|Oracle® Database Administrator's Guide
11g Release 2 (11.2)
Part Number E17120-11
|PDF · Mobi · ePub|
After you create a database as described in "Creating a Database with DBCA" or "Creating a Database with the CREATE DATABASE Statement", the instance is left running, and the database is open and available for normal database use. You may want to perform other actions, some of which are discussed in this section.
In this release of Oracle Database, several enhancements were made to ensure the security your database. You can find security guidelines for this release in Oracle Database Security Guide. Oracle recommends that you read these guidelines and configure your database accordingly.
After the database is created, you can configure it to take advantage of Oracle Identity Management. For information on how to do this, see Oracle Database Enterprise User Security Administrator's Guide.
A newly created database has at least three user accounts that are important for administering your database:
SYSMAN. Additional administrative accounts are provided that should be used only by authorized users. To protect these accounts from being used by unauthorized users familiar with their Oracle-supplied passwords, these accounts are initially locked with their passwords expired. As the database administrator, you are responsible for the unlocking and resetting of these accounts.
See Oracle Database 2 Day + Security Guide for a complete list of predefined user accounts created with each new Oracle Database installation.
Caution:To prevent unauthorized access and protect the integrity of your database, it is important that new passwords for user accounts
SYSTEMbe specified when the database is created. This is accomplished by specifying the following
CREATE DATABASEclauses when manually creating you database, or by using DBCA to create the database:
USER SYS IDENTIFIED BY
USER SYSTEM IDENTIFIED BY
Transparent data encryption is a feature that enables encryption of individual database columns before storing them in the datafile, or enables encryption of entire tablespaces. If users attempt to circumvent the database access control mechanisms by looking inside datafiles directly with operating system tools, transparent data encryption prevents such users from viewing sensitive information.
Users who have the
CREATE TABLE privilege can choose one or more columns in a table to be encrypted. The data is encrypted in the datafiles and in the audit logs (if audit is turned on). Database users with appropriate privileges can view the data in unencrypted format. For information on enabling transparent data encryption, see Oracle Database Advanced Security Administrator's Guide.
For large-scale deployments where applications use password credentials to connect to databases, it is possible to store such credentials in a client-side Oracle wallet. An Oracle wallet is a secure software container that is used to store authentication and signing credentials.
Storing database password credentials in a client-side Oracle wallet eliminates the need to embed usernames and passwords in application code, batch jobs, or scripts. This reduces the risk of exposing passwords in the clear in scripts and application code, and simplifies maintenance because you need not change your code each time usernames and passwords change. In addition, not having to change application code also makes it easier to enforce password management policies for these user accounts.
When you configure a client to use the external password store, applications can use the following syntax to connect to databases that use password authentication:
Note that you need not specify database login credentials in this
CONNECT statement. Instead your system looks for database login credentials in the client wallet.
See Also:Oracle Database Advanced Security Administrator's Guide for information about configuring your client to use a secure external password store and for information about managing credentials in it
The Oracle Database distribution media includes various SQL files that let you experiment with the system, learn SQL, or create additional tables, views, or synonyms.
Oracle Database includes sample schemas that help you to become familiar with Oracle Database functionality. All Oracle Database documentation and training materials are being converted to the Sample Schemas environment as those materials are updated.
The Sample Schemas can be installed automatically by the Database Configuration Assistant, or you can install them manually. The schemas and installation instructions are described in detail in Oracle Database Sample Schemas.