Effective Oracle Database 10g Security by Design

Effective Oracle Database 10g Security by Design

David Knox

McGraw-Hill/Osborne

New York Chicago San Francisco
Lisbon London Madrid Mexico City Milan
New Delhi San Juan Seoul Singapore Sydney Toronto

McGraw-Hill/Osborne
2100 Powell Street, 10th Floor
Emeryville, California 94608
U.S.A.

To arrange bulk purchase discounts for sales promotions, premiums, or fund-raisers, please contact McGraw-Hill/Osborne at the above address. For information on translations or book distributors outside the U.S.A., please see the International Contact Information page immediately following the index of this book.

Effective Oracle Database 10g Security by Design

Copyright © 2004 by The McGraw-Hill Companies, Inc. (Publisher). All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of Publisher.

Oracle is a registered trademark of Oracle Corporation and/or its affiliates.

Screen displays of copyrighted Oracle software programs have been reproduced herein with the permission of Oracle Corporation and/or its affiliates.

Excerpts of copyrighted Oracle user documentation have been reproduced herein with the permission of Oracle Corporation and/or its affiliates.

1234567890 CUS CUS 01987654
ISBN 0-07-223130-0

Publisher: Brandon A. Nordin

Vice President & Associate Publisher: Scott Rogers

Editorial Director: Wendy Rinaldi

Acquisitions Editor: Lisa McClain

Project Editor: Jenn Tust

Acquisitions Coordinator: Athena Honore

Technical Editors: Wendy Delmolino, Thomas Kyte

Copy Editor: Sally Engelfried

Proofreader: Marian Selig

Indexer: Valerie Perry

Composition: John Patrus, Kelly Stanton-Scott

Illustrators: Kathleen Edwards, Melinda Lytle

Series Design: Jani Beckwith, Peter F. Hancik

Cover Series Design: Damore Johann Design, Inc.

This book was composed with Corel VENTURA™ Publisher.
Information has been obtained by Publisher from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, Publisher, or others, Publisher does not guarantee to the accuracy, adequacy, or completeness of any information included in this work and is not responsible for any errors or omissions or the results obtained from the use of such information.

Oracle Corporation does not make any representations or warranties as to the accuracy, adequacy, or completeness of any information contained in this Work, and is not responsible for any errors or omissions.

This book is dedicated to my parents, Larry and Maggie Knox, whose unconditional love and support have made me possible.

About the Author

David Knox began working at Oracle in early 1995. It wasn’t long after his first day that he was asked to work on a security-related project for one of Oracle’s government customers. He has been working with Oracle security ever since. David has had the opportunity to work on security issues with many interesting people in the United States Department of Defense and the intelligence community as well as in financial services, healthcare, and higher education. All of the exposure to database security inspired him to obtain his graduate degree in computer science. David’s security expertise derives not only from graduate work but also from years of experience in hands-on practice with Oracle.

Through the years, David has worked with Oracle’s development teams, sales organizations, and consultants in almost all areas of security. He has the opportunity to review and understand many of Oracle’s customer’s requirements as well as to help architect and implement solutions for those requirements. The solutions range from applying the current technologies in new and innovative ways to creating pre-packaged consulting solutions and ultimately providing input for product requirements for future enhancements to the Oracle Database. David has created and delivered countless security classes for Oracle Consulting and technical sales support, Oracle’s partner companies, and Oracle customers.

David also has authored white papers as well as contributed to books, such as Expert One on One Oracle by Thomas Kyte (Wrox Press, 2001) and Mastering Oracle PL/SQL: Practical Solutions (Apress, December 2003).

These days you can find David working as the chief engineer in Oracle’s Information Assurance Center (IAC). The IAC is a center of expertise that works with Oracle’s customers, partners, development, and consulting to design and develop security and high-availability solutions. His work is concentrated on the computer security areas, but his tasks vary widely: delivering presentations, participating in panel discussions, working with consultants, teaching classes, meeting with customers, and answering general security questions on Oracle’s internal security lists.

About the Tech Editors

Wendy Delmolino is a master principal sales consultant for Oracle Corporation with over 12 years experience supporting the United States federal government. Wendy specializes in Oracle’s Information Assurance technologies and architectures, with an emphasis on Oracle Database security. She leads the Oracle Federal group in recommending security architectures and teaches Oracle Database security courses. In support of her customers, Wendy devises solutions and provides oversight for many of the intelligence community’s past, current, and future requirements within Oracle Corporation. Wendy and her husband, Dominic, live outside Washington, DC, and have two children, Peter and Francesca.

Thomas Kyte is a vice president in the Oracle Government, Education, and Healthcare group and is recognized as one of the world’s leading Oracle experts. Tom has been working with Oracle technology since version 5.1.5c (a $99 single-user version for DOS that came on 360K floppy disks) and joined Oracle Corporation in 1993. Before starting at Oracle, Tom worked for over six years as a systems integrator building large-scale, heterogeneous databases and applications, mostly for military and government customers. He is the “Tom” behind the “Ask Tom” column in Oracle Magazine, where he answers questions about the Oracle Database and its tools. Tom is also the author of Expert One on One Oracle (Wrox Press, 2001) and Effective Oracle by Design (McGraw-Hill/Osborne, 2003).

Acknowledgments

This book represents a lot of hard work and dedication from many people. First, I would like to acknowledge my mentors within Oracle. Tim Hoechst and Dave Carey have been especially supportive in helping me allocate the necessary time to complete this work. My colleagues have also been supportive in many ways, from agreeing to review the work to providing technical information and ideas. I would like to thank all those who have done so. I would especially like to thank Matt Piermarini and Patrick Sack, who have both been invaluable in helping me understand and articulate the security message as it relates to application development. Daniel Wong, Kristy Edwards, and Sudha Iyer in Oracle development were also very helpful and supportive in reviewing the material for accuracy and congruence with Oracle’s product intentions and directions; thank you for helping out.

The staff at McGraw-Hill/Osborne has been great to work with. Lisa McClain, Athena Honore, Jenn Tust, and Sally Engelfried have been supportive and understanding in all matters related to the construction of the book, and I cannot thank you enough for your patience and direction. I’d also like to thank the Illustration and Production departments for making the book look so great.

The technical reviewers, Wendy Delmolino and Thomas Kyte, are two important people to ensuring the book’s success. Wendy’s technical contributions to the editing process have been insightful and valuable. Thank you for taking the time to review and comment on the material. It has been a pleasure working with you on security through the years.

Thomas Kyte has done the most for me in influencing the technical material in this book. Not only did he inspire me to write the book by showing leadership in technical authoring, he helped make the examples more practical. I have learned a tremendous amount from working with Tom over the years in both how the database works and how to write about it. Thank you, Tom, for your candid comments, suggestions, leadership, and friendship. Without your input, this would not be the same book.

Finally, and most importantly, I would like to thank my wife, Sandy, and sons Garrett and Trevor. Sandy’s support in writing this book is unparalleled. There have been countless late nights, lost weekends, and impeded vacations that were necessary to complete this work. The hardest part in writing this book has been depriving my family of quality focus and time. Sandy, your understanding and support for this, especially in handling Garrett and Trevor, has been incredible. I love you for it and hope you feel an accomplishment has been reached for you, too. This book could not have been written without your love, support, and dedication. I will never forget it.