Security and Identity Management for Oracle database 10g

Source: Internet
Author: User
Tags file system oid database ssl certificate oracle database

Security and Identity Management for Oracle database 10g

Author: Michael Miley

Oracle Database 10g provides a secure, scalable foundation for Oracle Identity Management. The Oracle Internet directory (OID) is implemented as an application running on the Oracle database 10g, enabling OIDs to support a number of T-byte directory information on a single server or on each node in a grid. Oracle database 10g protects raw data with powerful features such as virtual private databases. Important database security features include:

  Enterprise user security. Oracle Database 10g Enterprise user security features, which cover enterprise access rights management and sharing patterns (schemas), allow each user access to data, and support centralized user management in an Oracle Internet directory. User rights (represented by roles) and object constraints (reflected by the access control manifest) can be stored in the OID database.

  Virtual Private database. Virtual Private databases (VPD) Allow developers to attach security policies to application tables, views, or synonyms. Security policies can use the security application context (secure application contexts) to determine how to apply this policy. Oracle Database 10g also introduced a column-related security policy enforcement mechanism to the virtual private database, as well as a choice of column shadowing mechanism.

  Oracle Label Security. Oracle Database 10g allows the centralized creation of Oracle label security Policies in the Oracle Identity management infrastructure. By using the Oracle Internet directory, people can create an Oracle label security policy in a centralized location, simplifying the process of security and management in all databases in an enterprise or grid. Can be in a position to manage the agency's sensitive label and application user security license.

  fine-grained audits. an important aspect of any effective security policy is to maintain the system's activity record to ensure that users are responsible for their actions. Based on the powerful and comprehensive audit function of Oracle database, Oracle incorporates fine-grained audit function. If the user uses the data access rights incorrectly, this function can be used as an early warning system for the mechanism or as a detection system for the intrusion of the database itself.

  Agent authentication. Oracle Database 10g supports proxy authentication, which provides three-tier security features by allowing the transfer of an SSL certificate (X.509 certificate or DN) to the database to identify (rather than authenticate) users. The database uses a DN or certificate to look up users in an Oracle Internet directory or another LDAP based directory. The integration of proxy authentication with Oracle Enterprise user security also enables user identities to be maintained at all levels of an application, but only once in the directory for users.

  Oracle Advanced Security, Oracle Advanced Security leverages the enterprise's existing security framework to provide a number of powerful authentication solutions, including Kerberos, public key cryptography technology, RADIUS and a distributed computing environment for Oracle database 10g. A new feature in this release is the ability to check X509v3 certificate revocation information by storing a certificate revocation manifest in a file system, an Oracle Internet directory, or a CRL partial point (distribution Points).



Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.