Introduction to Oracle database security management policies

Oracle Security issues can be said to be one of the Heart Diseases of the database administrator. The loss of related data in the database and the intrusion of related databases lead to some very difficult problems, some security policies are proposed around the security issues of Oracle databases, hoping to help database administrators.

For database data security issues, the database administrator can refer to the system's dual-machine hot backup function and database backup and recovery information.

I. Group and security:

Creating user groups in the operating system is also an effective way to ensure the security of Oracle databases. Oracle programs are generally divided into two categories for security purpose: one class can be executed by all users, and the other class can only be executed by DBA. In Unix, the configuration file set for the group is/etc/group. For details about how to configure this file, see the relevant Unix manual.

Several methods to ensure security:

(1) Before installing OracleServer, create a database administrator group (DBA) and assign the user IDs of the root and Oracle software owner to this group. Only 710 of the programs that DBA can execute are permitted. During the installation process, the SQL * DBA system permission command is automatically assigned to the DBA group.

(2) allow some Unix users to access the Oracle server system with restrictions, add an Oracle group of authorized user groups, and ensure that the Oracle group ID and common executable programs are assigned to the Oracle server utility routine, for example, SQL * Plus and SQL * Fo

Rms and so on should be executed by this group, and the permission of this utility routine is 710, it will allow users in the same group to execute, while other users cannot.

(3) change the permissions of programs that do not affect database security to 711. NOTE: For the convenience of installation and debugging in our System, the default password of Sys and System for two users with DBA permissions in Oracle Database is manager. To ensure the security of your database system, we strongly recommend that you delete the passwords of these two users as follows:

In SQL * DBA, type:

 
 

  
  
alter user sys indentified by password;  
  
  
alter user system indentified by password;  
 
 

Here, password is the password you set for the user.

Oracle Security of Oracle Server utilities:

The following are some suggestions to protect the Oracle server from being used by illegal users:

(1) ensure that all programs under the $ ORACLE_HOME/bin directory are owned by the Oracle software owner;

(2) grant 711 permissions to all users (sqiplus, sqiforms, exp, imp, etc.) so that all users on the server can access the Oracle server;

(3) grant all DBA Utility Routines (such as SQL * DBA) 700 permissions. When the Oracle server and Unix group access the local server, you can map the role of the Oracle server to a Unix group in the operating system to use the Oracle Security of the Unix management server, this method is applicable to local access.

The format of specifying an Oracle Server role in Unix is as follows:

Ora_sid_role [_ dla]

The sid is the oracle_sid of your Oracle database;

Role is the role name on the Oracle server;

D (optional) indicates that this role is the default value;

A (optional) indicates that this role has the with admin option,

You can only assign this role to other roles, not other users.

The following example is set in the/etc/group file:

 
 

  
  
ora_test_osoper_d:NONE:1:jim,narry,scott  
  
  
ora_test_osdba_a:NONE:3:pat  
  
  
ora_test_role1:NONE:4:bob,jane,tom,mary,jim  
  
  
bin: NONE:5:root,oracle,dba  
  
  
root:NONE:7:root  
 
 

The above content is an introduction to Oracle Security management policies and methods. I hope you will find some gains.