SlideShare a Scribd company logo

8.1.6 newsecurity features

Anil Pandey
Anil Pandey

Regarding Oracle Documents

Software
1 of 8
Download to read offline
Oracle8i™ Release 8.1.6 New Security Features Summary Features Overview November 1999 INTRODUCTION Oracle8i Release 8.1.6 is the first maintenance release of the Oracle8i database, including many bug fixes, performance improvements, and feature enhancements. However, this release also includes several critical security new features that are noteworthy. The enhancements and new features in release 8.1.6 can be categorized as: · Oracle8i Improvements · Oracle Advanced Security Improvements ORACLE8i IMPROVEMENTS The main focus of Release 8.1.6 is to maintain stability and improve on quality, performance, and installation/configuration and management of the Oracle8i database server. Oracle has also added specific enhancements to improve the security and user management capabilities of the Oracle8i server. STORED DATA ENCRYPTION The growth of electronic commerce has resulted in an increase in the storage of highly sensitive information, such as credit card numbers, in the database. Countries with strict national privacy laws are often required to prevent national identity numbers from being viewed, even by DBAs or other “trusted” users. Companies with trade secrets, such as industrial formulas, may wish to
zealously guard these valuable assets. Applications for which users are not database users may wish to store “application user” passwords, or session cookies, in encrypted form in the database. Most issues of data security can be handled by Oracle8i’s authentication and access control mechanisms, ensuring that only properly identified and authorized users can access data. Data in the database, however, cannot normally be secured against the database administrator's access, since a DBA has all privileges. For applications with special requirements to secure sensitive data from view, even from DBAs, Oracle8i release 8.1.6 provides a PL/SQL package to encrypt (and decrypt) data, including string inputs and raw inputs, using the industry-standard Data Encryption Standard (DES), in exportable keylengths. The ability to natively encrypt data in the server enables applications to guard their especially sensitive data. Furthermore, developers need no long “roll their own” encryption using algorithms they craft themselves, or download from the Internet. VIRTUAL PRIVATE DATABASE ENHANCEMENTS Oracle8i introduced the Virtual Private Database, which provides server-enforced, fine-grained access control. Because the Virtual Private Database provides server-enforced security, it cannot be bypassed by users accessing data directly, or using another application. The application context feature can be used to improve the performance of Virtual Private Database by functioning as a secure data cache. Application context has been enhanced in Release 8.1.6 so that additional attributes, including external name, proxy user and userid, protocol, port number, and full DN (distinguished name) from an X.509 certificate, are now accessible and can be used to limit access to data. For example, you could use the OU (Organizational Unit) component of a DN to limit users to viewing their own organization’s records only.
ORACLE ADVANCED SECURITY IMPROVEMENTS Oracle Advanced Security has improved configuration and management tools to simplify security management. Oracle Advanced Security also provides new forms of network encryption, to ensure the security of all protocols accessing the Oracle8i database, and enhanced single sign-on. NETWORK SECURITY ENHANCEMENTS Release 8.1.6 enhances Oracle’s support for the SSL (Secure Sockets Layer) standard. SSL encryption for Internet Intra-ORB Protocol (IIOP) communications is now available, enabling secure Enterprise Java Beans (EJBs). Also, a Java version of the Oracle Advanced Security encryption libraries is now available to secure thin JDBC connections. The Java implementation of Oracle Advanced Security provides DES encryption, with anonymous Diffie-Hellman key exchange, in 100% Java. Oracle Advanced Security thus secures all protocols into the Oracle8i database, whether IIOP, thick or thin JDBC, or Net8. Oracle Advanced Security has also completed the operational testing phase of FIPS-140 level 2 (Federal Information Processing Standard) certification, a United States government standard that relates to the security of cryptographic products. Completion of the FIPS-140 certification, which is expected in Q4 1999, is required by many organizations, among them the United States government and many financial institutions. SINGLE SIGN-ON Oracle Advanced Security already supports many forms of single sign-on for database users, among them Kerberos, SESAME, and DCE. Release 8.1.6 adds support for SSL-based single sign-on.
PKI Credential Management Oracle Wallet Manager provides secure management of PKI (public key infrastructure)-based user credentials. Oracle Wallet Manager creates a private and public key pair for a user, and issues a PKCS#10 certificate signing request which can be fulfilled by a Certificate Authority (CA). After the CA issues an X.509 certificate, the user can load the certificate into his wallet. Oracle Wallet Manager also manages user trustpoints, the list of root certificates that the user trusts, and is pre-configured with root certificates from PKI vendors such as VeriSign and Cybertrust. Wallets are protected using password-based, strong encryption. In most cases, a user need never access a wallet once it has been configured, but can easily access his wallet using Oracle Enterprise Login Assistant, a very simple-to-use login tool that hides the complexity of a private key and certificate from users. Once users have securely opened their wallets, they can then connect to multiple databases over SSL, without providing additional passwords. This provides the benefit of strong authentication as well as single sign-on. SSL for single sign-on can be used alone, or in conjunction with enterprise user management, described below. ENTERPRISE USER MANAGEMENT Enterprises today face tremendous challenges in managing information about users, keeping user information current, and securing access to all the information in an enterprise. Each user may have multiple accounts on different databases, requiring her to remember passwords for each of these accounts. Users not only have too many passwords, but there are too many accounts for administrators to manage. Furthermore, the lack of centralization is a security risk, because old or unused accounts and privileges can be misused. To address these challenges, Release 8.1.6 introduces enterprise user management. Enterprise users and their authorizations are managed in Oracle Internet Directory, an LDAP-based directory service, using Oracle Enterprise Security Manager, a tool accessible through Oracle Enterprise Manager.
Enterprise users can be assigned enterprise roles (which are containers of database-specific global roles), that determine their access privileges in databases. For example, the enterprise role CLERK could contain the global role HRCLERK on the Human Resources database, and the global role ANALYST on the Payroll database. An enterprise role can be granted or revoked to one or more enterprise users. For example, an administrator could grant the enterprise role CLERK to a number of enterprise users who hold the same job. This information about users and roles is protected in the directory through Access Control Lists, ensuring that only a privileged administrator can manage users, and grant and revoke roles. USER/SCHEMA SEPARATION In general, users do not need their own accounts - or their own schemas - in a database, they merely need to access an application schema. For example, users John, Firuzeh and Jane are all users of the Payroll application, and they need access to the Payroll schema on the Finance database. None of them needs to create his or her own objects in the database; in fact, they need only access Payroll objects. Release 8.1.6 allows you to separate users from schemas, so that many enterprise users can access a single, shared application schema. Instead of creating a user account (that is, a user schema) in each database a user needs to access, you need only create an enterprise user in the directory, and “point” the user at a shared schema that many other enterprise users can also access. For example, if John, Firuzeh and Jane all access the Sales database, you need only create a single schema, e.g. ‘sales_application’ which all three users can access, instead of creating an account for each user on the Sales database. Now, you can truly create an enterprise user once, in the directory, who nonetheless can access multiple databases using only the privileges she needs to perform her job, thus lowering the cost of managing users in an enterprise. Another benefit of schema-independent users is that you can manage many more users than could otherwise be done with users tied to individual database accounts. Schema-independent users thus enables scalability of user management for the Internet.
Oracle’s LDAP version 3-compliant directory server, Oracle Internet Directory, is fully integrated with Oracle8i and supports “off-the-shelf” enterprise user management. Other LDAP directories, including Novell Directory Service (NDS) and Microsoft’s Active Directory for Windows 2000 will be certified to operate with enterprise user management. ENTRUST INTEGRATION Entrust Technologies, Inc. is a market-leading provider of Public Key Infrastructure (PKI) solutions, through their Entrust/PKI software. Entrust/PKI includes many products, such as Entrust Profile, which secures users’ PKI credentials, and Entrust Authority, Entrust’s certificate authority product. Oracle is making specific product modifications to Oracle Advanced Security to enable customers of both Oracle and Entrust to incorporate Entrust-based single sign-on into their Oracle applications. By integrating with Entrust/PKI, Oracle enhances its ability to provide X.509-based single sign-on to large customers who require the extensive key management, certificate revocation, and other features which Entrust provides. Oracle will implement support for Entrust/PKI in Oracle Advanced Security release 8.1.6, enabling customers to use Entrust Profile, Entrust’s “wallet” mechanism, for storage of certificate and private keys, and for secure credential management. Instead of accessing user credentials (private key and certificate) from an Oracle wallet, Oracle Advanced Security accesses a user’s Entrust Profile for authentication and single sign-on. Entrust integration will require both release 8.1.6 of Oracle Advanced Security and Entrust Authority 5. Production use of this feature will be available shortly after general availability of Oracle Advanced Security release 8.1.6.
RELEASE 8.1.6 NEW FEATURES ORACLE8I IMPROVEMENTS · Encrypt/decrypt package in PL/SQL · New application context primitives for access control ORACLE ADVANCED SECURITY IMPROVEMENTS Network Security · Single sign-on over SSL · SSL for IIOP · 100% Java encryption for “thin” JDBC · FIPS-140 level 2 certification (in-process) User Management · Enterprise user management · Schema-independent users · Oracle Enterprise Security Manager Single Sign-On · Single sign-on over SSL · Oracle Enterprise Login Assistant · Oracle Wallet Manager for credential management · Entrust/PKI integration
Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: +1.650.506.7000 Fax +1.650.506.7200 http://www.oracle.com/ Copyright © Oracle Corporation 1999 All Rights Reserved This document is provided for informational purposes only, and the information herein is subject to change without notice. Please report any errors herein to Oracle Corporation. Oracle Corporation does not provide any warranties covering and specifically disclaims any liability in connection with this document. Oracle is a registered trademark, and Oracle8i, Oracle8i Enterprise Edition, Oracle8i Personal Edition, Oracle8i Lite, Net8, and PL/SQL are trademarks of Oracle Corporation. All other company and product names mentioned are used for identification purposes only and may be trademarks of their respective owners.

Recommended

As onew816a
As onew816aAs onew816a
As onew816aAnil Pandey
 
816isdfo
816isdfo816isdfo
816isdfoAnil Pandey
 
10280_ShareFileEnterpriseSecurity_HR
10280_ShareFileEnterpriseSecurity_HR10280_ShareFileEnterpriseSecurity_HR
10280_ShareFileEnterpriseSecurity_HRMark Howell
 
Document management system using liferay 7
Document management system using liferay 7Document management system using liferay 7
Document management system using liferay 7Dhanraj Dadhich
 
Idm Workshop
Idm WorkshopIdm Workshop
Idm WorkshopMohamed Atef
 
Oim Poc1.0
Oim Poc1.0Oim Poc1.0
Oim Poc1.0Mohamed Atef
 
Sim-webcast-part1-1aa
Sim-webcast-part1-1aaSim-webcast-part1-1aa
Sim-webcast-part1-1aaOracleIDM
 
SQL Server Integration Services with Oracle Database 10g
SQL Server Integration Services with Oracle Database 10gSQL Server Integration Services with Oracle Database 10g
SQL Server Integration Services with Oracle Database 10gLeidy Alexandra
 

Recommended

As onew816a
As onew816aAs onew816a
As onew816aAnil Pandey
 
816isdfo
816isdfo816isdfo
816isdfoAnil Pandey
 
10280_ShareFileEnterpriseSecurity_HR
10280_ShareFileEnterpriseSecurity_HR10280_ShareFileEnterpriseSecurity_HR
10280_ShareFileEnterpriseSecurity_HRMark Howell
 
Document management system using liferay 7
Document management system using liferay 7Document management system using liferay 7
Document management system using liferay 7Dhanraj Dadhich
 
Idm Workshop
Idm WorkshopIdm Workshop
Idm WorkshopMohamed Atef
 
Oim Poc1.0
Oim Poc1.0Oim Poc1.0
Oim Poc1.0Mohamed Atef
 
Sim-webcast-part1-1aa
Sim-webcast-part1-1aaSim-webcast-part1-1aa
Sim-webcast-part1-1aaOracleIDM
 
SQL Server Integration Services with Oracle Database 10g
SQL Server Integration Services with Oracle Database 10gSQL Server Integration Services with Oracle Database 10g
SQL Server Integration Services with Oracle Database 10gLeidy Alexandra
 
Polling system solution using blockchain & Liferay
Polling system solution using blockchain & LiferayPolling system solution using blockchain & Liferay
Polling system solution using blockchain & LiferayDhanraj Dadhich
 
Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager BasicsChekka Venkateshwar Rao
 
The Enterprise File Fabric for Memset
The Enterprise File Fabric for MemsetThe Enterprise File Fabric for Memset
The Enterprise File Fabric for MemsetHybrid Cloud
 
Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls Kingsley Uyi Idehen
 
Ces70 salesforce2 connectorguide
Ces70 salesforce2 connectorguideCes70 salesforce2 connectorguide
Ces70 salesforce2 connectorguideKalpesh More
 
Virtuoso Platform Overview
Virtuoso Platform OverviewVirtuoso Platform Overview
Virtuoso Platform OverviewKingsley Uyi Idehen
 
Presentation- on OIM
Presentation- on OIMPresentation- on OIM
Presentation- on OIMTamim Khan
 
Introduction to Oracle
Introduction to OracleIntroduction to Oracle
Introduction to OracleAchmad Solichin
 
Oracle Access Manager Overview
Oracle Access Manager OverviewOracle Access Manager Overview
Oracle Access Manager Overviewguestf6dc99b
 
Material modulo02 asf6501(6425-b_01)
Material modulo02 asf6501(6425-b_01)Material modulo02 asf6501(6425-b_01)
Material modulo02 asf6501(6425-b_01)JSantanderQ
 
Elements_Architecture_and_Technology.pdf
Elements_Architecture_and_Technology.pdfElements_Architecture_and_Technology.pdf
Elements_Architecture_and_Technology.pdfJeff Smith
 
Case Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San FranciscoCase Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San FranciscoForgeRock
 
Material modulo01 asf6501(6419-a_01)
Material modulo01 asf6501(6419-a_01)Material modulo01 asf6501(6419-a_01)
Material modulo01 asf6501(6419-a_01)JSantanderQ
 
The Enterprise File Fabric for Vecima MediaScaleX
The Enterprise File Fabric for Vecima MediaScaleXThe Enterprise File Fabric for Vecima MediaScaleX
The Enterprise File Fabric for Vecima MediaScaleXHybrid Cloud
 
Understanding Data
Understanding Data Understanding Data
Understanding Data Kingsley Uyi Idehen
 
SPSCT15 - Must Love Term Sets: The New and Improved Managed Metadata Service ...
SPSCT15 - Must Love Term Sets: The New and Improved Managed Metadata Service ...SPSCT15 - Must Love Term Sets: The New and Improved Managed Metadata Service ...
SPSCT15 - Must Love Term Sets: The New and Improved Managed Metadata Service ...Jonathan Ralton
 
801 קיץ ב 2008
801 קיץ ב 2008801 קיץ ב 2008
801 קיץ ב 2008bagrutonline
 
800&400 meters 2º secciones
800&400 meters 2º secciones800&400 meters 2º secciones
800&400 meters 2º seccionesMariaMontoya810
 
קו למושב, גיליון 819 - 23/1/14
קו למושב, גיליון 819 - 23/1/14קו למושב, גיליון 819 - 23/1/14
קו למושב, גיליון 819 - 23/1/14eshaki
 
קו למושב, גיליון 816 - 02/01/2014
קו למושב, גיליון 816 - 02/01/2014קו למושב, גיליון 816 - 02/01/2014
קו למושב, גיליון 816 - 02/01/2014eshaki
 
план недели 8 декабря2014 г.
план недели 8 декабря2014 г.план недели 8 декабря2014 г.
план недели 8 декабря2014 г.bukish
 
3Q10 Results Conference Call
3Q10 Results Conference Call3Q10 Results Conference Call
3Q10 Results Conference CallKianne Paganini
 

More Related Content

What's hot

Polling system solution using blockchain & Liferay
Polling system solution using blockchain & LiferayPolling system solution using blockchain & Liferay
Polling system solution using blockchain & LiferayDhanraj Dadhich
 
The Enterprise File Fabric for Memset
The Enterprise File Fabric for MemsetThe Enterprise File Fabric for Memset
The Enterprise File Fabric for MemsetHybrid Cloud
 
Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls Kingsley Uyi Idehen
 
Ces70 salesforce2 connectorguide
Ces70 salesforce2 connectorguideCes70 salesforce2 connectorguide
Ces70 salesforce2 connectorguideKalpesh More
 
Presentation- on OIM
Presentation- on OIMPresentation- on OIM
Presentation- on OIMTamim Khan
 
Oracle Access Manager Overview
Oracle Access Manager OverviewOracle Access Manager Overview
Oracle Access Manager Overviewguestf6dc99b
 
Material modulo02 asf6501(6425-b_01)
Material modulo02 asf6501(6425-b_01)Material modulo02 asf6501(6425-b_01)
Material modulo02 asf6501(6425-b_01)JSantanderQ
 
Elements_Architecture_and_Technology.pdf
Elements_Architecture_and_Technology.pdfElements_Architecture_and_Technology.pdf
Elements_Architecture_and_Technology.pdfJeff Smith
 
Case Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San FranciscoCase Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San FranciscoForgeRock
 
Material modulo01 asf6501(6419-a_01)
Material modulo01 asf6501(6419-a_01)Material modulo01 asf6501(6419-a_01)
Material modulo01 asf6501(6419-a_01)JSantanderQ
 
The Enterprise File Fabric for Vecima MediaScaleX
The Enterprise File Fabric for Vecima MediaScaleXThe Enterprise File Fabric for Vecima MediaScaleX
The Enterprise File Fabric for Vecima MediaScaleXHybrid Cloud
 
SPSCT15 - Must Love Term Sets: The New and Improved Managed Metadata Service ...
SPSCT15 - Must Love Term Sets: The New and Improved Managed Metadata Service ...SPSCT15 - Must Love Term Sets: The New and Improved Managed Metadata Service ...
SPSCT15 - Must Love Term Sets: The New and Improved Managed Metadata Service ...Jonathan Ralton
 

What's hot (16)

Polling system solution using blockchain & Liferay
Polling system solution using blockchain & LiferayPolling system solution using blockchain & Liferay
Polling system solution using blockchain & Liferay
 
Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager Basics
 
The Enterprise File Fabric for Memset
The Enterprise File Fabric for MemsetThe Enterprise File Fabric for Memset
The Enterprise File Fabric for Memset
 
Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls Enterprise & Web based Federated Identity Management & Data Access Controls
Enterprise & Web based Federated Identity Management & Data Access Controls
 
Ces70 salesforce2 connectorguide
Ces70 salesforce2 connectorguideCes70 salesforce2 connectorguide
Ces70 salesforce2 connectorguide
 
Virtuoso Platform Overview
Virtuoso Platform OverviewVirtuoso Platform Overview
Virtuoso Platform Overview
 
Presentation- on OIM
Presentation- on OIMPresentation- on OIM
Presentation- on OIM
 
Introduction to Oracle
Introduction to OracleIntroduction to Oracle
Introduction to Oracle
 
Oracle Access Manager Overview
Oracle Access Manager OverviewOracle Access Manager Overview
Oracle Access Manager Overview
 
Material modulo02 asf6501(6425-b_01)
Material modulo02 asf6501(6425-b_01)Material modulo02 asf6501(6425-b_01)
Material modulo02 asf6501(6425-b_01)
 
Elements_Architecture_and_Technology.pdf
Elements_Architecture_and_Technology.pdfElements_Architecture_and_Technology.pdf
Elements_Architecture_and_Technology.pdf
 
Case Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San FranciscoCase Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San Francisco
 
Material modulo01 asf6501(6419-a_01)
Material modulo01 asf6501(6419-a_01)Material modulo01 asf6501(6419-a_01)
Material modulo01 asf6501(6419-a_01)
 
The Enterprise File Fabric for Vecima MediaScaleX
The Enterprise File Fabric for Vecima MediaScaleXThe Enterprise File Fabric for Vecima MediaScaleX
The Enterprise File Fabric for Vecima MediaScaleX
 
Understanding Data
Understanding Data Understanding Data
Understanding Data
 
SPSCT15 - Must Love Term Sets: The New and Improved Managed Metadata Service ...
SPSCT15 - Must Love Term Sets: The New and Improved Managed Metadata Service ...SPSCT15 - Must Love Term Sets: The New and Improved Managed Metadata Service ...
SPSCT15 - Must Love Term Sets: The New and Improved Managed Metadata Service ...
 

Viewers also liked

801 קיץ ב 2008
801 קיץ ב 2008801 קיץ ב 2008
801 קיץ ב 2008bagrutonline
 
800&400 meters 2º secciones
800&400 meters 2º secciones800&400 meters 2º secciones
800&400 meters 2º seccionesMariaMontoya810
 
קו למושב, גיליון 819 - 23/1/14
קו למושב, גיליון 819 - 23/1/14קו למושב, גיליון 819 - 23/1/14
קו למושב, גיליון 819 - 23/1/14eshaki
 
קו למושב, גיליון 816 - 02/01/2014
קו למושב, גיליון 816 - 02/01/2014קו למושב, גיליון 816 - 02/01/2014
קו למושב, גיליון 816 - 02/01/2014eshaki
 
план недели 8 декабря2014 г.
план недели 8 декабря2014 г.план недели 8 декабря2014 г.
план недели 8 декабря2014 г.bukish
 
3Q10 Results Conference Call
3Q10 Results Conference Call3Q10 Results Conference Call
3Q10 Results Conference CallKianne Paganini
 
YAMAHA XS 400 1982 - service manual_chapter3_engine_overhaul_part2
YAMAHA XS 400 1982 - service manual_chapter3_engine_overhaul_part2YAMAHA XS 400 1982 - service manual_chapter3_engine_overhaul_part2
YAMAHA XS 400 1982 - service manual_chapter3_engine_overhaul_part2YamahaXS400
 
YAMAHA XS 400 1982 - service manual_chapter3_engine_overhaul_part3
YAMAHA XS 400 1982 - service manual_chapter3_engine_overhaul_part3YAMAHA XS 400 1982 - service manual_chapter3_engine_overhaul_part3
YAMAHA XS 400 1982 - service manual_chapter3_engine_overhaul_part3YamahaXS400
 

Viewers also liked (8)

801 קיץ ב 2008
801 קיץ ב 2008801 קיץ ב 2008
801 קיץ ב 2008
 
800&400 meters 2º secciones
800&400 meters 2º secciones800&400 meters 2º secciones
800&400 meters 2º secciones
 
קו למושב, גיליון 819 - 23/1/14
קו למושב, גיליון 819 - 23/1/14קו למושב, גיליון 819 - 23/1/14
קו למושב, גיליון 819 - 23/1/14
 
קו למושב, גיליון 816 - 02/01/2014
קו למושב, גיליון 816 - 02/01/2014קו למושב, גיליון 816 - 02/01/2014
קו למושב, גיליון 816 - 02/01/2014
 
план недели 8 декабря2014 г.
план недели 8 декабря2014 г.план недели 8 декабря2014 г.
план недели 8 декабря2014 г.
 
3Q10 Results Conference Call
3Q10 Results Conference Call3Q10 Results Conference Call
3Q10 Results Conference Call
 
YAMAHA XS 400 1982 - service manual_chapter3_engine_overhaul_part2
YAMAHA XS 400 1982 - service manual_chapter3_engine_overhaul_part2YAMAHA XS 400 1982 - service manual_chapter3_engine_overhaul_part2
YAMAHA XS 400 1982 - service manual_chapter3_engine_overhaul_part2
 
YAMAHA XS 400 1982 - service manual_chapter3_engine_overhaul_part3
YAMAHA XS 400 1982 - service manual_chapter3_engine_overhaul_part3YAMAHA XS 400 1982 - service manual_chapter3_engine_overhaul_part3
YAMAHA XS 400 1982 - service manual_chapter3_engine_overhaul_part3
 

Similar to 8.1.6 newsecurity features

8 isecurity database
8 isecurity database8 isecurity database
8 isecurity databaseAnil Pandey
 
Security in oracle
Security in oracleSecurity in oracle
Security in oraclessuser40bb47
 
security in oracle database
security in oracle databasesecurity in oracle database
security in oracle databasessuser40bb47
 
What_to_expect_from_oracle_database_12c
What_to_expect_from_oracle_database_12cWhat_to_expect_from_oracle_database_12c
What_to_expect_from_oracle_database_12cMaria Colgan
 
oracle-database-editions-wp-12c-1896124
oracle-database-editions-wp-12c-1896124oracle-database-editions-wp-12c-1896124
oracle-database-editions-wp-12c-1896124Arjun Sathe
 
How to protect your sensitive data using oracle database vault / Creating and...
How to protect your sensitive data using oracle database vault / Creating and...How to protect your sensitive data using oracle database vault / Creating and...
How to protect your sensitive data using oracle database vault / Creating and...Anar Godjaev
 
Oracle Identity Management Leveraging Oracle’s Engineered Systems
Oracle Identity Management Leveraging Oracle’s Engineered SystemsOracle Identity Management Leveraging Oracle’s Engineered Systems
Oracle Identity Management Leveraging Oracle’s Engineered SystemsGregOracle
 
Securing Oracle Database 12c
Securing Oracle Database 12cSecuring Oracle Database 12c
Securing Oracle Database 12cInprise Group
 
Oracle Database 11g Product Family
Oracle Database 11g Product FamilyOracle Database 11g Product Family
Oracle Database 11g Product FamilyN/A
 
Oracle oracle database 11g product family
Oracle oracle database 11g product familyOracle oracle database 11g product family
Oracle oracle database 11g product familySid Xing
 
Best Practices in Implementing Oracle Database Security Products
Best Practices in Implementing Oracle Database Security ProductsBest Practices in Implementing Oracle Database Security Products
Best Practices in Implementing Oracle Database Security ProductsEstuate, Inc.
 
Oracle database 12c security and compliance
Oracle database 12c security and complianceOracle database 12c security and compliance
Oracle database 12c security and complianceFITSFSd
 
PCI Compliance: How to Remain Compliant and Gain Near Real-Time Analytics on ...
PCI Compliance: How to Remain Compliant and Gain Near Real-Time Analytics on ...PCI Compliance: How to Remain Compliant and Gain Near Real-Time Analytics on ...
PCI Compliance: How to Remain Compliant and Gain Near Real-Time Analytics on ...Emtec Inc.
 
8 i internet_security
8 i internet_security8 i internet_security
8 i internet_securityAnil Pandey
 
how to protect your sensitive data using oracle database vault
how to protect your sensitive data using oracle database vaulthow to protect your sensitive data using oracle database vault
how to protect your sensitive data using oracle database vaultAnar Godjaev
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory ProposalMJ Ferdous
 
The Benefits of Having a Data Privacy Vault Tech domain news.pdf
The Benefits of Having a Data Privacy Vault Tech domain news.pdfThe Benefits of Having a Data Privacy Vault Tech domain news.pdf
The Benefits of Having a Data Privacy Vault Tech domain news.pdfDomain News Tech
 
A introduction to oracle data integrator
A introduction to oracle data integratorA introduction to oracle data integrator
A introduction to oracle data integratorchkamal
 

Similar to 8.1.6 newsecurity features (20)

8 isecurity database
8 isecurity database8 isecurity database
8 isecurity database
 
Sso & rman
Sso & rmanSso & rman
Sso & rman
 
Security in oracle
Security in oracleSecurity in oracle
Security in oracle
 
security in oracle database
security in oracle databasesecurity in oracle database
security in oracle database
 
What_to_expect_from_oracle_database_12c
What_to_expect_from_oracle_database_12cWhat_to_expect_from_oracle_database_12c
What_to_expect_from_oracle_database_12c
 
oracle
oracleoracle
oracle
 
oracle-database-editions-wp-12c-1896124
oracle-database-editions-wp-12c-1896124oracle-database-editions-wp-12c-1896124
oracle-database-editions-wp-12c-1896124
 
How to protect your sensitive data using oracle database vault / Creating and...
How to protect your sensitive data using oracle database vault / Creating and...How to protect your sensitive data using oracle database vault / Creating and...
How to protect your sensitive data using oracle database vault / Creating and...
 
Oracle Identity Management Leveraging Oracle’s Engineered Systems
Oracle Identity Management Leveraging Oracle’s Engineered SystemsOracle Identity Management Leveraging Oracle’s Engineered Systems
Oracle Identity Management Leveraging Oracle’s Engineered Systems
 
Securing Oracle Database 12c
Securing Oracle Database 12cSecuring Oracle Database 12c
Securing Oracle Database 12c
 
Oracle Database 11g Product Family
Oracle Database 11g Product FamilyOracle Database 11g Product Family
Oracle Database 11g Product Family
 
Oracle oracle database 11g product family
Oracle oracle database 11g product familyOracle oracle database 11g product family
Oracle oracle database 11g product family
 
Best Practices in Implementing Oracle Database Security Products
Best Practices in Implementing Oracle Database Security ProductsBest Practices in Implementing Oracle Database Security Products
Best Practices in Implementing Oracle Database Security Products
 
Oracle database 12c security and compliance
Oracle database 12c security and complianceOracle database 12c security and compliance
Oracle database 12c security and compliance
 
PCI Compliance: How to Remain Compliant and Gain Near Real-Time Analytics on ...
PCI Compliance: How to Remain Compliant and Gain Near Real-Time Analytics on ...PCI Compliance: How to Remain Compliant and Gain Near Real-Time Analytics on ...
PCI Compliance: How to Remain Compliant and Gain Near Real-Time Analytics on ...
 
8 i internet_security
8 i internet_security8 i internet_security
8 i internet_security
 
how to protect your sensitive data using oracle database vault
how to protect your sensitive data using oracle database vaulthow to protect your sensitive data using oracle database vault
how to protect your sensitive data using oracle database vault
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory Proposal
 
The Benefits of Having a Data Privacy Vault Tech domain news.pdf
The Benefits of Having a Data Privacy Vault Tech domain news.pdfThe Benefits of Having a Data Privacy Vault Tech domain news.pdf
The Benefits of Having a Data Privacy Vault Tech domain news.pdf
 
A introduction to oracle data integrator
A introduction to oracle data integratorA introduction to oracle data integrator
A introduction to oracle data integrator
 

More from Anil Pandey

National health policy_2017
National health policy_2017National health policy_2017
National health policy_2017Anil Pandey
 
Class 3-computer-pt3-rev-ws-56
Class 3-computer-pt3-rev-ws-56Class 3-computer-pt3-rev-ws-56
Class 3-computer-pt3-rev-ws-56Anil Pandey
 
Class 3-social-pt3-rev-ws-for-uploading
Class 3-social-pt3-rev-ws-for-uploadingClass 3-social-pt3-rev-ws-for-uploading
Class 3-social-pt3-rev-ws-for-uploadingAnil Pandey
 
Class 3-science-pt3-rev-ws-for-uploading
Class 3-science-pt3-rev-ws-for-uploadingClass 3-science-pt3-rev-ws-for-uploading
Class 3-science-pt3-rev-ws-for-uploadingAnil Pandey
 
Class 3-math-pt3-rev-ws-for-uploading
Class 3-math-pt3-rev-ws-for-uploadingClass 3-math-pt3-rev-ws-for-uploading
Class 3-math-pt3-rev-ws-for-uploadingAnil Pandey
 
Class 3-hindi-pt3-rev-ws-for-uploading
Class 3-hindi-pt3-rev-ws-for-uploadingClass 3-hindi-pt3-rev-ws-for-uploading
Class 3-hindi-pt3-rev-ws-for-uploadingAnil Pandey
 
Class 3-english-pt3-rev-ws-for-uploading
Class 3-english-pt3-rev-ws-for-uploadingClass 3-english-pt3-rev-ws-for-uploading
Class 3-english-pt3-rev-ws-for-uploadingAnil Pandey
 
Art of indexing_in_o8i
Art of indexing_in_o8iArt of indexing_in_o8i
Art of indexing_in_o8iAnil Pandey
 
Apps session wait_tables
Apps session wait_tablesApps session wait_tables
Apps session wait_tablesAnil Pandey
 
Application sql issues_and_tuning
Application sql issues_and_tuningApplication sql issues_and_tuning
Application sql issues_and_tuningAnil Pandey
 
Appliance whitepaper 8_i
Appliance whitepaper 8_iAppliance whitepaper 8_i
Appliance whitepaper 8_iAnil Pandey
 

More from Anil Pandey (20)

26 bg2020
26 bg202026 bg2020
26 bg2020
 
National health policy_2017
National health policy_2017National health policy_2017
National health policy_2017
 
Class 3-computer-pt3-rev-ws-56
Class 3-computer-pt3-rev-ws-56Class 3-computer-pt3-rev-ws-56
Class 3-computer-pt3-rev-ws-56
 
Class 3-social-pt3-rev-ws-for-uploading
Class 3-social-pt3-rev-ws-for-uploadingClass 3-social-pt3-rev-ws-for-uploading
Class 3-social-pt3-rev-ws-for-uploading
 
Class 3-science-pt3-rev-ws-for-uploading
Class 3-science-pt3-rev-ws-for-uploadingClass 3-science-pt3-rev-ws-for-uploading
Class 3-science-pt3-rev-ws-for-uploading
 
Class 3-math-pt3-rev-ws-for-uploading
Class 3-math-pt3-rev-ws-for-uploadingClass 3-math-pt3-rev-ws-for-uploading
Class 3-math-pt3-rev-ws-for-uploading
 
Class 3-hindi-pt3-rev-ws-for-uploading
Class 3-hindi-pt3-rev-ws-for-uploadingClass 3-hindi-pt3-rev-ws-for-uploading
Class 3-hindi-pt3-rev-ws-for-uploading
 
Class 3-english-pt3-rev-ws-for-uploading
Class 3-english-pt3-rev-ws-for-uploadingClass 3-english-pt3-rev-ws-for-uploading
Class 3-english-pt3-rev-ws-for-uploading
 
Art of indexing_in_o8i
Art of indexing_in_o8iArt of indexing_in_o8i
Art of indexing_in_o8i
 
Apps session wait_tables
Apps session wait_tablesApps session wait_tables
Apps session wait_tables
 
Application sql issues_and_tuning
Application sql issues_and_tuningApplication sql issues_and_tuning
Application sql issues_and_tuning
 
Appliance whitepaper 8_i
Appliance whitepaper 8_iAppliance whitepaper 8_i
Appliance whitepaper 8_i
 
Appd2 cg
Appd2 cgAppd2 cg
Appd2 cg
 
A85248
A85248A85248
A85248
 
35 dbatune3
35 dbatune335 dbatune3
35 dbatune3
 
9ias
9ias9ias
9ias
 
9i lin relnotes
9i lin relnotes9i lin relnotes
9i lin relnotes
 
9i hp relnotes
9i hp relnotes9i hp relnotes
9i hp relnotes
 
8i r3 nfs
8i r3 nfs8i r3 nfs
8i r3 nfs
 
8iliteds
8iliteds8iliteds
8iliteds
 

Recently uploaded

Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
What are the features of Vehicle Tracking System?
What are the features of Vehicle Tracking System?What are the features of Vehicle Tracking System?
What are the features of Vehicle Tracking System?Watsoo Telematics
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 

Recently uploaded (20)

Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
What are the features of Vehicle Tracking System?
What are the features of Vehicle Tracking System?What are the features of Vehicle Tracking System?
What are the features of Vehicle Tracking System?
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 

8.1.6 newsecurity features

  • 1. Oracle8i™ Release 8.1.6 New Security Features Summary Features Overview November 1999 INTRODUCTION Oracle8i Release 8.1.6 is the first maintenance release of the Oracle8i database, including many bug fixes, performance improvements, and feature enhancements. However, this release also includes several critical security new features that are noteworthy. The enhancements and new features in release 8.1.6 can be categorized as: · Oracle8i Improvements · Oracle Advanced Security Improvements ORACLE8i IMPROVEMENTS The main focus of Release 8.1.6 is to maintain stability and improve on quality, performance, and installation/configuration and management of the Oracle8i database server. Oracle has also added specific enhancements to improve the security and user management capabilities of the Oracle8i server. STORED DATA ENCRYPTION The growth of electronic commerce has resulted in an increase in the storage of highly sensitive information, such as credit card numbers, in the database. Countries with strict national privacy laws are often required to prevent national identity numbers from being viewed, even by DBAs or other “trusted” users. Companies with trade secrets, such as industrial formulas, may wish to
  • 2. zealously guard these valuable assets. Applications for which users are not database users may wish to store “application user” passwords, or session cookies, in encrypted form in the database. Most issues of data security can be handled by Oracle8i’s authentication and access control mechanisms, ensuring that only properly identified and authorized users can access data. Data in the database, however, cannot normally be secured against the database administrator's access, since a DBA has all privileges. For applications with special requirements to secure sensitive data from view, even from DBAs, Oracle8i release 8.1.6 provides a PL/SQL package to encrypt (and decrypt) data, including string inputs and raw inputs, using the industry-standard Data Encryption Standard (DES), in exportable keylengths. The ability to natively encrypt data in the server enables applications to guard their especially sensitive data. Furthermore, developers need no long “roll their own” encryption using algorithms they craft themselves, or download from the Internet. VIRTUAL PRIVATE DATABASE ENHANCEMENTS Oracle8i introduced the Virtual Private Database, which provides server-enforced, fine-grained access control. Because the Virtual Private Database provides server-enforced security, it cannot be bypassed by users accessing data directly, or using another application. The application context feature can be used to improve the performance of Virtual Private Database by functioning as a secure data cache. Application context has been enhanced in Release 8.1.6 so that additional attributes, including external name, proxy user and userid, protocol, port number, and full DN (distinguished name) from an X.509 certificate, are now accessible and can be used to limit access to data. For example, you could use the OU (Organizational Unit) component of a DN to limit users to viewing their own organization’s records only.
  • 3. ORACLE ADVANCED SECURITY IMPROVEMENTS Oracle Advanced Security has improved configuration and management tools to simplify security management. Oracle Advanced Security also provides new forms of network encryption, to ensure the security of all protocols accessing the Oracle8i database, and enhanced single sign-on. NETWORK SECURITY ENHANCEMENTS Release 8.1.6 enhances Oracle’s support for the SSL (Secure Sockets Layer) standard. SSL encryption for Internet Intra-ORB Protocol (IIOP) communications is now available, enabling secure Enterprise Java Beans (EJBs). Also, a Java version of the Oracle Advanced Security encryption libraries is now available to secure thin JDBC connections. The Java implementation of Oracle Advanced Security provides DES encryption, with anonymous Diffie-Hellman key exchange, in 100% Java. Oracle Advanced Security thus secures all protocols into the Oracle8i database, whether IIOP, thick or thin JDBC, or Net8. Oracle Advanced Security has also completed the operational testing phase of FIPS-140 level 2 (Federal Information Processing Standard) certification, a United States government standard that relates to the security of cryptographic products. Completion of the FIPS-140 certification, which is expected in Q4 1999, is required by many organizations, among them the United States government and many financial institutions. SINGLE SIGN-ON Oracle Advanced Security already supports many forms of single sign-on for database users, among them Kerberos, SESAME, and DCE. Release 8.1.6 adds support for SSL-based single sign-on.
  • 4. PKI Credential Management Oracle Wallet Manager provides secure management of PKI (public key infrastructure)-based user credentials. Oracle Wallet Manager creates a private and public key pair for a user, and issues a PKCS#10 certificate signing request which can be fulfilled by a Certificate Authority (CA). After the CA issues an X.509 certificate, the user can load the certificate into his wallet. Oracle Wallet Manager also manages user trustpoints, the list of root certificates that the user trusts, and is pre-configured with root certificates from PKI vendors such as VeriSign and Cybertrust. Wallets are protected using password-based, strong encryption. In most cases, a user need never access a wallet once it has been configured, but can easily access his wallet using Oracle Enterprise Login Assistant, a very simple-to-use login tool that hides the complexity of a private key and certificate from users. Once users have securely opened their wallets, they can then connect to multiple databases over SSL, without providing additional passwords. This provides the benefit of strong authentication as well as single sign-on. SSL for single sign-on can be used alone, or in conjunction with enterprise user management, described below. ENTERPRISE USER MANAGEMENT Enterprises today face tremendous challenges in managing information about users, keeping user information current, and securing access to all the information in an enterprise. Each user may have multiple accounts on different databases, requiring her to remember passwords for each of these accounts. Users not only have too many passwords, but there are too many accounts for administrators to manage. Furthermore, the lack of centralization is a security risk, because old or unused accounts and privileges can be misused. To address these challenges, Release 8.1.6 introduces enterprise user management. Enterprise users and their authorizations are managed in Oracle Internet Directory, an LDAP-based directory service, using Oracle Enterprise Security Manager, a tool accessible through Oracle Enterprise Manager.
  • 5. Enterprise users can be assigned enterprise roles (which are containers of database-specific global roles), that determine their access privileges in databases. For example, the enterprise role CLERK could contain the global role HRCLERK on the Human Resources database, and the global role ANALYST on the Payroll database. An enterprise role can be granted or revoked to one or more enterprise users. For example, an administrator could grant the enterprise role CLERK to a number of enterprise users who hold the same job. This information about users and roles is protected in the directory through Access Control Lists, ensuring that only a privileged administrator can manage users, and grant and revoke roles. USER/SCHEMA SEPARATION In general, users do not need their own accounts - or their own schemas - in a database, they merely need to access an application schema. For example, users John, Firuzeh and Jane are all users of the Payroll application, and they need access to the Payroll schema on the Finance database. None of them needs to create his or her own objects in the database; in fact, they need only access Payroll objects. Release 8.1.6 allows you to separate users from schemas, so that many enterprise users can access a single, shared application schema. Instead of creating a user account (that is, a user schema) in each database a user needs to access, you need only create an enterprise user in the directory, and “point” the user at a shared schema that many other enterprise users can also access. For example, if John, Firuzeh and Jane all access the Sales database, you need only create a single schema, e.g. ‘sales_application’ which all three users can access, instead of creating an account for each user on the Sales database. Now, you can truly create an enterprise user once, in the directory, who nonetheless can access multiple databases using only the privileges she needs to perform her job, thus lowering the cost of managing users in an enterprise. Another benefit of schema-independent users is that you can manage many more users than could otherwise be done with users tied to individual database accounts. Schema-independent users thus enables scalability of user management for the Internet.
  • 6. Oracle’s LDAP version 3-compliant directory server, Oracle Internet Directory, is fully integrated with Oracle8i and supports “off-the-shelf” enterprise user management. Other LDAP directories, including Novell Directory Service (NDS) and Microsoft’s Active Directory for Windows 2000 will be certified to operate with enterprise user management. ENTRUST INTEGRATION Entrust Technologies, Inc. is a market-leading provider of Public Key Infrastructure (PKI) solutions, through their Entrust/PKI software. Entrust/PKI includes many products, such as Entrust Profile, which secures users’ PKI credentials, and Entrust Authority, Entrust’s certificate authority product. Oracle is making specific product modifications to Oracle Advanced Security to enable customers of both Oracle and Entrust to incorporate Entrust-based single sign-on into their Oracle applications. By integrating with Entrust/PKI, Oracle enhances its ability to provide X.509-based single sign-on to large customers who require the extensive key management, certificate revocation, and other features which Entrust provides. Oracle will implement support for Entrust/PKI in Oracle Advanced Security release 8.1.6, enabling customers to use Entrust Profile, Entrust’s “wallet” mechanism, for storage of certificate and private keys, and for secure credential management. Instead of accessing user credentials (private key and certificate) from an Oracle wallet, Oracle Advanced Security accesses a user’s Entrust Profile for authentication and single sign-on. Entrust integration will require both release 8.1.6 of Oracle Advanced Security and Entrust Authority 5. Production use of this feature will be available shortly after general availability of Oracle Advanced Security release 8.1.6.
  • 7. RELEASE 8.1.6 NEW FEATURES ORACLE8I IMPROVEMENTS · Encrypt/decrypt package in PL/SQL · New application context primitives for access control ORACLE ADVANCED SECURITY IMPROVEMENTS Network Security · Single sign-on over SSL · SSL for IIOP · 100% Java encryption for “thin” JDBC · FIPS-140 level 2 certification (in-process) User Management · Enterprise user management · Schema-independent users · Oracle Enterprise Security Manager Single Sign-On · Single sign-on over SSL · Oracle Enterprise Login Assistant · Oracle Wallet Manager for credential management · Entrust/PKI integration
  • 8. Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: +1.650.506.7000 Fax +1.650.506.7200 http://www.oracle.com/ Copyright © Oracle Corporation 1999 All Rights Reserved This document is provided for informational purposes only, and the information herein is subject to change without notice. Please report any errors herein to Oracle Corporation. Oracle Corporation does not provide any warranties covering and specifically disclaims any liability in connection with this document. Oracle is a registered trademark, and Oracle8i, Oracle8i Enterprise Edition, Oracle8i Personal Edition, Oracle8i Lite, Net8, and PL/SQL are trademarks of Oracle Corporation. All other company and product names mentioned are used for identification purposes only and may be trademarks of their respective owners.