Index

A B C D E F G H I J K L M N O P Q R S T U V W X

A

access control

encryption, problems not solved by, 8.2.1

enforcing, 10.8.1

object privileges, 4.5.1

password encryption, 3.2.1

access control list (ACL)

about, 4.11.1

advantages, 4.11

affect of upgrade from earlier release, 4.11.2

creating, 4.11.3

DBMS_NETWORK_ACL package

using, 4.11.3.1

DBMS_NETWORK_ACL_ADMIN package

using, 4.11.3

examples, 4.11.4

finding information about, 4.11.10

hosts, assigning, 4.11.3.2

network hosts, using wildcards to specify, 4.11.5

ORA-24247 errors, 4.11.2

order of precedence

hosts, 4.11.6

port ranges, 4.11.7

privilege assignments

about, 4.11.8

database administrators checking, 4.11.8.1

users checking, 4.11.8.2

setting precedence

multiple roles, 4.11.9

multiple users, 4.11.9

syntax for creating, 4.11.3.1

account locking

example, 3.2.3.4

explicit, 3.2.3.4

password management, 3.2.3.4

PASSWORD_LOCK_TIME initialization parameter, 3.2.3.4

ad hoc tools

database access, security problems of, 4.4.7.1

ADMIN OPTION

about, 4.6.1.1

revoking privileges, 4.7.1

revoking roles, 4.7.1

roles, 4.4.5.1

system privileges, 4.3.4

administrative user passwords

default, importance of changing, 10.5

administrator privileges

access, 10.8.2

operating system authentication, 3.3.2

passwords, 3.3.3, 10.5

SYSDBA and SYSOPER access, centrally controlling, 3.3.1, 3.3.1

write, on listener.ora file, 10.8.2

adump audit files directory, 9.6.1

alerts, used in fine-grained audit policy, 9.5.6

"all permissions", 10.3

ALTER privilege statement

SQL statements permitted, 5.8.2

ALTER PROFILE statement

password management, 3.2.3.1

ALTER RESOURCE COST statement, 2.4.4.2

ALTER ROLE statement

changing authorization method, 4.4.3

ALTER SESSION statement

schema, setting current, 5.7.1

ALTER USER privilege, 2.3

ALTER USER statement

default roles, 4.10.2

explicit account unlocking, 3.2.3.4

GRANT CONNECT THROUGH clause, 3.10.1.3

passwords, changing, 2.3.1

passwords, expiring, 3.2.3.6

profiles, changing, 3.2.3.6

REVOKE CONNECT THROUGH clause, 3.10.1.3

user profile, 3.2.3.1

altering users, 2.3

ANY system privilege

guidelines for security, 10.6

application contexts

about, 6.1

as secure data cache, 6.1

bind variables, 7.1.4

client session-based

CLIENTCONTEXT namespace, clearing value from, 6.5.4

retrieving client session ID, 6.5.3

client session-based application contexts

about, 6.5.1

CLIENTCONTEXT namespace, clearing value from, 6.5.2

database session-based

cleaning up after user exits, 6.3.1

creating, 6.3.2

externalized, using, 6.3.8

how to use, 6.3

initializing externally, 6.3.6

ownership, 6.3.2

database session-based application contexts

about, 6.3.1

components, 6.3.1

database links, 6.3.3.5

dynamic SQL, 6.3.3.3

initializing globally, 6.3.7

parallel queries, 6.3.3.4

PL/SQL package creation, 6.3.3

session information, setting, 6.3.3.6

SYS_CONTEXT function, 6.3.3.2

trusted procedure, 6.1

tutorial, 6.3.5

DBMS_SESSION.SET_CONTEXT procedure, 6.3.3.6, 6.3.3.6

driving context, 6.6

finding information about, 6.6

global

creating, 6.4.2

example of setting values for all users, 6.4.3.3

ownership, 6.4.2

sharing values globally for all users, 6.4.3.3

used for One Big Application User scenarios, 7.5.5

uses for, 7.5.5

global application contexts

about, 6.4.1

authenticating nondatabase users, 6.4.3.5

authenticating user for multiple applications, 6.4.3.4

components, 6.4.1

example of authenticating nondatabase users, 6.4.3.5

example of authenticating user moving to different application, 6.4.3.4

PL/SQL package creation, 6.4.3.1

process, lightweight users, 6.4.6.2

process, standard, 6.4.6.1

reasons for using, 6.4.1

system global area, 6.4.1

tutorial for client session IDs, 6.4.5

user name retrieval with USER function, 6.4.3.2

logon trigger, creating, 6.3.4

performance, 7.4.2.7

policy groups, used in, 7.3.5.1

returning predicate, 7.1.4

session information, retrieving, 6.3.3.2

support for database links, 6.3.6

types, 6.2

users, nondatabase connections, 6.4.1, 6.4.3.5

Virtual Private Database, used with, 7.1.4

application developers

CONNECT role change, 10.10.3.2

application security

specifying attributes, 6.3.2

application users who are database users

Oracle Virtual Private Database, how it works with, 7.5.5

applications

about security policies for, 5.1

database users, 5.2.1

enhancing security with, 4.4.1.2

object privileges, 5.8.1

object privileges permitting SQL statements, 5.8.2

One Big Application User authentication

security considerations, 5.2.2

security risks of, 5.2.1

Oracle Virtual Private Database, how it works with, 7.5.1

password handling, guidelines, 5.3.1.2

password protection strategies, 5.3

privileges, managing, 5.4

roles

multiple, 4.4.1.3.1

privileges, associating with database roles, 5.6

security, 4.4.7, 5.2.2

security considerations for use, 5.2

security limitations, 7.5.1

security policies, 7.3.5.3

validating with security policies, 7.3.5.5

AQ_ADMINISTRATOR_ROLE role

about, 4.4.2

AQ_USER_ROLE role

about, 4.4.2

archiving

operating system audit files, 9.8.3

standard audit trail, 9.8.2

attacks

See security attacks

audit files

activities always written to, 9.1.3

directory, 9.6.1

file names, form of, 9.6.1

fine-grained audit trail, 9.5.7

operating system file

advantages of using, 9.7.3.2

archiving, 9.8.3

contents, 9.7.3.1

decoding, 9.7.3.6

directory location, 9.7.3.4

how it works, 9.7.3.3

if becomes too full, 9.7.3.5

standard audit trail

records, archiving, 9.8.2

where written to, 9.6.1

AUDIT statement

about, 9.4.1.1

schema objects, 9.4.7.4

audit trail

about, 9.7.1

archiving, 9.8.2.1

deleting views, 9.9.3

finding information about, 9.9.1

interpreting, 9.9.2

types of, 9.7.1

See also standard audit trail, SYS.AUD$ table, SYS.FGA_LOG$ table

AUDIT_FILE_DEST initialization parameter

about, 9.7.3.4

setting for OS auditing, 9.7.3.4

AUDIT_SYS_OPERATIONS initialization parameter

auditing SYS, 9.6.1

AUDIT_TRAIL initialization parameter

about, 9.4.2.1

auditing SYS, 9.6.1

database, starting in read-only mode, 9.4.2.2

DB (database) setting, 9.4.2.2

DB, EXTENDED setting, 9.4.2.2

disabling, 9.4.2.2

OS (operating system) setting, 9.4.2.2

OS setting, Windows impact, 9.7.3.4

setting, 9.4.2.1

values, 9.4.2.2

XML setting, 9.4.2.2

XML, EXTENDED setting, 9.4.2.2

auditing

administrators

See standard auditing

audit options, 9.2

audit records, 9.7.1

audit trails, 9.7.1

database audit trail, using, 9.7.2.2

database user names, 3.5

default auditing, enabling, 9.3

distributed databases and, 9.1.5

finding information about, 9.9.1

fine-grained

See fine-grained auditing

general steps for, 9.2

guidelines for security, 10.9

historical information, 10.9.3

keeping information manageable, 10.9.2

LOBs, auditing

user-defined columns, 9.5.1

logon and logoff events, 9.4.4.3

middle-tier systems, real user actions, 3.10.1.10

multitier environments

See standard auditing

network

See standard auditing

object columns, 9.5.1

objects

See standard auditing

One Big Application User authentication, compromised by, 5.2.1

operating-system user names, 3.5

performance, 9.1.6

privileges

See standard auditing

range of focus, 9.2

recommended settings, 10.9.5

Sarbanes-Oxley Act

auditing, meeting compliance through, 9.1.1

meeting compliance through auditing, 10.9.1

schema objects

See standard auditing

schema objects created in the future, 9.4.7.4

SQL statements

See standard auditing

standard

See standard audit trail, standard auditing

statements

See standard auditing

suspicious activity, 10.9.4

UNIX syslog, 9.1.4

views

active object options, 9.9.2.3

active privilege options, 9.9.2.2

active statement options, 9.9.2.1

default object options, 9.9.2.4

when audit options take effect, 9.4.1.3

See also SYS.AUD$ table, SYS.FGA_LOG$ table, standard auditing, standard audit trail, fine-grained auditing

auditing, purging records

about, 9.8.1

database audit trail

purging subset of records, 9.8.2.2

AUTHENTICATEDUSER role, 4.4.2

authentication

about, 3.1

administrators

operating system, 3.3.2

passwords, 3.3.3

SYSDBA and SYSOPER access, centrally controlling, 3.3.1

by database, 3.4

by SSL, 3.7.1.1

certificate, 10.8.1

client, 10.8.1, 10.8.1

client-to-middle tier process, 3.10.1.5.1

database administrators, 3.3

databases, using

about, 3.4.1

advantages, 3.4.2

procedure, 3.4.3

directory service, 3.7.1

directory-based services, 3.6.2

external authentication

about, 3.8.1

advantages, 3.8.2

operating system authentication, 3.8.4

user creation, 3.8.3

global authentication

about, 3.7

advantages, 3.7.2

user creation for private schemas, 3.7.1.1

user creation for shared schemas, 3.7.1.2

middle-tier authentication

proxies, example, 3.10.1.7

multitier, 3.9

network authentication

Secure Sockets Layer, 3.6.1

third-party services, 3.6.2

One Big Application User, compromised by, 5.2.1

operating system authentication

about, 3.5

advantages, 3.5

disadvantages, 3.5

proxy user authentication

about, 3.10.1

expired passwords, 3.10.1.3

public key infrastructure, 3.6.2

RADIUS, 3.6.2

remote, 10.8.1, 10.8.1

specifying when creating a user, 2.2.3

strong, 10.5

user, 10.8.1

See also passwords, proxy authentication

AUTHID DEFINER clause

used with Oracle Virtual Private Database functions, 7.1.3

authorization

about, 4

changing for roles, 4.4.3

global

about, 3.7

advantages, 3.7.2

multitier, 3.9

omitting for roles, 4.4.3

operating system, 4.4.4.3.1

roles, about, 4.4.4

automatic reparse

Oracle Virtual Private Database, how it works with, 7.5.2

Automatic Storage Management (ASM)

SYSASM privilege, Preface

B

banners

auditing user actions, configuring, 5.9.5

unauthorized access, configuring, 5.9.5

batch jobs, authenticating users in, 3.2.5.1

BFILEs

guidelines for security, 10.6

bind variables

application contexts, used with, 7.1.4

BLOBS

encrypting, 8.3.6

C

cascading revokes, 4.7.3

CATNOAUD.SQL script

about, 9.9.3

audit trail views, deleting with, 9.9.3

certificate authentication, 10.8.1

certificate key algorithm

Secure Sockets Layer, 10.8.3

certificates for user and server authentication, 10.8.1

change_on_install default password, 10.5

character sets

role names, multibyte characters in, 4.4.3

role passwords, multibyte characters in, 4.4.4.1

cipher suites

Secure Sockets Layer, 10.8.3

client connections

guidelines for security, 10.8.1

secure external password store, 3.2.5.3

securing, 10.8.1

client identifiers

about, 3.10.2

consistency between DBMS_SESSION.SET_IDENTIFIER and DBMS_APPLICATION_INFO.SET_CLIENT_INFO, 3.10.2.4

global application context, independent of, 3.10.2.3

setting with DBMS_SESSION.SET_IDENTIFIER procedure, 6.4.1

D

data definition language (DDL)

roles and privileges, 4.4.1.6

standard auditing, 9.4.4.2

data dictionary

protecting, 10.6

securing with O7_DICTIONARY_ACCESSIBILITY, 4.3.2.1

data dictionary views

See views

data files, 10.6

guidelines for security, 10.6

data manipulation language (DML)

privileges controlling, 4.5.4.1

standard auditing, 9.4.4.2

data security

encryption, problems not solved by, 8.2.3

database administrators (DBAs)

access, controlling, 8.2.2

authentication, 3.3

malicious, encryption not solved by, 8.2.2

database audit trail

about, 9.7.2.1

protecting, 9.7.2.5

Database Configuration Assistant (DBCA)

default passwords, changing, 10.5

password settings in default profile, 3.2.3.3

user accounts, automatically locking and expiring, 10.3

database links

application context support, 6.3.6

application contexts, 6.3.3.5

auditing, 9.4.7.2

authenticating with Kerberos, 3.6.2

authenticating with third-party services, 3.6.2

global user authentication, 3.7.2

object privileges, 4.5.3

operating system accounts, care needed, 3.5

session-based application contexts, accessing, 6.3.3.5

database upgrades and CONNECT role, 10.10.2.1

databases

access control

password encryption, 3.2.1

additional security resources, 1.2

authentication, 3.4

database user and application user, 5.2.1

default security features, summary, 1.1

granting privileges, 4.6

granting roles, 4.6

limitations on usage, 2.4.1

read-only mode, starting in, 9.4.2.2

security and schemas, 5.7

security embedded, advantages of, 5.2.2

security policies based on, 7.1.2.1

DATAPUMP_EXP_FULL_DATABASE role, 4.4.2

DATAPUMP_IMP_FULL_DATABASE role, 4.4.2

DBA role

about, 4.4.2

DBA_NETWORK_ACL_PRIVILEGES view, 4.11.8

DBA_ROLE_PRIVS view

application privileges, finding, 5.4

DBCA

See Database Configuration Assistant (DBCA)

DBMS_APPLICATION.SET_CLIENT_INFO procedure

DBMS_SESSION.SET_IDENTIFIER value, overwriting, 3.10.2.4

DBMS_CRYPTO package

about, 8.4

encryption algorithms supported, 8.4

examples, 8.6.1

DBMS_FGA package

about, 9.5.5.1

ADD_POLICY procedure, 9.5.5.2

DISABLE_POLICY procedure, 9.5.5.3

DROP_POLICY procedure, 9.5.5.4

ENABLE_POLICY procedure, 9.5.5.3

DBMS_OBFUSCATION_TOOLKIT package

backward compatibility, 8.4

E

eavesdropping

preventing by using SSL, 10.8.1

F

failed login attempts

account locking, 3.2.3.4

password management, 3.2.3.4

resetting, 3.2.3.4

features, new security

See new features, security

files

BFILEs

operating system access, restricting, 10.6

BLOB, 8.3.6

data

operating system access, restricting, 10.6

external tables

operating system access, restricting, 10.6

keys, 8.3.4.2

listener.ora file

guidelines for security, 10.8.2, 10.8.3

log

audit file location for Windows, 9.6.1

audit file locations, 9.7.3.4

operating system access, restricting, 10.6

restrict listener access, 10.8.2

server.key encryption file, 10.8.3

symbolic links, restricting, 10.6

tnsnames.ora, 10.8.3

trace

operating system access, restricting, 10.6

fine-grained access control

See Oracle Virtual Private Database (VPD)

fine-grained auditing

about, 9.5.1

activities always recorded, 9.5.3

advantages, 9.5.1, 9.5.1

alerts, adding to policy, 9.5.6

archiving audit trail, 9.8.2.1

columns, specific, 9.5.5.2

DBMS_FGA package, 9.5.5.1

how to use, 9.5.1

policies

adding, 9.5.5.2

disabling, 9.5.5.3

dropping, 9.5.5.4

enabling, 9.5.5.3

modifying, 9.5.5.2

privileges needed, 9.5.2

records

archiving, 9.5.7

purging, 9.5.7

G

GATHER_SYSTEM_STATISTICS role, 4.4.2

global application contexts

See application contexts, global

global authentication

about, 3.7

advantages, 3.7.2

user creation for private schemas, 3.7.1.1

user creation for shared schemas, 3.7.1.2

global authorization

about, 3.7

advantages, 3.7.2

role creation, 4.4.4.4

roles, 3.7

global roles

about, 4.4.4.4

global users, 3.7

GLOBAL_AQ_USER_ROLE role, 4.4.2

grace period for login attempts

example, 3.2.3.6

grace period for password expiration, 3.2.3.6

GRANT ALL PRIVILEGES statement

SELECT ANY DICTIONARY privilege, exclusion of, 10.6

GRANT ANY OBJECT PRIVILEGE system privilege, 4.6.2.2, 4.7.2.1

GRANT ANY PRIVILEGE system privilege, 4.3.4

GRANT CONNECT THROUGH clause

consideration when setting FAILED_LOGIN_ATTEMPTS parameter, 3.2.3.3

for proxy authorization, 3.10.1.3

GRANT statement, 4.6.1

ADMIN OPTION, 4.6.1.1

creating a new user, 4.6.1.2

object privileges, 4.6.2, 5.8.1

system privileges and roles, 4.6

when takes effect, 4.10

WITH GRANT OPTION, 4.6.2.1

granting privileges and roles

about, 4.3.3

finding information about, 4.12

specifying ALL, 4.5.2

guidelines for security

auditing, 10.9

custom installation, 10.7, 10.7

data files and directories, 10.6

encrypting sensitive data, 10.6

installation and configuration, 10.7

networking security, 10.8

operating system accounts, limiting privileges, 10.6

operating system users, limiting number of, 10.6

Oracle home default permissions, disallowing modification, 10.6

passwords, 10.5

Secure Sockets Layer

mode, 10.8.3

TCPS protocol, 10.8.3

symbolic links, restricting, 10.6

user accounts and privileges, 10.3

H

hackers

See security attacks

HS_ADMIN_ROLE role

about, 4.4.2

HTTPS

port, correct running on, 10.8.3

I

IMP_FULL_DATABASE role

about, 4.4.2

INDEX privilege

SQL statements permitted, 5.8.2

indexed data

encryption, 8.3.1

initialization parameters

application protection, 5.9

AUDIT_FILE_DEST, 9.1.3, 9.6.1

AUDIT_SYS_OPERATIONS, 9.6.1

AUDIT_SYSLOG_LEVEL, 9.6.2.3

AUDIT_TRAIL

about, 9.4.2.1

using, 9.4.2.2

current value, checking, 9.4.2.1

FAILED_LOGIN_ATTEMPTS, 3.2.3.3

MAX_ENABLED_ROLES, 4.10.3

O7_DICTIONARY_ACCESSIBILITY, 4.3.2.1

OS_AUTHENT_PREFIX, 3.8.1

OS_ROLES, 4.4.4.3.1

PASSWORD_GRACE_TIME, 3.2.3.3, 3.2.3.6

PASSWORD_LIFE_TIME, 3.2.3.3, 3.2.3.6

PASSWORD_LOCK_TIME, 3.2.3.3, 3.2.3.4

PASSWORD_REUSE_MAX, 3.2.3.3, 3.2.3.5

PASSWORD_REUSE_TIME, 3.2.3.3, 3.2.3.5

REMOTE_OS_AUTHENT, 10.8.1

RESOURCE_LIMIT, 2.4.4

SEC_CASE_SENSITIVE_LOGIN, 3.2.3.8

SEC_MAX_FAILED_LOGIN_ATTEMPTS, 5.9.3

SEC_PROTOCOL_ERROR_FURTHER_ACTION, 5.9.2

SEC_PROTOCOL_ERROR_TRACE_ACTION, 5.9.1

SEC_RETURN_SERVER_RELEASE_BANNER, 5.9.4

SEC_USER_AUDIT_ACTION_BANNER, 5.9.5

SEC_USER_UNAUTHORIZED_ACCESS_BANNER, 5.9.5

INSERT privilege

granting, 4.6.2.3

revoking, 4.7.2.2

SQL statements permitted, 5.8.2

installation

guidelines for security, 10.7

intruders

See security attacks

invoker's rights

about, 4.5.6.4

procedure privileges, used with, 4.5.6.3

procedure security, 4.5.6.4

secure application roles, 5.5.2

secure application roles, requirement for enabling, 5.5.2

IP addresses

falsifying, 10.8.2

guidelines for security, 10.8.1

J

JAVA_ADMIN role, 4.4.2

JAVA_DEPLOY role, 4.4.2

JAVADEBUGPRIV role, 4.4.2

JAVAIDPRIV role, 4.4.2

JAVASYSPRIV role, 4.4.2

JAVAUSERPRIV role, 4.4.2

JDBC

proxy authentication

Oracle Virtual Private Database, how it works with, 7.5.5

JDBC (thick or thin)

proxy authentication with real user, 3.10.1.5

JDBC (thick)

proxy authentication, 3.10.1

JMXSERVER role, 4.4.2

K

Kerberos authentication, 3.6.2

configuring for SYSDBA or SYSOPER access, 3.3.1.2

password management, 10.5

key generation

encryption, 8.3.2

key storage

encryption, 8.3.4

key transmission

encryption, 8.3.3

L

LBAC_DBA role, 4.4.2

least privilege principle, 10.3

about, 10.3

granting user privileges, 10.3

middle-tier privileges, 3.10.1.6

lightweight users

example using a global application context, 6.4.5

Lightweight Directory Access Protocol (LDAP), 7.4.2.7

listener

not an Oracle owner, 10.8.2

preventing online administration, 10.8.2

restrict privileges, 10.8.2, 10.8.2

secure administration, 10.8.2

listener.ora file

administering remotely, 10.8.2, 10.8.2

default location, 10.8.3

online administration, preventing, 10.8.2

TCPS, securing, 10.8.3

LOBS

auditing, 9.5.1

lock and expire

default accounts, 10.3

predefined user accounts, 10.3

log files

auditing, default location, 9.7.3.4

owned by trusted user, 10.6

Windows Event Viewer, 9.6.1

logical reads limit, 2.4.2.4

logon triggers

examples, 6.3.4

externally initialized application contexts, 6.3.4

secure application roles, 4.4.8

LOGSTDBY_ADMINISTRATOR role, 4.4.2

M

malicious database administrators

N

Net8

See Oracle Net

network auditing

about, 9.4.8.1

disabling, 9.4.8.3

network authentication

external authentication, 3.8.5

guidelines for securing, 10.5

roles, granting using, 4.9

Secure Sockets Layer, 3.6.1

smart cards, 10.5

third-party services, 3.6.2

token cards, 10.5

X.509 certificates, 10.5

network connections

Denial of Service attacks, addressing, 10.8.2

guidelines for security, 10.8, 10.8.1, 10.8.2

securing, 10.8.2

network IP addresses

guidelines for security, 10.8.2

new features, security, Preface

NOAUDIT statement

audit options, disabling, 9.4.3.5

default object audit options, disabling, 9.4.7.5

network auditing, disabling, 9.4.8.3

object auditing, disabling, 9.4.7.5

privilege auditing, disabling, 9.4.5.4

statement auditing, disabling, 9.4.4.4, 9.4.4.4

nondatabase users

about, 6.4.1

audit record information, 9.7.1

clearing session data, 6.4.3.6

creating client session-based application contexts, 6.5.1

global application contexts

package example, 6.4.3.5

setting, 6.4.3.5

tutorial, 6.4.5

One Big Application User authentication

security risks, 5.2.1

Oracle Virtual Private Database

tutorial for creating a policy group, 7.4.3

See also application contexts, client identifiers

O

O7_DICTIONARY_ACCESSIBILITY initialization parameter

about, 4.3.2.1

auditing privileges on SYS objects, 9.4.1.2, 9.7.2.5

data dictionary protection, 10.6

default setting, 10.6

securing data dictionary with, 4.3.2.1

object columns

auditing, 9.5.1

object privileges, 10.3

about, 4.5.3

granting on behalf of the owner, 4.6.2.2

managing, 5.8

revoking, 4.7.2

revoking on behalf of owner, 4.7.2.1

schema object privileges, 4.5.3

P

packages

auditing, 9.4.7.2

examples, 4.5.6.6

examples of privilege use, 4.5.6.6

privileges

divided by construct, 4.5.6.6

executing, 4.5.6.1, 4.5.6.6

parallel execution servers, 6.3.3.4

parallel query, and SYS_CONTEXT, 6.3.3.4

pass phrase

read and parse server.key file, 10.8.3

password files, 3.3.3

case sensitivity, effect on SEC_CASE_SENSITIVE_LOGON parameter, 3.2.3.8

PASSWORD statement

about, 2.3.1

PASSWORD_LIFE_TIME initialization parameter, 3.2.3.6

PASSWORD_LOCK_TIME initialization parameter, 3.2.3.4

PASSWORD_REUSE_MAX initialization parameter, 3.2.3.5

PASSWORD_REUSE_TIME initialization parameter, 3.2.3.5

passwords

about managing, 3.2.3.1

account locking, 3.2.3.4, 3.2.3.4

administrator

authenticating with, 3.3.3

guidelines for securing, 10.5

aging and expiration, 3.2.3.6

ALTER PROFILE statement, 3.2.3.1

altering, 2.3.1

application design guidelines, 5.3.1.2

applications, strategies for protecting passwords, 5.3

brute force attacks, 3.2.1

case sensitivity setting, SEC_CASE_SENSITIVE_LOGIN, 3.2.3.8

case sensitivity, configuring, 3.2.3.8

changing for roles, 4.4.3

complexity verification

about, 3.2.3.7

guidelines for security, 10.5

complexity, guidelines for enforcing, 10.5

connecting without, 3.5

CREATE PROFILE statement, 3.2.3.1

danger in storing as clear text, 10.5

database user authentication, 3.4.1

default profile settings

about, 3.2.3.3

enabling using DBCA, 3.2.3.3

enabling using SQL statements, 3.2.3.3

default user account, 10.5

default, finding, 3.2.3.2

delays for incorrect passwords, 3.2.1

duration, 10.5

encrypting, 3.2.1, 10.5

examples of creating, 3.2.2

expiring

explicitly, 3.2.3.6

procedure for, 3.2.3.6

proxy account passwords, 3.10.1.3

with grace period, 3.2.3.6

failed logins, resetting, 3.2.3.4

grace period, example, 3.2.3.6

guidelines for security, 10.5

history, 3.2.3.5, 3.2.3.5, 10.5

Java code example to read passwords, 5.3.4

length, 10.5

lifetime for, 3.2.3.6

lock time, 3.2.3.4

management rules, 10.5

managing, 3.2.3

maximum reuse time, 3.2.3.5

ORAPWD password utility, 3.2.3.8

password complexity verification, 3.2.3.7

password file risks, 3.3.3

PASSWORD_LOCK_TIME initialization parameter, 3.2.3.4

PASSWORD_REUSE_MAX initialization parameter, 3.2.3.5

PASSWORD_REUSE_TIME initialization parameter, 3.2.3.5

policies, 3.2.3

privileges for changing for roles, 4.4.3

privileges to alter, 2.3

protections, built-in, 3.2.1

proxy authentication, 3.10.1.9.1

requirements, 3.2.2

reusing, 3.2.3.5, 10.5

reusing passwords, 3.2.3.5

roles, 4.4.4.1

secure external password store, 3.2.5.1

security risks, 3.3.3

SYS and SYSTEM, 10.5, 10.5

used in roles, 4.4.1.2

UTLPWDMG.SQL password script

password management, 3.2.3.7

verified using SHA-1 hashing algorithm, 3.2.4, 3.2.4

See also authentication, and access control list (ACL), wallet access

performance

application contexts, 6.1

auditing, 9.1.6

Oracle Virtual Private Database policies, 7.1.2.2

Oracle Virtual Private Database policy types, 7.3.6

resource limits and, 2.4.1

permissions

default, 10.6

run-time facilities, 10.3

PKI

See public key infrastructure (PKI)

PL/SQL

auditing of statements within, 9.4.1.3

roles in procedures, 4.4.1.5

PL/SQL procedures

setting application context, 6.3.3.1

PMON background process

application contexts, cleaning up, 6.3.1

positional parameters

security risks, 5.3.1.4

principle of least privilege, 10.3

about, 10.3

granting user privileges, 10.3

middle-tier privileges, 3.10.1.6

privileges

about, 4.1

access control lists, checking, 4.11.8

altering

passwords, 2.3.1

users, 2.3

altering role authentication method, 4.4.3

applications, managing, 5.4

auditing system, 9.4.5.3

auditing use of, 9.4.5.1, 9.4.5.3

auditing, recommened settings for, 10.9.5

cascading revokes, 4.7.3

column, 4.6.2.3

creating users, 2.2.1

dropping profiles, 2.4.4.2

finding information about, 4.12

granting

about, 4.3.3, 4.6

examples, 4.5.6.6, 4.5.6.6

object privileges, 4.6.2

schema object privileges, 4.5.3.1

system, 4.6.1

system privileges, 4.6

grants, listing, 4.12.1

grouping with roles, 4.4

managing, 5.8

middle tier, 3.10.1.6

object, 4.5.1, 4.5.2, 5.8.2

on selected columns, 4.7.2.2

procedures, 4.5.6.1

creating and altering, 4.5.6.5

executing, 4.5.6.1

in packages, 4.5.6.6

reasons to grant, 4.2

revoking privileges

about, 4.3.3

object, 4.7.2

object privileges, cascading effect, 4.7.3.2

object privileges, requirements for, 4.7.2

schema object, 4.5.3.1

revoking system privileges, 4.7.1

roles

creating, 4.4.3

dropping, 4.4.6

restrictions on, 4.4.1.6

roles, why better to grant, 4.2

schema object, 4.5.3

DML and DDL operations, 4.5.4

granting and revoking, 4.5.3.1

packages, 4.5.6.6

proced