With OS authenticated users, each database account is directly linked to an OS account. OS authenticated users was (and still is for some) popular because it allows users to sign on to the database without requiring them to provide another username and password.

Today, the support for OS authentication is a popular method for supporting batch processes that need to be run from the OS. The jobs can be queued and run independently without requiring scripts to store usernames and passwords, which is a security risk in itself.

REMOTE_OS_AUTHENT

As time went on, computer networking proliferated, and applications became more distributed. Support for distributed computing was also embraced by Oracle. The REMOTE_OS_AUTHENT initialization parameter extended the trusted authentication model to the network. This technology allowed the users to have OS accounts on machines other than the server where the database resided. This capability gained popularity as the computing industry moved from mostly mainframes to a mix of large and midsize computing servers, many of which ran UNIX.

Remote authentication was popular because it added flexibility into the operational environment. Users could still enjoy the convenience of single sign-on, and the database server was not required to maintain OS accounts for all the database users.

However, remote authentication, while useful, created a lot of risk. The following example illustrates why.

I modify my database to support remote authentication. By default, the REMOTE_OS_AUTHENT is set to false. Setting it to true allows users on other servers to log in to my database without specifying a username or password.

system@DAGGER> ALTER SYSTEM SET remote_os_authent=TRUE SCOPE=SPFILE; System

altered

.

The new value for the REMOTE_OS_AUTHENT parameter will not take effect until the database is restarted. After restarting the database, I can connect to the OPS$DKNOX database user from an OS user called dknox located on a separate server. To illustrate this, I’ll create the dknox OS user on a server called SABRE and connect to my database, which is running on a server called DAGGER. My connect string requires no username and password; it requires only a TNS alias. After connecting, I query my environment to show the name of the user, the host they are authenticated from, and the name of the database:

[

dknox@sabre

dknox]$ sqlplus /@dagger SQL*Plus: Release 10.1.0.2.0 - Production on Sun Mar 28 15:52:00 2004 Copyright (c) 1982, 2004, Oracle. All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.1.0.2.0 - Production With the Partitioning, Oracle Label Security, OLAP and Data Mining options SQL> COL user format a10 SQL> COL "User's Server" format a15 SQL> COL "DB Server" format a15 SQL> SELECT USER, 2 SYS_CONTEXT ('userenv', 'host') 3 "User's Server", 4 SYS_CONTEXT ('userenv', 'db_name') 5 "DB Server" 6 FROM DUAL; USER User's Server DB Server ---------- --------------- --------------- OPS$DKNOX

sabre

dagger

The risk associated with allowing remote authentication lies in the fact that any administrator or knowledgeable person can create a user with any username and be connected to the database account corresponding to that username. The administrator for the database on DAGGER may not trust the actions occurring on the SABRE (OS) server or any other server. For many, distributing trust in this manner is considered too risky for production servers. Subsequently, this implementation is seldom used today, and the default for REMOTE_OS_AUTHENT is false. Leave it set to false!

Security for Host-Based Architecture

From the database’s perspective, security for the host-based architecture was uncomplicated. Regardless of how a user authenticated, every user had a separate and distinct database account (the 1:1 user-database mapping discussed in Chapter 3). Oracle subsequently invested great resources in ensuring that the database could support proper security at the user level. These capabilities included various mechanisms for user authentication, role-based access control, object privileges, system privileges, and auditing. All of these capabilities form the core security mechanisms provided by the Oracle Database today.

Client-Server Identification and Authentication

With the proliferation of the personal computer, the computing industry evolved from a host-based model for applications to the client-server architecture. This architecture evolved from a single entity, the host, to two entities, the client (on which the users resided) and the server (on which the database resided). Software companies, including Oracle, rapidly adopted support for secure client-server capabilities.

In this architecture, users always have two accounts, one for the OS and one for the database. It’s typical for the database server and the user’s personal computer to be running different operating systems. This heterogeneity provides a more user-friendly desktop computing environment and allows the users flexibility in choosing a computer that best meets their personal needs.

Many of the client-server applications are also graphical in nature and are much easier to use than the applications in the host-based model. This helps to extend the reach of the Oracle Database to users who no longer have to understand SQL. Reports can be easily run in which simple questions such as “What are the latest YTD numbers, and how do they compare to last years numbers ?” are transparently turned into SQL queries with the results formatted and graphically displayed to give the users the latest, up-to-date information.

Security for Client-Server Architecture

With client-server architecture, like host-based architecture, database access controls and auditing are based on the uncomplicated principle that each user has a separate and distinct database account. For client-server architecture I&A, the database (as opposed to the OS) usually performs the user authentication. While passwords were initially the predominant authentication technique, the computing industry soon began to develop standard ways to allow users to conduct single sign-on. Kerberos and DCE are two popular examples of single sign-on technologies developed to support the single sign-on requirement.

In a client-server connection, the user has a direct link to the server (or database) and vice-versa, much like a phone call, where two people are directly connected to each other and each knows who is on the other end. For client-server database applications, the user authenticates once and stays connected. This is important because the user’s identity is established once and is available to the database for the entire session (just as it is in a phone conversation). The database connections aren’t shared, and database security is based on the ability to easily distinguish between users.

With client-server computing, securing the network communications from the client to the server is essential to ensuring data is not maliciously copied or altered while in transit. Soon after Oracle began supporting the client-server architecture, they realized the need to secure those communication channels. Oracle subsequently enhanced its networking software and introduced Secure Network Services (SNS) to ensure that data would be protected not only while at rest in the database, but also while in motion to and from the database. SNS, was renamed several times until it finally ended up as the Oracle Advanced Security option, provided for SQL and data encryption. To operate in a secure client-server configuration, applications utilized the SNS capabilities.

{% if main.adsdop %}{% include 'adsenceinline.tpl' %}{% endif %}

As the value of client-server applications was realized, practically all the major application development companies, most of which ran against database-derived data, built and deployed client-server applications. The client-server architecture was popular for many years and today still plays a significant role for many Oracle customers.