Effective Oracle Database 10g Security by Design
New York Chicago San Francisco
Lisbon London Madrid Mexico City Milan
New Delhi San Juan Seoul Singapore Sydney Toronto
2100 Powell Street, 10th Floor
Emeryville, California 94608
To arrange bulk purchase
for sales promotions, premiums, or fund-raisers,
/Osborne at the above address. For information on translations or book
outside the U.S.A., please see the International Contact Information page immediately following the index of this book.
Effective Oracle Database 10
Security by Design
Copyright 2004 by The McGraw-Hill Companies, Inc. (Publisher). All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of Publisher.
Oracle is a registered trademark of Oracle Corporation and/or its
Screen displays of
Oracle software programs have been reproduced herein with the permission of Oracle Corporation and/or its affiliates.
Excerpts of copyrighted Oracle
documentation have been reproduced herein with the permission of Oracle Corporation and/or its affiliates.
1234567890 CUS CUS 01987654
Brandon A. Nordin
Wendy Delmolino, Thomas Kyte
John Patrus, Kelly Stanton-Scott
Kathleen Edwards, Melinda Lytle
Jani Beckwith, Peter F. Hancik
Cover Series Design:
Damore Johann Design, Inc.
This book was
with Corel VENTURA Publisher.
Information has been obtained by Publisher from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, Publisher, or others, Publisher does not guarantee to the accuracy, adequacy, or completeness of any information included in this work and is not responsible for any errors or omissions or the results obtained from the use of such information.
Oracle Corporation does not make any representations or warranties as to the accuracy, adequacy, or completeness of any information contained in this Work, and is not responsible for any errors or omissions.
This book is dedicated to my parents, Larry and Maggie Knox, whose unconditional love and support have made me possible.
About the Author
working at Oracle in early 1995. It wasn’t long after his first day that he was asked to work on a security-
project for one of Oracle’s government customers. He has been working with Oracle security ever since. David has had the opportunity to work on security issues with many interesting people in the United States Department of Defense and the intelligence community as well as in financial services, healthcare, and higher education. All of the exposure to database security inspired him to obtain his graduate degree in computer science. David’s security expertise derives not only from graduate work but also from
of experience in hands-on practice with Oracle.
Through the years, David has worked with Oracle’s development
, sales organizations, and
in almost all areas of security. He has the opportunity to review and understand many of Oracle’s customer’s requirements as well as to help architect and implement solutions for those requirements. The solutions range from applying the current technologies in new and innovative ways to creating pre-packaged consulting solutions and ultimately providing input for product requirements for future enhancements to the Oracle Database. David has created and delivered countless security classes for Oracle Consulting and technical sales support, Oracle’s partner companies, and Oracle customers.
David also has
white papers as well as
to books, such as
Expert One on One Oracle
by Thomas Kyte (Wrox Press, 2001) and
Mastering Oracle PL/SQL: Practical
Solutions (Apress, December 2003).
These days you can find David working as the chief engineer in Oracle’s Information Assurance Center (IAC). The IAC is a center of expertise that works with Oracle’s customers,
, development, and consulting to design and develop security and high-availability solutions. His work is concentrated on the computer security areas, but his
vary widely: delivering presentations, participating in panel discussions, working with consultants, teaching classes, meeting with customers, and answering general security questions on Oracle’s internal security lists.
About the Tech Editors
is a master principal sales consultant for Oracle Corporation with over 12 years experience supporting the United States federal government. Wendy specializes in Oracle’s Information Assurance technologies and architectures, with an emphasis on Oracle Database security. She leads the Oracle Federal
security architectures and teaches Oracle Database security courses. In support of her customers, Wendy devises solutions and provides oversight for many of the intelligence community’s past, current, and future requirements within Oracle Corporation. Wendy and her husband, Dominic, live outside Washington, DC, and have two children, Peter and Francesca.
is a vice president in the Oracle Government, Education, and Healthcare group and is recognized as one of the world’s leading Oracle experts. Tom has been working with Oracle technology since version 5.1.5c (a $99 single-user version for DOS that came on 360K floppy disks) and joined Oracle Corporation in 1993. Before starting at Oracle, Tom worked for over six years as a systems integrator building large-scale, heterogeneous databases and applications, mostly for military and government customers. He is the “Tom” behind the “Ask Tom” column in
, where he answers questions about the Oracle Database and its tools. Tom is also the author of
Expert One on One Oracle
(Wrox Press, 2001) and
Effective Oracle by Design
This book represents a lot of hard work and dedication from many people. First, I would like to
my mentors within Oracle. Tim Hoechst and Dave Carey have been especially supportive in helping me allocate the necessary time to complete this work. My colleagues have also been supportive in many ways, from agreeing to review the work to providing technical information and ideas. I would like to thank all those who have done so. I would
like to thank Matt Piermarini and Patrick Sack, who have both been invaluable in helping me understand and
the security message as it
to application development. Daniel Wong, Kristy Edwards, and Sudha Iyer in Oracle development were also very helpful and supportive in reviewing the material for accuracy and
with Oracle’s product intentions and directions; thank you for helping out.
The staff at McGraw-Hill/Osborne has been great to work with. Lisa McClain, Athena Honore, Jenn Tust, and Sally Engelfried have been supportive and understanding in all matters related to the construction of the book, and I cannot thank you enough for your patience and direction. I’d also like to thank the Illustration and Production departments for making the book look so great.
The technical reviewers, Wendy Delmolino and Thomas Kyte, are two important people to ensuring the book’s success. Wendy’s technical contributions to the editing process have been insightful and
. Thank you for taking the time to review and comment on the material. It has been a
working with you on security through the years.
Thomas Kyte has done the most for me in influencing the technical material in this book. Not only did he
me to write the book by showing leadership in technical authoring, he helped make the examples more practical. I have learned a tremendous amount from working with Tom over the years in both how the database works and how to write about it. Thank you, Tom, for your
comments, suggestions, leadership, and friendship. Without your input, this would not be the same book.
Finally, and most importantly, I would like to thank my wife, Sandy, and sons Garrett and Trevor. Sandy’s support in writing this book is unparalleled. There have been countless late nights, lost weekends, and impeded
that were necessary to complete this work. The hardest part in writing this book has been depriving my family of quality focus and time. Sandy, your understanding and support for this, especially in handling Garrett and Trevor, has been incredible. I love you for it and hope you feel an accomplishment has been reached for you, too. This book could not have been written without your love, support, and dedication. I will never forget it.