TAILIEUCHUNG - Applied Oracle Security: Developing Secure Database and Middleware Environments- P22

Applied Oracle Security: Developing Secure Database and Middleware Environments- P22:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 184 Part II Oracle Database Vault mary@aos query MARY s OLS authorization and mary@aos the effective OLS session label mary@aos SELECT CUSTOMER_POLICY EFFECTIVE_SESSION_LABEL FROM DUAL EFFECTIVESESSIONLABEL LOW 1 row selected. mary@aos attempt to set the session label to HIGH mary@aos which MARY is in fact authorized but the mary@aos session under DBV control is not mary@aos EXECUTE CUSTOMER_POLICY HIGH BEGIN CUSTOMER_POLICY HIGH END ERROR at line 1 ORA-47905 OLS policy label HIGH is not allowed for policy CUSTOMER_POLICY ORA-06512 at line 38 ORA-06512 at line 381 ORA-06512 at line 116 ORA-06512 at line 1 ORA-06512 at line 415 ORA-06512 at line 426 ORA-06512 at line 1 2 Factor Assignment DBV factors can be configured to allow the identity to be assigned by a database session at runtime using the procedure . This feature may seem a little scary at first glance as we must use caution designing application security around information provided by the client. The assignment of a DBV factor s identity if configured is controlled by a DBV rule set that must be true for the assignment to be authorized. Accepting client information in an application is a common practice in Oracle database applications. For example many three-tier systems client application server database server rely on the use of database connection pools from the application server to the database server. These connection pools use a dedicated database account and need a mechanism to assert information about the client such as the identity of the user as discussed in Chapter 1. The organization maintaining the application may not have the option to migrate the application to use Oracle Enterprise User Security EUS and Oracle Proxy Authentication but the audit attribution is still required for any database actions performed on behalf