This document provides an overview and agenda for a presentation on Oracle Database Vault. It discusses securing data using realms, factors, command rules and rule sets in Database Vault. It also covers auditing violations which are logged in the database and to the operating system. The document concludes with a brief section on the impact of backups on a Database Vault secured system when using export, Data Pump and RMAN.
This document discusses Transparent Data Encryption (TDE) and how to install and configure it on an Oracle database. It explains that TDE encrypts data at the operating system level and describes how to encrypt an entire tablespace for improved performance compared to column encryption. It also covers risks like losing the auto-login or master encryption wallet files and how to rekey the encryption keys. Physical standby databases and restoring encrypted backups are also addressed.
Oracle advance security transparent data encryption best practices FITSFSd
This document provides best practices for using Oracle Transparent Data Encryption (TDE). It discusses TDE key architecture including master keys, table keys, and tablespace keys. It recommends storing encryption wallets securely outside the database with restricted access. Hardware acceleration of TDE tablespace encryption is supported on Intel CPUs with AES-NI and SPARC T4 chips. TDE can be managed through Oracle Enterprise Manager and works with technologies like Oracle Data Guard, GoldenGate, and RMAN.
Kyle Hailey is an Oracle expert who has worked with Oracle since 1990. He has experience with Oracle support, porting versions of Oracle, benchmarking, and real world performance. He has also worked with startups, Quest Software, Oracle OEM, and Embarcadero. The document discusses row locks in Oracle and how to find blocking sessions and SQL using tools like ASH, v$lock, and Logminer. It provides examples of creating row lock waits and how to investigate them using these tools.
This document discusses different types of enqueue waits caused by locks in an Oracle database. It covers common lock names like TX, TM, and UL; lock modes like exclusive and share; and how to identify the waiter, blocker, lock type, and object being blocked using views like v$lock, v$session, and v$active_session_history. The key pieces of information needed to resolve lock waits are the session ID of the waiter, the lock mode, and the object being blocked. User locks like TX and TM locks result from transactions and table modifications, while internal locks govern objects like redo and reusable objects.
This document discusses various types of enqueue waits in Oracle related to locks, including row locks, transaction locks, and table modification locks. It provides examples of how to interpret the lock type and mode from the event and parameter values seen in wait events. It also demonstrates how to use Active Session History, logminer, and other views to identify the blocking session, lock details, and blocking SQL associated with enqueue waits.
MySQL 8.0 introduces new features like resource groups to dedicate server resources to different query classes. It has a faster backup process using MySQL Shell utilities and compression of replication logs. The presentation provides an overview of InnoDB Cluster which allows multi-primary replication topologies and automated failover using Group Replication. It demonstrates how to easily set up a basic 3 node InnoDB Cluster on the local machine for testing using the MySQL Shell. MySQL Router can then be used to route application connections to the cluster for load balancing and high availability without application changes.
This document discusses Transparent Data Encryption (TDE) and how to install and configure it on an Oracle database. It explains that TDE encrypts data at the operating system level and describes how to encrypt an entire tablespace for improved performance compared to column encryption. It also covers risks like losing the auto-login or master encryption wallet files and how to rekey the encryption keys. Physical standby databases and restoring encrypted backups are also addressed.
Oracle advance security transparent data encryption best practices FITSFSd
This document provides best practices for using Oracle Transparent Data Encryption (TDE). It discusses TDE key architecture including master keys, table keys, and tablespace keys. It recommends storing encryption wallets securely outside the database with restricted access. Hardware acceleration of TDE tablespace encryption is supported on Intel CPUs with AES-NI and SPARC T4 chips. TDE can be managed through Oracle Enterprise Manager and works with technologies like Oracle Data Guard, GoldenGate, and RMAN.
Kyle Hailey is an Oracle expert who has worked with Oracle since 1990. He has experience with Oracle support, porting versions of Oracle, benchmarking, and real world performance. He has also worked with startups, Quest Software, Oracle OEM, and Embarcadero. The document discusses row locks in Oracle and how to find blocking sessions and SQL using tools like ASH, v$lock, and Logminer. It provides examples of creating row lock waits and how to investigate them using these tools.
This document discusses different types of enqueue waits caused by locks in an Oracle database. It covers common lock names like TX, TM, and UL; lock modes like exclusive and share; and how to identify the waiter, blocker, lock type, and object being blocked using views like v$lock, v$session, and v$active_session_history. The key pieces of information needed to resolve lock waits are the session ID of the waiter, the lock mode, and the object being blocked. User locks like TX and TM locks result from transactions and table modifications, while internal locks govern objects like redo and reusable objects.
This document discusses various types of enqueue waits in Oracle related to locks, including row locks, transaction locks, and table modification locks. It provides examples of how to interpret the lock type and mode from the event and parameter values seen in wait events. It also demonstrates how to use Active Session History, logminer, and other views to identify the blocking session, lock details, and blocking SQL associated with enqueue waits.
MySQL 8.0 introduces new features like resource groups to dedicate server resources to different query classes. It has a faster backup process using MySQL Shell utilities and compression of replication logs. The presentation provides an overview of InnoDB Cluster which allows multi-primary replication topologies and automated failover using Group Replication. It demonstrates how to easily set up a basic 3 node InnoDB Cluster on the local machine for testing using the MySQL Shell. MySQL Router can then be used to route application connections to the cluster for load balancing and high availability without application changes.
This presentation provided techniques for securing an Oracle database, including: securing Oracle binaries and dump files; restricting and monitoring the listener; limiting privileges and authentication; implementing comprehensive auditing; and protecting data outside of production. The key areas discussed were securing the database binaries and directories, protecting the listener as a single point of failure, following the principle of least privilege, auditing for privilege escalation and changes to the audit trail, and securing backups and development data. The overall message was that firewalls alone are not enough and a layered security approach is needed to properly secure an Oracle database.
1. The document configures Oracle database cloud with two nodes using container database and shared servers. It checks the status of the dispatcher and shared servers on node 1 and confirms connection between the nodes.
2. It provides instructions to connect node 2 using Putty SSH and save the TNS name of node 1 in tnsnames.ora on node 2.
3. After connecting, it checks the status of dispatcher and shared servers to confirm two shared servers are configured across the two nodes.
MySQL Without the SQL -- Oh My! Longhorn PHP ConferenceDave Stokes
You can now use MySQL without needing to know Structured Query Language (SQL) with the MySQL Document Store. Access JSON documents and/or relational tables using the new X DevAPI
JavaScript and Friends August 20th, 20201 -- MySQL Shell and JavaScriptDave Stokes
The MySQL Shell has a JavaScript mode where you can use JS libraries to access you data and you can also write (and save) your own custom reports (or programs) for future use.
Troubleshooting SQL Server 2000 Virtual Server /Service Pack ...webhostingguy
The document provides guidance on troubleshooting failed SQL Server 2000 virtual server and service pack setups for failover clustering. It discusses understanding the setup process, reviewing relevant log files, and provides examples of troubleshooting generic error messages by examining the logs in more detail. Specific issues covered include special characters in resource names, name resolution problems, and connection errors updating system tables. The overall process is to methodically review logs to find the root cause and use error codes and messages to search Microsoft's knowledge base for solutions.
Jonathan is a MySQL consultant who specializes in SQL, indexing, and reporting for big data. This tutorial will cover strategies for resolving 80% of performance problems, including indexes, partitioning, intensive table optimization, and finding and addressing bottlenecks. The strategies discussed will be common, established approaches based on the presenter's experience working with MySQL since 2007.
MySQL 8.0 New Features -- September 27th presentation for Open Source SummitDave Stokes
MySQL 8.0 has many new features that you probably need to know about but don't. Like default security, window functions, CTEs, CATS (not what you think), JSON_TABLE(), and UTF8MB4 support.
The document provides an overview of the MySQL Document Store, which allows storing and querying JSON documents within MySQL tables without requiring SQL. It is built on the MySQL JSON data type and X DevAPI. Key features highlighted include the ability to work with both relational tables and document collections together using various programming languages, transactions, and casting collections as tables. The document store is available in MySQL 5.7 and 8 via a plug-in.
The biggest headine at the 2009 Oracle OpenWorld was when Larry Ellison announced that Oracle was entering the hardware business with a pre-built database machine, engineered by Oracle. Since then businesses around the world have started to use these engineered systems. This beginner/intermediate-level session will take you through my first 100 days of starting to administer an Exadata machine and all the roadblocks and all the success I had along this new path.
Distrubuted database connection with oracleashrafulais
This document provides instructions for configuring a distributed database with Oracle SQL Developer by modifying admin files to add local and remote databases, creating database links, and using a query format to access tables across database links. It includes steps to modify the listener.ora and tnsnames.ora files to add IP addresses, create a local user connection, add a remote user connection, and create a database link to connect to a remote user using their IP address and SID.
An additional data feed program was added to a nightly batch processing job queue, causing the overnight processing to no longer finish before the morning deadline. More CPUs were added to the database server but did not significantly improve processing speed. To troubleshoot, wait event statistics were captured before and after a 30 second period during batch processing. This revealed that processes spent significant time waiting for redo logs to be written, indicating redo log buffer space as a potential bottleneck.
The document summarizes the security of iCloud Keychain. It describes how iCloud Keychain stores encrypted keychain data and passwords in iCloud servers. It also details how iCloud Keychain uses multiple layers of encryption when syncing and storing data, as well as a secure remote password protocol for password recovery. However, it notes that with the default 4-digit iCloud security code, an attacker could feasibly gain access to a user's escrowed keychain record through offline guessing of the iCloud security code.
This document summarizes Alex Fatkulin's experience running GoldenGate on Exadata. It discusses general configuration considerations like using DBFS for trail files and parameter files. It provides tips for optimizing the Manager, Extract, DataPump, and Replicat components, including redo access options, bounded recovery, compressed tables, and transient primary key updates. It also covers DBFS performance considerations related to GoldenGate's I/O profile.
Hangover - Que pasó ayer? Troubleshooting con vistas ASH & S-ASHRoy Salazar
Charla en español acerca de la Herramienta ASH de Oracle y su versión OpenSource S-ASH (creada por Kyle Hailey) y de como estas puende ayudarnos al hacer Troubleshooting de un problema que haya sucedido días atrás (asumiendo que este fue causado por algún SQL ejecutado).
This document provides instructions for quickly installing Oracle Database 12c Release 1 on Windows x64 systems:
- It describes configuring the system to meet hardware and software requirements, installing the Oracle Database software, and validating a successful installation.
- The typical installation will require a minimum of 2GB RAM, 10GB disk space, and supported versions of Windows and compilers.
- The installation creates several OS groups like ORA_DBA and ORA_ASMADMIN to manage privileges and provides options for specifying an Oracle Home user.
This document provides an overview of Apache Cassandra and how to interact with it using Java. It begins with an introduction to Cassandra and its key features like scalability and availability. It then covers Cassandra's architecture including data distribution, fault tolerance and consistency levels. The document demonstrates Cassandra's query language CQL and how to create tables, insert and query data. It provides examples of using the Java driver to connect to Cassandra, execute queries asynchronously and in parallel, use prepared statements and load balancing policies. It concludes with information about DataStax which provides commercial support for Cassandra.
Deploy Mediawiki Using FIWARE Lab FacilitiesFIWARE
Deploy Mediawiki Using FIWARE Lab Facilities presentation, by Jose Ignacio Carretero Guarde, R&D Engineer at Telefónica i+D.
FIWARE Lab Node. How to session. 1st FIWARE Summit, Málaga, Dec. 13-15, 2016.
Percona XtraDB Cluster (a.k.a PXC) is multi-master high-availability clustering solution. Given the multi-master aspect, there are multi-guards to protect cluster from entering an inconsistent state. Most of these guards are configurable based on user environment but if they are not configured properly it could cause the cluster to stall, fail, error-out.
In this session, we would go over some of these failure scenarios like cluster entering non-primary due to network partitioning, cluster stall due to flow control, data inconsistency causing shutdown of node, common problem during initial catch up (a.k.a State Snapshot transfer (SST)), delay in purging of transaction, blocking DDL causing complete cluster to staff, misconfigured cluster, etc
Oracle Database 12c New Features for Developers and DBAs - OTN TOUR LA 2015Alex Zaballa
Oracle Database 12c includes over 500 new features designed for cloud computing, big data, security, and availability. Key features include Multitenant architecture which allows multiple databases to share a single database instance, In-Memory which stores frequently accessed data in memory for faster queries, and new security features like data redaction and encryption. Additional features improve performance, manageability, and flexibility of the database like JSON support, heat map statistics, and identity columns.
This presentation provided techniques for securing an Oracle database, including: securing Oracle binaries and dump files; restricting and monitoring the listener; limiting privileges and authentication; implementing comprehensive auditing; and protecting data outside of production. The key areas discussed were securing the database binaries and directories, protecting the listener as a single point of failure, following the principle of least privilege, auditing for privilege escalation and changes to the audit trail, and securing backups and development data. The overall message was that firewalls alone are not enough and a layered security approach is needed to properly secure an Oracle database.
1. The document configures Oracle database cloud with two nodes using container database and shared servers. It checks the status of the dispatcher and shared servers on node 1 and confirms connection between the nodes.
2. It provides instructions to connect node 2 using Putty SSH and save the TNS name of node 1 in tnsnames.ora on node 2.
3. After connecting, it checks the status of dispatcher and shared servers to confirm two shared servers are configured across the two nodes.
MySQL Without the SQL -- Oh My! Longhorn PHP ConferenceDave Stokes
You can now use MySQL without needing to know Structured Query Language (SQL) with the MySQL Document Store. Access JSON documents and/or relational tables using the new X DevAPI
JavaScript and Friends August 20th, 20201 -- MySQL Shell and JavaScriptDave Stokes
The MySQL Shell has a JavaScript mode where you can use JS libraries to access you data and you can also write (and save) your own custom reports (or programs) for future use.
Troubleshooting SQL Server 2000 Virtual Server /Service Pack ...webhostingguy
The document provides guidance on troubleshooting failed SQL Server 2000 virtual server and service pack setups for failover clustering. It discusses understanding the setup process, reviewing relevant log files, and provides examples of troubleshooting generic error messages by examining the logs in more detail. Specific issues covered include special characters in resource names, name resolution problems, and connection errors updating system tables. The overall process is to methodically review logs to find the root cause and use error codes and messages to search Microsoft's knowledge base for solutions.
Jonathan is a MySQL consultant who specializes in SQL, indexing, and reporting for big data. This tutorial will cover strategies for resolving 80% of performance problems, including indexes, partitioning, intensive table optimization, and finding and addressing bottlenecks. The strategies discussed will be common, established approaches based on the presenter's experience working with MySQL since 2007.
MySQL 8.0 New Features -- September 27th presentation for Open Source SummitDave Stokes
MySQL 8.0 has many new features that you probably need to know about but don't. Like default security, window functions, CTEs, CATS (not what you think), JSON_TABLE(), and UTF8MB4 support.
The document provides an overview of the MySQL Document Store, which allows storing and querying JSON documents within MySQL tables without requiring SQL. It is built on the MySQL JSON data type and X DevAPI. Key features highlighted include the ability to work with both relational tables and document collections together using various programming languages, transactions, and casting collections as tables. The document store is available in MySQL 5.7 and 8 via a plug-in.
The biggest headine at the 2009 Oracle OpenWorld was when Larry Ellison announced that Oracle was entering the hardware business with a pre-built database machine, engineered by Oracle. Since then businesses around the world have started to use these engineered systems. This beginner/intermediate-level session will take you through my first 100 days of starting to administer an Exadata machine and all the roadblocks and all the success I had along this new path.
Distrubuted database connection with oracleashrafulais
This document provides instructions for configuring a distributed database with Oracle SQL Developer by modifying admin files to add local and remote databases, creating database links, and using a query format to access tables across database links. It includes steps to modify the listener.ora and tnsnames.ora files to add IP addresses, create a local user connection, add a remote user connection, and create a database link to connect to a remote user using their IP address and SID.
An additional data feed program was added to a nightly batch processing job queue, causing the overnight processing to no longer finish before the morning deadline. More CPUs were added to the database server but did not significantly improve processing speed. To troubleshoot, wait event statistics were captured before and after a 30 second period during batch processing. This revealed that processes spent significant time waiting for redo logs to be written, indicating redo log buffer space as a potential bottleneck.
The document summarizes the security of iCloud Keychain. It describes how iCloud Keychain stores encrypted keychain data and passwords in iCloud servers. It also details how iCloud Keychain uses multiple layers of encryption when syncing and storing data, as well as a secure remote password protocol for password recovery. However, it notes that with the default 4-digit iCloud security code, an attacker could feasibly gain access to a user's escrowed keychain record through offline guessing of the iCloud security code.
This document summarizes Alex Fatkulin's experience running GoldenGate on Exadata. It discusses general configuration considerations like using DBFS for trail files and parameter files. It provides tips for optimizing the Manager, Extract, DataPump, and Replicat components, including redo access options, bounded recovery, compressed tables, and transient primary key updates. It also covers DBFS performance considerations related to GoldenGate's I/O profile.
Hangover - Que pasó ayer? Troubleshooting con vistas ASH & S-ASHRoy Salazar
Charla en español acerca de la Herramienta ASH de Oracle y su versión OpenSource S-ASH (creada por Kyle Hailey) y de como estas puende ayudarnos al hacer Troubleshooting de un problema que haya sucedido días atrás (asumiendo que este fue causado por algún SQL ejecutado).
This document provides instructions for quickly installing Oracle Database 12c Release 1 on Windows x64 systems:
- It describes configuring the system to meet hardware and software requirements, installing the Oracle Database software, and validating a successful installation.
- The typical installation will require a minimum of 2GB RAM, 10GB disk space, and supported versions of Windows and compilers.
- The installation creates several OS groups like ORA_DBA and ORA_ASMADMIN to manage privileges and provides options for specifying an Oracle Home user.
This document provides an overview of Apache Cassandra and how to interact with it using Java. It begins with an introduction to Cassandra and its key features like scalability and availability. It then covers Cassandra's architecture including data distribution, fault tolerance and consistency levels. The document demonstrates Cassandra's query language CQL and how to create tables, insert and query data. It provides examples of using the Java driver to connect to Cassandra, execute queries asynchronously and in parallel, use prepared statements and load balancing policies. It concludes with information about DataStax which provides commercial support for Cassandra.
Deploy Mediawiki Using FIWARE Lab FacilitiesFIWARE
Deploy Mediawiki Using FIWARE Lab Facilities presentation, by Jose Ignacio Carretero Guarde, R&D Engineer at Telefónica i+D.
FIWARE Lab Node. How to session. 1st FIWARE Summit, Málaga, Dec. 13-15, 2016.
Percona XtraDB Cluster (a.k.a PXC) is multi-master high-availability clustering solution. Given the multi-master aspect, there are multi-guards to protect cluster from entering an inconsistent state. Most of these guards are configurable based on user environment but if they are not configured properly it could cause the cluster to stall, fail, error-out.
In this session, we would go over some of these failure scenarios like cluster entering non-primary due to network partitioning, cluster stall due to flow control, data inconsistency causing shutdown of node, common problem during initial catch up (a.k.a State Snapshot transfer (SST)), delay in purging of transaction, blocking DDL causing complete cluster to staff, misconfigured cluster, etc
Oracle Database 12c New Features for Developers and DBAs - OTN TOUR LA 2015Alex Zaballa
Oracle Database 12c includes over 500 new features designed for cloud computing, big data, security, and availability. Key features include Multitenant architecture which allows multiple databases to share a single database instance, In-Memory which stores frequently accessed data in memory for faster queries, and new security features like data redaction and encryption. Additional features improve performance, manageability, and flexibility of the database like JSON support, heat map statistics, and identity columns.
The document discusses Oracle Database Vault, which provides an integrated security framework to control access to databases based on factors like network, users, privileges, roles, and SQL commands. It achieves separation of duties and prevents misuse of powerful privileges. Database Vault enforces compliance requirements and supports database consolidation while requiring no application changes and having minimal performance impact.
Introducing Oracle Audit Vault and Database FirewallTroy Kitch
Join us to hear about a new Oracle product that monitors Oracle and non-Oracle database traffic, detects unauthorized activity including SQL injection attacks, and blocks internal and external threats from reaching the database. In addition this new product collects and consolidates audit data from databases, operating systems, directories, and any custom template-defined source into a centralized, secure warehouse. This new enterprise security monitoring and auditing platform allows organizations to quickly detect and respond to threats with powerful real-time policy analysis, alerting and reporting capabilities. Based on proven SQL grammar analysis that ensures accuracy, performance, and scalability, organizations can deploy with confidence in any mode. You will also hear how organizations such as TransUnion Interactive and SquareTwo Financial rely on Oracle today to monitor and secure their Oracle and non-Oracle database environments.
This document describes how to enable Oracle Database Vault 11gR2. It outlines the software and environment needed, including Oracle Database 11.2.0.4. It provides steps to enable the Database Vault option using SQL commands and the Database Configuration Assistant. These include shutting down the database, making changes to enable certain options, and configuring Database Vault using the DBCA interface. Once complete, the Database Vault configuration screens can be accessed.
This document outlines the steps to upgrade an Oracle database from version 11.2.0.4 to 12c. It includes prechecks such as validating objects, checking for duplicate objects, gathering statistics. It also details backup procedures like enabling flashback and creating a restore point. The key steps are running the preupgrade tool, disabling jobs and scripts, validating tablespaces and removing the EM repository before initiating the upgrade using DBUA.
Oracle11g introduces several new security, configuration, and administration features for databases. Security features include case sensitive passwords by default and additional auditing of actions. Configuration is simplified with new memory management parameters and automatic diagnostic repository. Administration enhancements provide options to make tables read-only, shrink temporary tablespaces, and add not null columns without updating existing rows.
Kangaroot EDB Webinar Best Practices in Security with PostgreSQLKangaroot
The webinar will review a multi-layered framework for PostgreSQL security, with a deeper focus on limiting access to the database and data, as well as securing the data.
Using the popular AAA (Authentication, Authorisation, Auditing) framework EnterpriseDB will cover:
- Best practices for authentication (trust, certificate, MD5, Scram, etc).
- Advanced approaches, such as password profiles.
- Deep dive of authorisation and data access control for roles, database objects (tables, etc), view usage, row-level security, and data redaction.
- Auditing, encryption, and SQL injection attack prevention
This document discusses managing Oracle database instances. It covers starting and stopping the Oracle database and components using Oracle Enterprise Manager. It also covers accessing a database using SQL*Plus, modifying initialization parameters, the stages of database startup and shutdown options, and viewing the alert log and dynamic performance views.
This document provides an overview and summary of Oracle Database privilege analysis. It introduces the concept of privilege analysis and the principle of least privilege. It describes the Oracle package DBMS_PRIVILEGE_CAPTURE that is used to define capture policies and run analyses. It outlines the workflow including defining policies, running applications to capture privileges, generating results, and evaluating the results. The document also discusses some considerations and examples of using privilege analysis to adopt a least privilege model for database users and applications.
The document discusses new features and improvements in MySQL 5.6, including significant performance gains over MySQL 5.5. Key highlights include improved InnoDB performance through features like online DDL and buffer pool pre-loading, up to 151-234% performance gains on benchmarks. Other enhancements cover full-text search in InnoDB, NoSQL support through memcached integration, replication improvements with GTIDs and crash-safe slaves, and strengthened security with audit logging and password policies.
This document summarizes new features in Oracle Database 12c Release 2. It outlines features for developers, administrators, SQL*Plus, conversion functions, and more. Key points include increased identifier length, new SQL*Plus features like history and prefetch settings, conversion functions, multi-tenant container database improvements, and performance enhancements like adaptive statistics and optimization.
Oracle Data Redaction is a new feature in Oracle Database 12c that enables the protection of data shown to users in real time without requiring changes to applications. It applies redaction at query execution time, so the stored data remains unchanged. Redaction policies are defined that specify what data to redact for which users. The feature is useful but has some limitations, such as not preventing privileged users like DBAs from accessing protected data. It also incurs a small performance overhead for queries against tables with redaction policies.
The document discusses new security concepts introduced in Oracle Multitenant. Key points include:
- Common users exist across all pluggable databases in a container database while local users are specific to a single pluggable database.
- Common users are created in the root container and can access all pluggable databases while local users are limited to a single database.
- The set container privilege allows common users to switch between pluggable databases without reconnecting. This privilege needs to be granted carefully.
- Data dictionary and performance views aggregate information across all pluggable databases when queried from the root container.
1) The document discusses Oracle database auditing features before and after version 12.1. It describes migrating the audit trail to the unified audit trail and using the SYS.UNIFIED_AUDIT_TRAIL table.
2) It provides steps to configure syslog auditing on Linux for Oracle database audit records. Procedures are created to output messages to syslog and call it from a fine-grained auditing policy handler.
3) An example fine-grained auditing policy is created to audit access to the SECDEMO.CUSTOMER table and call the syslog handler for non-application users.
We will review a multi-layered framework for PostgreSQL security, with a deeper focus on limiting access to the database and data, as well as securing the data. Using the popular AAA (Authentication, Authorization, Auditing) framework we will cover:
Best practices for authentication (trust, certificate, MD5, Scram, etc).
Advanced approaches, such as password profiles.
Deep dive of authorization and data access control for roles, database objects (tables etc), view usage, row level security and data redaction.
Auditing, encryption and SQL injection attack prevention.
The webinar will review a multi-layered framework for PostgreSQL security, with a deeper focus on limiting access to the database and data, as well as securing the data.
Using the popular AAA (Authentication, Authorization, Auditing) framework we will cover:
- Best practices for authentication (trust, certificate, MD5, Scram, etc).
- Advanced approaches, such as password profiles.
- Deep dive of authorization and data access control for roles, database objects (tables, etc), view usage, row-level security, and data redaction.
- Auditing, encryption, and SQL injection attack prevention.
Note: this session is delivered in German
Speaker:
Borys Neselovskyi, Sales Engineer, EDB
The document provides an overview of Red Database 2.5, an open source database product developed by Red Soft Corporation. It describes the company and development process, as well as key features of Red Database 2.5 including security features, functional features, integration with OpenLDAP, and use in large government and medical systems. Plans for Red Database 3.0 include merging with Firebird 3.0 and adding load balancing, parallel backup/restore, and migration tools.
The document discusses several new features and enhancements in Oracle Database 11g Release 1. Key points include:
1) Encrypted tablespaces allow full encryption of data while maintaining functionality like indexing and foreign keys.
2) New caching capabilities improve performance by caching more results and metadata to avoid repeat work.
3) Standby databases have been enhanced and can now be used for more active purposes like development, testing, reporting and backups while still providing zero data loss protection.
The document discusses new features in Oracle Database 11g Release 1. Key points include:
1. Encrypted tablespaces allow encryption of data at the tablespace level while still supporting indexing and queries.
2. New caching capabilities improve performance by caching more results in memory, such as function results and query results.
3. Standby databases have enhanced capabilities and can now be used for more active purposes like development, testing and reporting for increased usability and value.
Oracle Database 11g Release 2 includes enhancements to database administration features such as automated segment creation, audit trail management tools, and SQL*Plus exit behavior configuration; it also changes the installation process by making ASM a separate Grid Infrastructure and including full software updates in patch set installations.
This document provides an agenda and overview of Oracle Database Vault. It discusses Database Vault features like realms and rule sets that provide controls for privileged accounts and enforce separation of duties. It provides recommendations for prerequisites like an existing security concept and hardening. It also discusses alternatives to Database Vault like activity monitoring tools and the importance of accompanying measures like Transparent Data Encryption.
The webinar will review a multi-layered framework for PostgreSQL security, with a deeper focus on limiting access to the database and data, as well as securing the data.
Using the popular AAA (Authentication, Authorization, Auditing) framework we will cover:
- Best practices for authentication (trust, certificate, MD5, Scram, etc).
- Advanced approaches, such as password profiles.
- Deep dive of authorization and data access control for roles, database objects (tables, etc), view usage, row-level security, and data redaction.
- Auditing, encryption, and SQL injection attack prevention.
Note: this session is delivered in French
Rethinking Kållered │ From Big Box to a Reuse Hub: A Transformation Journey ...SirmaDuztepeliler
"Rethinking Kållered │ From Big Box to a Reuse Hub: A Transformation Journey Toward Sustainability"
The booklet of my master’s thesis at the Department of Architecture and Civil Engineering at Chalmers University of Technology. (Gothenburg, Sweden)
This thesis explores the transformation of the vacated (2023) IKEA store in Kållered, Sweden, into a "Reuse Hub" addressing various user types. The project aims to create a model for circular and sustainable economic practices that promote resource efficiency, waste reduction, and a shift in societal overconsumption patterns.
Reuse, though crucial in the circular economy, is one of the least studied areas. Most materials with reuse potential, especially in the construction sector, are recycled (downcycled), causing a greater loss of resources and energy. My project addresses barriers to reuse, such as difficult access to materials, storage, and logistics issues.
Aims:
• Enhancing Access to Reclaimed Materials: Creating a hub for reclaimed construction materials for both institutional and individual needs.
• Promoting Circular Economy: Showcasing the potential and variety of reusable materials and how they can drive a circular economy.
• Fostering Community Engagement: Developing spaces for social interaction around reuse-focused stores and workshops.
• Raising Awareness: Transforming a former consumerist symbol into a center for circular practices.
Highlights:
• The project emphasizes cross-sector collaboration with producers and wholesalers to repurpose surplus materials before they enter the recycling phase.
• This project can serve as a prototype for reusing many idle commercial buildings in different scales and sizes.
• The findings indicate that transforming large vacant properties can support sustainable practices and present an economically attractive business model with high social returns at the same time.
• It highlights the potential of how sustainable practices in the construction sector can drive societal change.
2. Program / Agenda
• Overview
• Securing Data using Database Vault
• Auditing
• Exports and Backups
3. 33
Overview
What is Oracle Database Vault ?
• Oracle Database Vault (ODV) was introduced in Oracle 9iR2.
• ODV restricts access to specific areas in an Oracle database from any
user.
• Enables you to apply access control to sensitive data.
• Protect data from super-privileged (like DBA) users but still let them
maintain the Oracle database
4. 44
Overview
Why Oracle Database Vault ?
• Systems with integrity, confidentiality = 3 (IV=3).
• Separation of duties.
• Internal control.
• Reasons like BASEL, SOX, PCI, DSS
• Don’t trust the DBA
6. 66
Overview
• Virtual Private Database (VPD):
Restricts access to certain rows for a user by modifying the WHERE
clause
• Oracle Label Security (OLS):
Mediates access to a given row, based on the label on the row and the
security level of the user
• VPD and OLS restrict access at the row level, whereas Oracle Database
Vault restricts access at the object and command levels.
• Transparent Data Encryption (TDE)
Out of the box, TDE provides (strong) encryption for the database
ODV is integrable with VPD, OLS and TDE
8. 88
Securing Data
Realms (gebieden):
Functional grouping of database schemas, objects, and roles that need to
be secured.
(example: all objects from SCOTT belong to realm RLM_SCOTT)
Command rules:
A special rule that you can create to control how users can execute almost
any SQL statement, including SELECT, ALTER SYSTEM, database
definition language (DDL), and data manipulation language (DML)
statements.
(example: SELECT on SCOTT objects)
9. 99
Securing Data
Factors:
A named variable or attribute, such as a user location, database IP
address, or session user, which Oracle Database Vault can recognize and
secure.
(Example: FAC_HOSTNAME => ‘hostname=‘exdb4002-adm’)
Rule sets:
A collection of one or more rules that you can associate with a realm
authorization, command rule, factor assignment, or secure application
role.
(Example: RST_IS_LASTDAYOFMONTH)
Rules:
Like “WHERE department = [whatever]”
(Example: RUL_DBUSER_ISNOT_GOOSSENSHFM)
14. 1414
Securing Data
The key to Separation of Duties is that no one single ROLE can do everything.
• The DV_OWNER role can only do data security.
• The DV_ACCTMGR role can only create/drop users
A DBA role can do anything EXCEPT data security and create/drop users – and is
subject to any data security setup by the DV_OWNER role.
By default Rabobank does not separate data and
user administration. Both roles (DV_OWNER and
DV_ACCTMGR) are granted to the same user.
15. 1515
Securing Data
$ sqlplus system/********
SQL*Plus: Release 11.2.0.4.0 Production on Tue Apr 26 14:27:23 2016
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, Real Application Clusters, Automatic Storage Management, Oracle Label Security,
OLAP, Data Mining, Oracle Database Vault and Real Application Testing options
SYSTEM@OLTB7_1 SQL> SELECT * FROM owner_dbt.emp;
EMPNO ENAME JOB MGR HIREDATE SAL
COMM DEPTNO
---------- ------------------------------ --------------------------- ---------- ------------------- ---------- ---
------- ----------
7369 SMITH CLERK 7902 14-12-2013:00:00:00 800
20
….
7902 FORD ANALYST 7566 30-11-2014:00:00:00 3000
20
7934 MILLER CLERK 7782 20-01-2015:00:00:00 1300
10
14 rows selected.
SYSTEM@OLTB7_1 SQL>
17. 1717
Securing Data
$ sqlplus system
SQL*Plus: Release 11.2.0.4.0 Production on Tue Apr 26 14:58:07 2016
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, Real Application Clusters, Automatic Storage Management, Oracle Label Security,
OLAP, Data Mining, Oracle Database Vault and Real Application Testing options
SYSTEM@OLTB7_1 SQL> select * from owner_dbt.emp;
select * from owner_dbt.emp
*
ERROR at line 1:
ORA-01031: insufficient privileges
SYSTEM@OLTB7_1 SQL> select * from owner_dbt.dept;
DEPTNO DNAME LOC
---------- ------------------------------------------ ---------------------------------------
10 ACCOUNTING NEW YORK
…
40 OPERATIONS BOSTON
SYSTEM@OLTB7_1 SQL>
19. 1919
Securing Data
grant select insert
update delete
user_app_dbt
owner_dbt_ro_role
user_dbt
grant select
all objects
grant role OWNER_DBT
20. 2020
Securing Data
To create the app user we need the special security account with the dv_acctmgr role
SYSTEM@OLTB7_1 SQL> create user user_app_dbt identified by ******* default tablespace users;
create user user_app_dbt identified by ******** default tablespace users
*
ERROR at line 1:
ORA-47306: 20006: No way Jose
SYSTEM@OLTB7_1 SQL> connect owner_dvt
Connected.
OWNER_DVT@OLTB7_1 SQL> create user user_app_dbt identified by ******** default tablespace
users;
User created.
OWNER_DVT@OLTB7_1 SQL> grant connect to user_app_dbt;
Grant succeeded.
OWNER_DVT@OLTB7_1 SQL>
21. 2121
Securing Data
Create the RO user and create RO role
OWNER_DVT@OLTB7_1 SQL> create user user_dbt identified by ******** default tablespace users;
User created.
OWNER_DVT@OLTB7_1 SQL> grant connect to user_dbt;
Grant succeeded.
OWNER_DVT@OLTB7_1 SQL>
SYSTEM@OLTB7_1 SQL> create role owner_dbt_ro_role;
Role created.
SYSTEM@OLTB7_1 SQL> grant owner_dbt_ro_role to user_dbt;
Grant succeeded.
SYSTEM@OLTB7_1 SQL>
22. 2222
Securing Data
$ sqlplus owner_dbt/********
SQL*Plus: Release 11.2.0.4.0 Production on Tue Apr 26 17:37:16 2016
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, Real Application Clusters, Automatic Storage Management, Oracle Label
Security,
OLAP, Data Mining, Oracle Database Vault and Real Application Testing options
OWNER_DBT@OLTB7_1 SQL> grant select, insert, update, delete on emp to user_app_dbt;
Grant succeeded.
OWNER_DBT@OLTB7_1 SQL> grant select on emp to owner_dbt_ro_role;
Grant succeeded.
OWNER_DBT@OLTB7_1 SQL>
23. 2323
Securing Data
grant select insert
update delete
user_app_dbt
owner_dbt_ro_role
user_dbt
grant select
all objects
grant role OWNER_DBT
24. 2424
Securing Data
USER_DBT@OLTB7_1 SQL> connect user_dbt/********
Connected.
USER_DBT@OLTB7_1 SQL> select count(*) from owner_dbt.emp;
COUNT(*)
----------
14
USER_DBT@OLTB7_1 SQL> delete from owner_dbt.emp;
delete from owner_dbt.emp
*
ERROR at line 1:
ORA-01031: insufficient privileges
READ access granted through “owner_dbt_ro_role”, delete not permitted
25. 2525
Securing Data
SYS@OLTB7_1 SQL> connect user_app_dbt/********
Connected.
USER_APP_DBT@OLTB7_1 SQL> select count(*) from owner_dbt.emp;
COUNT(*)
----------
14
USER_APP_DBT@OLTB7_1 SQL> delete from owner_dbt.emp;
14 rows deleted.
USER_APP_DBT@OLTB7_1 SQL> rollback;
Rollback complete.
USER_APP_DBT@OLTB7_1 SQL>
READ, WRITE, DELETE and UPDATE access granted through “GRANT”
26. 2626
Securing Data
SYSTEM@OLTB7_1 SQL> select count(*) from owner_dbt.emp;
COUNT(*)
----------
14
SYSTEM@OLTB7_1 SQL> delete from owner_dbt.emp;
delete from owner_dbt.emp
*
ERROR at line 1:
ORA-01031: insufficient privileges
What the heck is going on, SYSTEM can still SELECT from OWNER_DBT.EMP?
SYSTEM@OLTB7_1 SQL> select * from session_roles where role like 'OWNER%';
ROLE
-----------------
OWNER_DBT_RO_ROLE
27. 2727
Securing Data
ROLE has been created by SYSTEM and because of this is granted access also.
There is a nice solution for this but we keep it simple for now.
SYSTEM@OLTB7_1 SQL> drop role owner_dbt_ro_role;
Role dropped.
SYSTEM@OLTB7_1 SQL> connect owner_dbt/********
Connected.
OWNER_DBT@OLTB7_1 SQL> grant select on emp to user_dbt;
Grant succeeded.
OWNER_DBT@OLTB7_1 SQL> connect system/********
Connected.
SYSTEM@OLTB7_1 SQL> select count(*) from owner_dbt.emp;
select count(*) from owner_dbt.emp
*
ERROR at line 1:
ORA-01031: insufficient privileges
SYSTEM@OLTB7_1 SQL> delete from owner_dbt.emp;
delete from owner_dbt.emp
*
ERROR at line 1:
ORA-01031: insufficient privileges
28. 2828
Securing Data
$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.4.0 Production on Thu Apr 28 10:39:25 2016
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, Real Application Clusters, Automatic Storage Management, Oracle Label
Security,
OLAP, Data Mining, Oracle Database Vault and Real Application Testing options
SYS@OLTB7_1 SQL> select count(*) from owner_dbt.emp;
select count(*) from owner_dbt.emp
*
ERROR at line 1:
ORA-01031: insufficient privileges
SYS@OLTB7_1 SQL> delete from owner_dbt.emp;
delete from owner_dbt.emp
*
ERROR at line 1:
ORA-01031: insufficient privileges
29. 2929
Securing Data
SYS@OLTB7_1 SQL> connect user_dbt/********
Connected.
USER_DBT@OLTB7_1 SQL> select count(*) from owner_dbt.emp;
COUNT(*)
----------
14
USER_DBT@OLTB7_1 SQL> delete from owner_dbt.emp;
delete from owner_dbt.emp
*
ERROR at line 1:
ORA-01031: insufficient privileges
30. 3030
Securing Data
USER_DBT@OLTB7_1 SQL> connect owner_dvt/********
Connected.
OWNER_DVT@OLTB7_1 SQL> select count(*) from owner_dbt.emp;
select count(*) from owner_dbt.emp
*
ERROR at line 1:
ORA-00942: table or view does not exist
OWNER_DVT@OLTB7_1 SQL> delete from owner_dbt.emp;
delete from owner_dbt.emp
*
ERROR at line 1:
ORA-00942: table or view does not exist
37. 3737
Securing Data
Data Pump
….
Processing object type SCHEMA_EXPORT/POST_SCHEMA/PROCACT_SCHEMA
ORA-31693: Table data object "OWNER_DBT"."DEPT" failed to load/unload and is being skipped due to error:
ORA-02354: error in exporting/importing data
ORA-28116: insufficient privileges to do direct path access
ORA-31693: Table data object "OWNER_DBT"."DUMMY" failed to load/unload and is being skipped due to error:
ORA-02354: error in exporting/importing data
ORA-28116: insufficient privileges to do direct path access
ORA-31693: Table data object "OWNER_DBT"."EMP" failed to load/unload and is being skipped due to error:
ORA-02354: error in exporting/importing data
ORA-28116: insufficient privileges to do direct path access
ORA-31693: Table data object "OWNER_DBT"."SALARY" failed to load/unload and is being skipped due to error:
ORA-02354: error in exporting/importing data
ORA-28116: insufficient privileges to do direct path access
ORA-31693: Table data object "OWNER_DBT"."SALGRADE" failed to load/unload and is being skipped due to error:
ORA-02354: error in exporting/importing data
ORA-28116: insufficient privileges to do direct path access
….
39. 3939
Backups
• EXP/EXPDP need privileges from
REALM owner. Export files are
non-secured.
• RMAN bacups are block based
and recoverable within another
database (clone/duplicate)