Password........................................................................................................ 2-3
Assigning a Default Tablespace for the User................................................................................. 2-4
Assigning a Tablespace Quota for the User ................................................................................... 2-5
Restricting the Quota Limits for User Objects in a Tablespace............................................ 2-5
Granting Users the UNLIMITED TABLESPACE System Privilege ................................... 2-5
Assigning a Temporary Tablespace for the User .......................................................................... 2-6
Specifying a Profile for the User ...................................................................................................... 2-7
Setting a Default Role for the User .................................................................................................. 2-7
Altering User Accounts ........................................................................................................................... 2-7
About Altering User Accounts......................................................................................................... 2-7
Using the ALTER USER Statement to Alter a User Account....................................................... 2-8
Changing Non-SYS User Passwords............................................................................................... 2-8
Changing the SYS User Password................................................................................................... 2-9
Configuring User Resource Limits ....................................................................................................... 2-9
About User Resource Limits.......................................................................................................... 2-10
iv
Types of System Resources and Limits........................................................................................ 2-10
Limiting the User Session Level............................................................................................. 2-10
Limiting Database Call Levels ............................................................................................... 2-11
Limiting CPU Time.................................................................................................................. 2-11
Limiting Logical Reads ........................................................................................................... 2-11
Limiting Other Resources....................................................................................................... 2-11
Determining Values for Resource Limits of Profiles.................................................................. 2-12
Managing Resources with Profiles ............................................................................................... 2-12
Creating Profiles....................................................................................................................... 2-13
Dropping Profiles..................................................................................................................... 2-14
Deleting User Accounts........................................................................................................................ 2-14
Finding Information About Database Users and Profiles ............................................................ 2-15
Using Data Dictionary Views to Find Information About Users and Profiles....................... 2-15
Listing All Users and Associated Information............................................................................ 2-16
Listing All Tablespace Quotas....................................................................................................... 2-17
Listing All Profiles and Assigned Limits..................................................................................... 2-17
Viewing Memory Use for Each User Session.............................................................................. 2-18
3 Configuring Authentication
About Authentication.............................................................................................................................. 3-1
Configuring Password Protection......................................................................................................... 3-1
What Are the Oracle Database Built-in Password Protections?.................................................. 3-2
Minimum Requirements for Passwords......................................................................................... 3-3
Using a Password Management Policy........................................................................................... 3-3
About Managing Passwords ..................................................................................................... 3-4
Finding User Accounts That Have Default Passwords......................................................... 3-4
Configuring Password Settings in the Default Profile .......................................................... 3-4
Disabling and Enabling the Default Password Security Settings........................................ 3-6
Automatically Locking a User Account After a Failed Login .............................................. 3-6
Controlling User Ability to Reuse Previous Passwords........................................................ 3-7
Controlling Password Aging and Expiration ......................................................................... 3-8
Password Change Life Cycle..................................................................................................... 3-9
Setting the PASSWORD_LIFE_TIME Profile Parameter to a Low Value........................ 3-10
Enforcing Password Complexity Verification ..................................................................... 3-11
Enabling or Disabling Password Case Sensitivity .............................................................. 3-13
Ensuring Against Password Security Threats by Using the SHA-1 Hashing Algorithm..... 3-15
Managing the Secure External Password Store for Password Credentials ............................ 3-16
About the Secure External Password Store.......................................................................... 3-17
How Does the External Password Store Work? .................................................................. 3-17
Configuring Clients to Use the External Password Store .................................................. 3-18
Managing External Password Store Credentials................................................................. 3-20
Authenticating Database Administrators......................................................................................... 3-22
Strong Authentication and Centralized Management for Database Administrators ........... 3-22
Configuring Directory Authentication for Administrative Users .................................... 3-22
Configuring Kerberos Authentication for Administrative Users..................................... 3-23
Configuring Secure Sockets Layer Authentication for Administrative Users................ 3-24
Authenticating Database Administrators by Using the Operating System ........................... 3-25
v
Authenticating Database Administrators by Using Their Passwords .................................... 3-25
Using the Database to Authenticate Users ....................................................................................... 3-26
About Database Authentication.................................................................................................... 3-26
Advantages of Database Authentication..................................................................................... 3-26
Creating a User Who Is Authenticated by the Database........................................................... 3-27
Using the Operating System to Authenticate Users....................................................................... 3-27
Using the Network to Authenticate Users........................................................................................ 3-28
Authentication Using Secure Sockets Layer ............................................................................... 3-28
Authentication Using Third-Party Services ................................................................................ 3-28
Configuring Global User Authentication and Authorization...................................................... 3-30
Creating a User Who Is Authorized by a Directory Service..................................................... 3-31
Creating a Global User Who Has a Private Schema ........................................................... 3-31
Creating Multiple Enterprise Users Who Share Schemas.................................................. 3-31
Advantages of Global Authentication and Global Authorization........................................... 3-31
Configuring an External Service to Authenticate Users and Passwords.................................... 3-32
About External Authentication..................................................................................................... 3-32
Advantages of External Authentication ...................................................................................... 3-33
Creating a User Who Is Authenticated Externally..................................................................... 3-33
Authenticating User Logins Using the Operating System........................................................ 3-34
Authentication User Logins Using Network Authentication................................................... 3-34
Using Multitier Authentication and Authorization ....................................................................... 3-34
Administration and Security in Clients, Application Servers, and Database Servers .......... 3-35
Preserving User Identity in Multitiered Environments................................................................. 3-36
Using a Middle Tier Server for Proxy Authentication............................................................... 3-36
About Proxy Authentication .................................................................................................. 3-36
Advantages of Proxy Authentication.................................................................................... 3-37
Who Can Create Proxy User Accounts?............................................................................... 3-38
Creating Proxy User Accounts and Authorizing Users to Connect Through Them ..... 3-38
Using Proxy Authentication with the Secure External Password Store .......................... 3-40
Passing Through the Identity of the Real User by Using Proxy Authentication............ 3-40
Limiting the Privilege of the Middle Tier............................................................................. 3-41
Authorizing a Middle Tier to Proxy and Authenticate a User.......................................... 3-42
Authorizing a Middle Tier to Proxy a User Authenticated by Other Means.................. 3-42
Reauthenticating the User Through the Middle Tier to the Database ............................. 3-43
Using Client Identifiers to Identify Application Users Not Known to the Database............ 3-44
About Client Identifiers .......................................................................................................... 3-44
How Client Identifiers Work in Middle Tier Systems........................................................ 3-44
Using the CLIENT_IDENTIFIER Attribute to Preserve User Identity ............................ 3-45
Using CLIENT_IDENTIFIER Independent of Global Application Context ................... 3-45
Using the DBMS_SESSION PL/SQL Package to Set and Clear the Client Identifier.... 3-46
Finding Information About User Authentication........................................................................... 3-47
4 Configuring Privilege and Role Authorization
About Privileges and Roles.................................................................................................................... 4-1
Who Should Be Granted Privileges? .................................................................................................... 4-2
Granting the SYSDBA and SYSOPER Administrative Privileges to Users ................................. 4-2
Managing System Privileges.................................................................................................................. 4-2
剩余443页未读,继续阅读
资源评论
weixin_40191861_zj
- 粉丝: 64
- 资源: 1万+
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功