| | Copyright |
| | Dedication |
| | Preface |
| | | What This Book Is |
| | | What This Book Is Not |
| | | Audience for This Book |
| | | Conventions Used in This Book |
| | | Platforms and Versions of Oracle |
| | | Comments and Questions |
| | | Acknowledgments |
|
| | Part I: Security in an oracle System |
| | | Chapter 1. Oracle and Security |
| | | Section 1.1. What's It All About? |
| | | Section 1.2. The Oracle Security Model |
| | | Section 1.3. Procedures, Policies, and Plans |
| | | Section 1.4. If I Had a Hammer... |
|
| | | Chapter 2. Oracle System Files |
| | | Section 2.1. What's in the Files? |
| | | Section 2.2. The Instance and the Database: Starting an Oracle Database |
| | | Section 2.3. Types of Database Files |
|
| | | Chapter 3. Oracle Database Objects |
| | | Section 3.1. The User Interface: User Versus Schema |
| | | Section 3.2. Objects |
| | | Section 3.3. Tables |
| | | Section 3.4. Table Triggers |
| | | Section 3.5. Views |
| | | Section 3.6. Stored Programs |
| | | Section 3.7. Synonyms |
| | | Section 3.8. Privileges |
| | | Section 3.9. Roles |
| | | Section 3.10. Profiles |
|
| | | Chapter 4. The Oracle Data Dictionary |
| | | Section 4.1. Creating and Maintaining the Data Dictionary |
| | | Section 4.2. The Data Dictionary Views |
| | | Section 4.3. About SQL.BSQ |
| | | Section 4.4. Views Used for Security |
| | | Section 4.5. The Composition of the Views |
|
| | | Chapter 5. Oracle Default Roles and User Accounts |
| | | Section 5.1. About the Defaults |
| | | Section 5.2. The CONNECT Role |
| | | Section 5.3. The RESOURCE Role |
| | | Section 5.4. The DBA Role |
| | | Section 5.5. The SYSDBA and SYSOPER Roles |
| | | Section 5.6. Using the Default Roles |
| | | Section 5.7. Default User Accounts |
| | | Section 5.8. Segmenting Authority in the Database |
|
| | | Chapter 6. Profiles, Passwords, and Synonyms |
| | | Section 6.1. Profiles |
| | | Section 6.2. Passwords |
| | | Section 6.3. Synonyms |
|
|
| | Part II: Implementing Security |
| | | Chapter 7. Developing a Database Security Plan |
| | | Section 7.1. About the Security Policy and Security Plan |
| | | Section 7.2. Types of Accounts |
| | | Section 7.3. Standards for Accounts |
| | | Section 7.4. Standards for Usernames |
| | | Section 7.5. Standards for Passwords |
| | | Section 7.6. Standards for Roles |
| | | Section 7.7. Standards for Views |
| | | Section 7.8. Standards for the Oracle Security Server |
| | | Section 7.9. Standards for Employees |
| | | Section 7.10. Sample Security Plan Index |
| | | Section 7.11. Sample Security Plan Checklist |
|
| | | Chapter 8. Installing and Starting Oracle |
| | | Section 8.1. Segmenting Application Processing |
| | | Section 8.2. Installing Oracle Securely |
| | | Section 8.3. Connecting to the Database Without a Password |
| | | Section 8.4. Installing and Configuring SQL*Net |
| | | Section 8.5. Setting Up Initialization Parameters for Security |
|
| | | Chapter 9. Developing a Simple Security Application |
| | | Section 9.1. The Application Overview |
| | | Section 9.2. Preparing the Role-Object Matrix |
| | | Section 9.3. Views |
| | | Section 9.4. Roles |
| | | Section 9.5. Grants |
| | | Section 9.6. Application Control of Access |
|
| | | Chapter 10. Developing an Audit Plan |
| | | Section 10.1. Why Audit? |
| | | Section 10.2. Where to Audit |
| | | Section 10.3. How Auditing Works |
| | | Section 10.4. Auditing and Performance |
| | | Section 10.5. Default Auditing |
| | | Section 10.6. Types of Auditing |
| | | Section 10.7. Purging Audit Information |
|
| | | Chapter 11. Developing a Sample Audit Application |
| | | Section 11.1. About the Audit Trail Application |
| | | Section 11.2. About Performance and Storage |
| | | Section 11.3. Using the Audit Data in Reports |
| | | Section 11.4. SQL Scripts to Generate Scripts |
|
| | | Chapter 12. Backing Up and Recovering the Database |
| | | Section 12.1. What Are the Backup Options? |
| | | Section 12.2. What's New for Oracle8? |
| | | Section 12.3. What Are the Recovery Options? |
|
| | | Chapter 13. Using the Oracle Enterprise Manager |
| | | Section 13.1. What Is the OEM? |
| | | Section 13.2. The DBA Toolkit and Security |
| | | Section 13.3. OEM and the Job Scheduler |
| | | Section 13.4. OEM and the Event Management System |
|
| | | Chapter 14. Maintaining User Accounts |
| | | Section 14.1. Application Design Requirements |
| | | Section 14.2. Running the Application |
| | | Section 14.3. Documenting the User State |
| | | Section 14.4. A Sample Script |
|
|
| | Part III: Enhanced Oracle Security |
| | | Chapter 15. Using the Oracle Security Server |
| | | Section 15.1. About Cryptography |
| | | Section 15.2. Ways to Authenticate Users |
| | | Section 15.3. What's in the OSS? |
| | | Section 15.4. Configuring and Using the OSS |
|
| | | Chapter 16. Using the Internet and the Web |
| | | Section 16.1. Web Basics |
| | | Section 16.2. Evaluating Web Assets and Risks |
| | | Section 16.3. Protecting a Web Site |
| | | Section 16.4. Getting Users Involved |
|
| | | Chapter 17. Using Extra-Cost Options |
| | | Section 17.1. Trusted Oracle |
| | | Section 17.2. Advanced Networking Option |
| | | Section 17.3. Oracle Application Server |
|
| | | Appendix A. References |
| | | Section A.1. Oracle Books |
| | | Section A.2. Security Books |
| | | Section A.3. Oracle Electronic References |
| | | Section A.4. Security Electronic References |
|
|
| | Colophon |
| | Index |