TAILIEUCHUNG - Applied Oracle Security: Developing Secure Database and Middleware Environments- P19
Applied Oracle Security: Developing Secure Database and Middleware Environments- P19:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 154 Part II Oracle Database Vault The DBV rules engine had created DBV rule that references this PL SQL function. When the function was dropped the reference was broken along with the underlying GRANT EXECUTE privilege on the function to DVSYS. We can see this problem by attempting to validate the correct syntax of all the DBV rules that are configured. We can perform this validation by issuing the following call as the DBV security administrator DBVOWNER dbvowner@aos exec BEGIN END ERROR at line 1 ORA-25448 rule 5045 has errors ORA-00904 SH . CAN_PERFORM_SALES_SUMMARY invalid identifier ORA-06512 at line 188 ORA-06512 at line 2794 ORA-06512 at line 1 In this example you can see that one of our rules is invalid probably because we forgot to GRANT EXECUTE privilege on a function to DVSYS. You can isolate the offending rule by querying the RULE view as follows dbvowner@aos SELECT name rule_expr from rule WHERE id 5045 NAME RULEEXPR Is Sales Summary Allowed 1 1 row selected. In this example the internal rule name is 5045. This corresponds to the ID 5045 in the view RULE. The DBV security administrator can investigate views such as DBA_TAB_PRIVS and DBA_OBJECTS to determine why the problem exists. In this case if MARY simply re-creates the function and GRANTs EXECUTE privilege on the function to DVSYS the DBV security administrator can then reexecute the procedure to recompile the DBV rule. DBV Rule Set Event Functions The DBV product installs a collection of PL SQL functions that can be used in DBV rule expressions to retrieve detailed information about the database command that is being evaluated for realm authorizations and command rules such as UPDATE on as well as the session context in which the command is operating. These PL SQL functions are called the DBV rule set event .
đang nạp các trang xem trước