Index

A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  

Symbols

  • "all permissions" 1

Numerics

  • 12C verifier
    • about 1
    • recommended by Oracle 1

A

  • access control
    • encryption, problems not solved by 1
    • enforcing 1
    • object privileges 1
    • password encryption 1
  • access control list (ACL)
    • examples
      • external network connection for email alert 1
      • external network connections 1
      • wallet access 1
    • external network services
      • about 1
      • advantages 1
      • affect of upgrade from earlier release 1
      • email alert for audit violation tutorial 1
      • finding information about 1
      • network hosts, using wildcards to specify 1
      • ORA-06512 error 1
      • ORA-24247 error 1
      • ORA-24247 errors 1
      • order of precedence, hosts 1
      • port ranges 1
      • privilege assignments, about 1
      • privilege assignments, database administrators checking 1
      • privilege assignments, users checking 1
      • revoking privileges 1
    • wallet access
      • about 1
      • advantages 1
      • client certificate credentials, using 1
      • finding information about 1
      • non-shared wallets 1
      • password credentials 1
      • password credentials, using 1
      • revoking 1
      • revoking access 1
      • shared database session 1
      • wallets without sensitive information 1
      • wallets with sensitive information 1
  • accounting, RADIUS 1
  • account locking
    • example 1
    • explicit 1
    • PASSWORD_LOCK_TIME profile parameter 1
    • password management 1
  • activating checksumming and encryption 1
  • adapters 1
  • ad hoc tools
    • database access, security problems of 1
  • ADM_PARALLEL_EXECUTE_TASK role
    • about 1
  • administrative privileges
    • about 1
    • granting to users 1
    • SYSBACKUP privilege 1
    • SYSDBA privilege 1
    • SYSDG privilege 1
    • SYSKM privilege 1
    • SYSOPER privilege 1
  • administrative user passwords
    • default, importance of changing 1
  • administrative users
    • auditing 1
    • mandatorily audited 1
  • administrator privileges
    • access 1
    • operating system authentication 1
    • passwords 1 , 2
    • SYSDBA and SYSOPER access, centrally controlling 1
    • write, on listener.ora file 1
  • ADMIN OPTION
    • about 1
    • revoking privileges 1
    • revoking roles 1
    • roles 1
    • system privileges 1
  • AES256 algorithm
    • converting to in Oracle wallets 1
  • alerts, used in fine-grained audit policy 1
  • ALTER ANY LIBRARY statement
    • security guidelines 1
  • altering users 1
  • ALTER PROCEDURE statement
    • used for compiling procedures 1
  • ALTER PROFILE statement
    • password management 1
  • ALTER RESOURCE COST statement 1 , 2
  • ALTER ROLE statement
    • changing authorization method 1
  • ALTER SESSION statement
    • schema, setting current 1
  • ALTER USER privilege 1
  • ALTER USER statement
    • default roles 1
    • explicit account unlocking 1
    • profiles, changing 1
    • REVOKE CONNECT THROUGH clause 1
  • anonymous 1
  • ANSI operations
    • Oracle Virtual Private Database affect on 1
  • ANY system privilege
    • guidelines for security 1
  • application contexts
    • about 1
    • as secure data cache 1
    • benefits of using 1
    • bind variables 1
    • components 1
    • creating session based 1
    • DBMS_SESSION.SET_CONTEXT procedure 1
    • driving context 1
    • editions, affect on 1
    • finding errors by checking trace files 1
    • finding information about 1
    • global application contexts
      • authenticating user for multiple applications 1
      • creating 1
    • logon trigger, creating 1
    • Oracle Virtual Private Database, used with 1
    • performance 1
    • policy groups, used in 1
    • returning predicate 1
    • session information, retrieving 1
    • support for database links 1
    • types 1
    • users, nondatabase connections 1 , 2
    • where values are stored 1
  • application developers
    • CONNECT role change 1
  • applications
    • about security policies for 1
    • database users 1
    • enhancing security with 1
    • object privileges 1
    • object privileges permitting SQL statements 1
    • One Big Application User authentication
      • security considerations 1
      • security risks of 1
    • Oracle Virtual Private Database, how it works with 1
    • password handling, guidelines 1
    • password protection strategies 1
    • privileges, managing 1
    • roles
      • multiple 1
      • privileges, associating with database roles 1
    • security 1 , 2
    • security considerations for use 1
    • security limitations 1
    • security policies 1
    • validating with security policies 1
  • application security
    • restricting wallet access to current application 1
    • revoking access control privileges from Oracle wallets 1
    • sharing wallet with other applications 1
    • specifying attributes 1
  • application users who are database users
    • Oracle Virtual Private Database, how it works with 1
  • archiving
    • operating system audit files 1
    • standard audit trail 1
    • timestamping audit trail 1
  • asynchronous authentication mode in RADIUS 1
  • attacks
    • See: security attacks
  • AUDIT_ADMIN role 1
  • AUDIT_VIEWER role 1
  • audit files
    • operating system audit trail
      • archiving, setting timestamp 1
    • operating system file
      • archiving 1
    • standard audit trail
      • archiving, setting timestamp 1
      • records, archiving 1
  • auditing
    • administrators, Database Vault 1
    • audit options 1
    • audit trail, sensitive data in 1
    • CDBs 1
    • committed data 1
    • cursors, affect on auditing 1
    • databases, when unavailable 1
    • database user names 1
    • Database Vault administrators 1
    • distributed databases and 1
    • DV_ADMIN role user 1
    • DV_OWNER role user 1
    • finding information about audit management 1
    • finding information about usage 1
    • fine-grained
      • See fine-grained auditing 1
    • functions 1
    • functions, Oracle Virtual Private Database 1
    • general steps
      • commonly used security-relevant activities 1
      • specific fine-grained activities 1
      • SQL statements and other general activities 1
    • general steps for 1
    • guidelines for security 1
    • historical information 1
    • INHERIT PRIVILEGE privilege 1
    • keeping information manageable 1
    • loading audit records to unified audit trail 1
    • mandatory auditing 1
    • multitier environments
      • See standard auditing 1
    • One Big Application User authentication, compromised by 1
    • operating-system user names 1
    • Oracle Recovery Manager events 1
    • Oracle Virtual Private Database policy functions 1
    • packages 1
    • performance 1
    • PL/SQL packages 1
    • predefined policies
      • general steps for using 1
    • privileges required 1
    • procedures 1
    • purging records
      • example 1
      • general steps for manual purges 1
      • general steps for scheduled purges 1
    • range of focus 1
    • READ object privileges in policies 1
    • READ privileges
      • about 1
      • how recorded in audit trail 1
    • recommended settings 1
    • Sarbanes-Oxley Act
      • auditing, meeting compliance through 1
    • SELECT privileges
      • about 1
      • how recorded in audit trail 1
    • suspicious activity 1
    • triggers 1
    • unified audit trail
      • about 1
    • VPD predicates
      • fine-grained audit policies 1
    • when audit options take effect 1
    • when records are created 1
  • auditing, purging records
    • about 1
    • cancelling archive timestamp 1
    • creating audit trail
      • purge job 1
    • creating the purge job 1
    • DBMS_SCHEDULER package 1
    • deleting a purge job 1
    • disabling purge jobs 1
    • enabling purge jobs 1
    • general steps for 1
    • purging audit trail manually 1
    • roadmap 1
    • scheduling the purge job 1
    • setting archive timestamp 1
    • time interval for named purge job 1
  • audit policies 1
    • See also: unified audit policies
  • audit policies, application contexts
    • about 1
    • appearance in audit trail 1
    • configuring 1
    • disabling 1
    • examples 1
  • audit trail
    • archiving 1
    • finding information about audit management 1
    • finding information about usage 1
    • unified
      • archiving 1
  • AUTHENTICATEDUSER role 1
  • authentication
    • about 1
    • administrators
      • operating system 1
      • passwords 1
      • SYSDBA and SYSOPER access, centrally controlling 1
    • by database 1
    • by SSL 1
    • client 1
    • client-to-middle tier process 1
    • configuring multiple methods 1
    • database administrators 1
    • databases, using
      • about 1
      • advantages 1
      • procedure 1
    • directory-based services 1
    • directory service 1
    • external authentication
      • about 1
      • advantages 1
      • operating system authentication 1
      • user creation 1
    • global authentication
      • about 1
      • advantages 1
      • user creation for private schemas 1
      • user creation for shared schemas 1
    • methods 1
    • middle-tier authentication
      • proxies, example 1
    • modes in RADIUS 1
    • multitier 1
    • network authentication
      • Secure Sockets Layer 1
      • third-party services 1
    • One Big Application User, compromised by 1
    • operating system authentication
      • about 1
      • advantages 1
      • disadvantages 1
    • ORA-28040 errors 1
    • proxy user authentication
      • about 1
      • expired passwords 1
    • public key infrastructure 1
    • RADIUS 1
    • remote 1
    • specifying when creating a user 1
    • strong 1
    • SYSDBA on Windows systems 1
    • Windows native authentication 1
  • AUTHENTICATION parameter 1
  • AUTHID DEFINER clause
    • used with Oracle Virtual Private Database functions 1
  • authorization
    • about 1
    • changing for roles 1
    • global
      • about 1
      • advantages 1
    • multitier 1
    • omitting for roles 1
    • operating system 1
    • roles, about 1
  • automatic reparse
    • Oracle Virtual Private Database, how it works with 1

B

  • banners
    • auditing user actions, configuring 1
    • unauthorized access, configuring 1
  • BFILEs
    • guidelines for security 1
  • bind variables
    • application contexts, used with 1
  • BLOBS
    • encrypting 1

C

  • CAPTURE_ADMIN role 1
  • cascading revokes 1
  • CDB_DBA role 1
  • CDBs
    • auditing, how affects 1
    • CBAC role grants with DELEGATE option 1
    • common privilege grants 1
    • granting privileges 1
    • local privilege grants 1
    • object privileges 1
    • privilege management 1
    • revoking privileges 1
    • role management 1
    • roles
      • altering 1
      • creating common 1
      • creating local 1
      • granting common 1
      • how common roles work 1
      • privileges required to manage 1
      • rules for creating common 1
    • system privileges 1
    • transparent sensitive data protection 1
    • user accounts
      • creating 1
      • local 1
    • user privileges, how affects 1
    • users
      • common 1
    • viewing information about 1
    • Virtual Private Database policies 1
  • Center for Internet Security (CIS) 1
  • certificate 1
  • certificate authority 1
  • certificate key algorithm
    • Secure Sockets Layer 1
  • certificate revocation lists
    • manipulating with orapki tool 1
    • uploading to LDAP directory 1
    • where to store them 1
  • certificate revocation status checking
    • disabling on server 1 , 2
  • certificates
    • creating signed with orapki 1
  • certificate validation error message
    • CRL could not be found 1
    • CRL date verification failed with RSA status 1
    • CRL signature verification failed with RSA status 1
    • Fetch CRL from CRL DP
      • No CRLs found 1
    • OID hostname or port number not set 1
  • challenge-response authentication in RADIUS 1
  • change_on_install default password 1
  • character sets
    • role names, multibyte characters in 1
    • role passwords, multibyte characters in 1
  • cipher suites
    • about 1
    • procedure for specifying for server 1
    • Secure Sockets Layer 1
    • Secure Sockets Layer (SSL) 1
    • supported 1
  • Cipher Suites
    • FIPS 140-2 settings 1
  • CLIENT_IDENTIFIER USERENV attribute
    • setting and clearing with DBMS_SESSION package 1
    • setting with OCI user session handle attribute 1
  • client authentication in SSL 1
  • client connections
    • guidelines for security 1
    • secure external password store 1
    • securing 1
  • CLIENTID_OVERWRITE event 1
  • client identifier
    • setting for applications that use JDBC 1
  • client identifiers
    • about 1
    • auditing users 1
    • consistency between DBMS_SESSION.SET_IDENTIFIER and DBMS_APPLICATION_INFO.SET_CLIENT_INFO 1
    • global application context, independent of 1
    • setting with DBMS_SESSION.SET_IDENTIFIER procedure 1
  • client session-based application contexts
    • about 1
    • CLIENTCONTEXT namespace, clearing value from 1
    • CLIENTCONTEXT namespace, setting value in 1
    • retrieving CLIENTCONTEXT namespace 1
  • code based access control (CBAC)
    • about 1
    • granting and revoking roles to program unit 1
    • how works with definers rights 1
    • how works with invoker’s rights 1
    • privileges 1
    • tutorial 1
  • column masking behavior
    • column specification 1
    • restrictions 1
  • columns
    • granting privileges for selected 1
    • granting privileges on 1
    • INSERT privilege and 1
    • listing users granted to 1
    • privileges 1
    • pseudo columns
      • USER 1
    • revoking privileges on 1
  • command line recall attacks 1 , 2
  • committed data
    • auditing 1
  • common privilege grants
    • about 1
    • granting 1
    • revoking 1
    • with object privileges 1
    • with system privileges 1
  • common roles
    • about 1
    • auditing 1
    • creating 1
    • granting 1
    • how they work 1
    • privileges required to manage 1
    • rules for creating 1
  • common user accounts
    • creating 1
    • enabling access to other PDBs 1
    • granting privileges to 1
  • common users
    • about 1
    • accessing data in PDBs 1
    • altering 1
    • plug-in operations 1
  • configuration
    • guidelines for security 1
  • configuration files
    • Kerberos 1
    • listener.ora 1
    • sample listener.ora file 1
    • server.key encryption file 1
    • tsnames.ora 1
    • typical directory 1
  • configuring
    • Kerberos authentication service parameters 1
    • RADIUS authentication 1
    • SSL
      • on the client 1
      • on the server 1
    • thin JDBC support 1
  • connecting
    • with username and password 1
  • connection pooling
    • about 1
    • global application contexts 1
    • nondatabase users 1
    • proxy authentication 1
  • CONNECT role
    • about 1
    • applications
      • account provisioning 1
      • affects of 1
      • database upgrades 1
      • installation of 1
    • script to create 1
    • users
      • application developers, impact 1
      • client-server applications, impact 1
      • general users, impact 1
      • how affects 1
    • why changed 1
  • container database (CDB)
    • See: CDBs
  • container data objects
    • about 1
  • controlled step-in procedures 1
  • CPU time limit 1
  • CREATE ANY LIBRARY statement
    • security guidelines 1
  • CREATE ANY PROCEDURE system privilege 1
  • CREATE CONTEXT statement
    • example 1
  • CREATE PROCEDURE system privilege 1
  • CREATE PROFILE statement
    • password aging and expiration 1
    • password management 1
    • passwords, example 1
  • CREATE ROLE statement
    • IDENTIFIED EXTERNALLY option 1
  • CREATE SCHEMA statement
    • securing 1
  • CREATE SESSION statement
    • CONNECT role privilege 1
    • securing 1
  • CREATE USER statement
    • explicit account locking 1
    • IDENTIFIED BY option 1
    • IDENTIFIED EXTERNALLY option 1
  • CRL 1
  • CRLAdmins directory administrative group 1
  • CRLs
    • disabling on server 1 , 2
    • where to store them 1
  • cryptographic hardware devices 1
  • cryptographic libraries
    • FIPS 140-2 1
  • CSW_USR_ROLE role 1
  • CTXAPP role 1
  • cursors
    • affect on auditing 1
    • reparsing, for application contexts 1
    • shared, used with Virtual Private Database 1
  • custom installation 1
  • CWM_USER role 1

D

  • database administrators (DBAs)
    • access, controlling 1
    • authentication 1
    • malicious, encryption not solved by 1
  • Database Configuration Assistant (DBCA)
    • default passwords, changing 1
    • user accounts, automatically locking and expiring 1
  • database links
    • application contexts 1
    • application context support 1
    • authenticating with Kerberos 1
    • authenticating with third-party services 1
    • global user authentication 1
    • object privileges 1
    • operating system accounts, care needed 1
    • RADIUS not supported 1
    • session-based application contexts, accessing 1
  • databases
    • access control
      • password encryption 1
    • additional security resources 1
    • authentication 1
    • database user and application user 1
    • default password security settings
      • DBCA-created databases 1
      • manually-created databases 1
    • default security features, summary 1
    • granting privileges 1
    • granting roles 1
    • limitations on usage 1
    • security and schemas 1
    • security embedded, advantages of 1
    • security policies based on 1
  • database session-based application contexts
    • about 1
    • cleaning up after user exits 1
    • components 1
    • database links 1
    • dynamic SQL 1
    • externalized, using 1
    • how to use 1
    • initializing externally 1
    • initializing globally 1
    • ownership 1
    • parallel queries 1
    • PL/SQL package creation 1
    • session information, setting 1
    • SYS_CONTEXT function 1
    • trusted procedure 1
    • tutorial 1
  • database upgrades and CONNECT role 1
  • data definition language (DDL)
    • roles and privileges 1
  • data dictionary
    • protecting 1
    • securing with O7_DICTIONARY_ACCESSIBILITY 1
  • data dictionary views
    • See: views
  • data encryption and integrity parameters
    • about 1
    • SQLNET.CRYPTO_CHECKSUM_CLIENT 1
    • SQLNET.CRYPTO_CHECKSUM_SERVER 1
    • SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT 1
    • SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER 1
    • SQLNET.ENCRYPTION_CLIENT 1
    • SQLNET.ENCRYPTION_SERVER 1
    • SQLNET.ENCRYPTION_TYPES_CLIENT 1
    • SQLNET.ENCRYPTION_TYPES_SERVER 1
  • data files
    • guidelines for security 1
  • data manipulation language (DML)
    • privileges controlling 1
  • DATAPUMP_EXP_FULL_DATABASE role 1
  • DATAPUMP_IMP_FULL_DATABASE role 1
  • data security
    • encryption, problems not solved by 1
  • DBA_CONTAINER_DATA data dictionary view 1
  • DBA_ROLE_PRIVS view
    • application privileges, finding 1
  • DBA_ROLES data dictionary view
    • PUBLIC role 1
  • DBA role
    • about 1
  • DBFS_ROLE role 1
  • DBMS_CREDENTIAL.CREATE_CREDENTIAL procedure 1
  • DBMS_CRYPTO package
    • examples 1
  • DBMS_CRYPTO PL/SQL package
    • enabling for FIPS 140-2 1
  • DBMS_FGA package
    • about 1
    • ADD_POLICY procedure 1
    • DISABLE_POLICY procedure 1
    • DROP_POLICY procedure 1
    • editions 1
    • ENABLE_POLICY procedure 1
    • PDBs 1
  • DBMS_NETWORK_ACL_ADMIN.REMOVE_HOST_ACE procedure 1
  • DBMS_RLS.ADD_POLICY
    • sec_relevant_cols_opt parameter 1
    • sec_relevant_cols parameter 1
  • DBMS_RLS.ADD_POLICY procedure
    • transparent sensitive data protection polices 1
  • DBMS_SESSION.SET_CONTEXT procedure
    • about 1
    • syntax 1
    • username and client_id settings 1
  • DBMS_SESSION.SET_IDENTIFIER procedure
    • client session ID, setting 1
    • DBMS_APPLICATION.SET_CLIENT_INFO value, overwritten by 1
  • DBMS_SESSION package
    • client identifiers, using 1
    • global application context, used in 1
    • SET_CONTEXT procedure
      • about 1
  • DBSNMP user account
    • password usage 1
  • DDL
    • See: data definition language
  • debugging
    • Java stored procedures 1
    • PL/SQL stored procedures 1
  • default passwords
    • change_on_install or manager passwords 1
    • changing, importance of 1
    • finding 1
  • default permissions 1
  • default profiles
    • about 1
  • default roles
    • setting for user 1
    • specifying 1
  • defaults
    • tablespace quota 1
    • user tablespaces 1
  • default users
    • accounts 1
    • Enterprise Manager accounts 1
    • passwords 1
  • definer’s rights
    • about 1
    • code based access control
      • about 1
      • granting and revoking roles to program unit 1
      • how code based access control works 1
    • compared with invoker’s rights 1
    • example of when to use 1
    • procedure privileges, used with 1
    • procedure security 1
    • schema privileges for 1
    • secure application roles 1
    • used with Oracle Virtual Private Database functions 1
    • views 1
  • DELETE_CATALOG_ROLE role
    • SYS schema objects, enabling access to 1
  • denial-of-service (DoS) attacks
    • bad packets, preventing 1
    • networks, securing 1
  • denial-of-service attacks
    • about 1
  • Department of Defense Database Security Technical Implementation Guide 1 , 2
  • dictionary protection mechanism 1
  • dictionary tables
    • auditing 1
  • Diffie-Hellman 1
  • Diffie-Hellman key negotiation algorithm 1
  • directories
    • auditing 1
  • directory authentication, configuring for SYSDBA or SYSOPER access 1
  • directory-based services authentication 1
  • directory objects
    • granting EXECUTE privilege on 1
  • direct path load
    • fine-grained auditing effects on 1
  • disabling unnecessary services
    • FTP, TFTP, TELNET 1
  • dispatcher processes (Dnnn)
    • limiting SGA space for each session 1
  • distributed databases
    • auditing and 1
  • DML
    • See: data manipulation language
  • driving context 1
  • DROP PROFILE statement
    • example 1
  • DROP ROLE statement
    • example 1
    • security domain, affected 1
  • DROP USER statement
    • about 1
    • schema objects of dropped user 1
  • DVF schema
    • ORA_DV_AUDPOL predefined audit policy for 1
  • dynamic Oracle Virtual Private Database policy types 1
  • DYNAMIC policy type 1

E

  • ECB ciphertext encryption mode 1
  • editions
    • application contexts, how affects 1
    • fine-grained auditing packages, results in 1
    • global application contexts, how affects 1
    • Oracle Virtual Private Database packages, results in 1
  • EJBCLIENT role 1
  • EM_EXPRESS_ALL role 1
  • EM_EXPRESS_BASIC role 1
  • email alert example 1
  • encryption
    • access control 1
    • BLOBS 1
    • challenges 1
    • data security, problems not solved by 1
    • data transfer 1
    • deleted encrypted data 1
    • examples 1
    • finding information about 1
    • fine-grained audit policies on encrypted columns 1
    • indexed data 1
    • key generation 1
    • keys, changing 1
    • key storage 1
    • key transmission 1
    • malicious database administrators 1
    • network encryption 1
    • network traffic 1
    • problems not solved by 1
    • Transparent Data Encryption 1
    • transparent tablespace encryption 1
  • encryption and checksumming
    • activating 1
    • negotiating 1
    • parameter settings 1
  • ENFORCE_CREDENTIAL configuration parameter
    • security guideline 1
  • enterprise directory service 1
  • enterprise roles 1 , 2
  • enterprise user management 1
  • enterprise users
    • centralized management 1
    • global role, creating 1
    • One Big Application User authentication, compromised by 1
    • proxy authentication 1
    • shared schemas, protecting users 1
  • Enterprise User Security
    • application context, globally initialized 1
    • proxy authentication
      • Oracle Virtual Private Database, how it works with 1
  • error messages
    • ORA-12650 1 , 2 , 3 , 4 , 5 , 6
  • errors
    • OPW-00005 1
    • ORA-00036 1
    • ORA-01720 1
    • ORA-06512 1 , 2
    • ORA-06598 1
    • ORA-1000 1
    • ORA-1536 1
    • ORA-24247 1 , 2 , 3
    • ORA-28009 1
    • ORA-28017 1
    • ORA-28040 1 , 3
    • ORA-28046 1
    • ORA-28133 1
    • ORA-28144 1
    • ORA-28575 1
    • ORA-45622 1
  • examples
    • access control lists
      • external network connections 1
      • wallet access 1
    • account locking 1
    • auditing user SYS 1
    • audit trail, purging unified trail 1
    • data encryption
      • encrypting and decrypting BLOB data 1
      • encrypting and decrypting procedure with AES 256-Bit 1
    • directory objects, granting EXECUTE privilege on 1
    • encrypting procedure 1
    • Java code to read passwords 1
    • locking an account with CREATE PROFILE 1
    • login attempt grace period 1
    • nondatabase user authentication 1
    • O7_DICTIONARY_ACCESSIBILITY initialization parameter, setting 1
    • passwords
      • aging and expiration 1
      • changing 1
      • creating for user 1
    • privileges
      • granting ADMIN OPTION 1
      • views 1
    • procedure privileges affecting packages 1 , 2
    • profiles, assigning to user 1
    • roles
      • altering for external authorization 1
      • creating for application authorization 1
      • creating for external authorization 1
      • creating for password authorization 1 , 2
      • default, setting 1
      • global 1
      • using SET ROLE for password-authenticated roles 1
      • views 1
    • secure external password store 1
    • session ID of user
      • finding 1
    • system privilege and role, granting 1
    • tablespaces
      • assigning default to user 1
      • quota, assigning to user 1
      • temporary 1
    • type creation 1
    • users
      • account creation 1
      • creating with GRANT statement 1
      • dropping 1
      • middle-tier server proxying a client 1
      • object privileges granted to 1
      • proxy user, connecting as 1
  • exceptions
    • WHEN NO DATA FOUND, used in application context package 1
    • WHEN OTHERS, used in triggers
      • development environment (debugging) example 1
      • production environment example 1
  • Exclusive Mode
    • SHA-2 password hashing algorithm, enabling 1
  • EXECUTE_CATALOG_ROLE role
    • SYS schema objects, enabling access to 1
  • EXECUTE ANY LIBRARY statement
    • security guidelines 1
  • EXEMPT ACCESS POLICY privilege
    • Oracle Virtual Private Database enforcements, exemption 1
  • EXP_FULL_DATABASE role
    • about 1
  • expiring a password
    • explicitly 1
  • exporting data
    • direct path export impact on Oracle Virtual Private Database 1
    • policy enforcement 1
  • external authentication
    • about 1
    • advantages 1
    • network 1
    • operating system 1
    • user creation 1
  • external network services, fine-grained access to
    • See: access control list (ACL)
  • external procedures
    • configuring extproc process for 1
    • credentials 1
    • DBMS_CREDENTIAL.CREATE_CREDENTIAL procedure 1
    • legacy applications 1
    • security guideline 1
  • external tables 1
  • extproc process
    • about 1
    • configuring credential for 1
    • legacy applications 1

F

  • failed login attempts
    • account locking 1
    • password management 1
    • resetting 1
  • fallback authentication, Kerberos 1
  • Federal Information Processing Standard (FIPS)
    • DBMS_CRYPTO package 1
    • FIPS 140-2
      • Cipher Suites 1
      • postinstallation checks 1
      • SSLFIPS_140 1
      • verifying connections 1
    • FIPS 140-2 Level 2 certification 1
    • Transparent Data Encryption 1
  • files
    • BFILEs
      • operating system access, restricting 1
    • BLOB 1
    • keys 1
    • listener.ora file
      • guidelines for security 1 , 2
    • restrict listener access 1
    • server.key encryption file 1
    • symbolic links, restricting 1
    • tnsnames.ora 1
  • fine-grained access control
    • See: Oracle Virtual Private Database (VPD)
  • fine-grained auditing
    • about 1
    • alerts, adding to policy 1
    • archiving audit trail 1
    • columns, specific 1
    • DBMS_FGA package 1
    • direct loads of data 1
    • edition-based redefinitions 1
    • editions, results in 1
    • encrypted table columns 1
    • finding errors by checking trace files 1
    • how audit records are generated 1
    • how to use 1
    • policies
      • adding 1
      • disabling 1
      • dropping 1
      • enabling 1
      • modifying 1
    • privileges required 1
    • records
      • archiving 1
    • VPD predicates 1
  • fips.ora file 1
  • FIPS 140-2 cryptographic libraries
    • about 1
  • FIPS Parameter
    • Configuring 1
  • firewalls
    • advice about using 1
    • database server location 1
    • ports 1
    • supported types 1
  • flashback query
    • Oracle Virtual Private Database, how it works with 1
  • foreign keys
    • privilege to use parent key 1
  • FTP service 1
  • functions
    • auditing 1 , 2
    • granting roles to 1
    • Oracle Virtual Private Database
      • components of 1
      • privileges used to run 1
    • privileges for 1
    • roles 1

G

  • GATHER_SYSTEM_STATISTICS role 1
  • GLOBAL_AQ_USER_ROLE role 1
  • GLOBAL_EXTPROC_CREDENTIAL configuration parameter
    • security guideline 1
  • global application contexts
    • about 1
    • authenticating nondatabase users 1
    • checking values set globally for all users 1
    • clearing values set globally for all users 1
    • components 1
    • editions, affect on 1
    • example of authenticating nondatabase users 1
    • example of authenticating user moving to different application 1
    • example of setting values for all users 1
    • Oracle RAC environment 1
    • Oracle RAC instances 1
    • ownership 1
    • PL/SQL package creation 1
    • process, lightweight users 1
    • process, standard 1
    • sharing values globally for all users 1
    • system global area 1
    • tutorial for client session IDs 1
    • used for One Big Application User scenarios 1
    • uses for 1
  • global authentication
    • about 1
    • advantages 1
    • user creation for private schemas 1
    • user creation for shared schemas 1
  • global authorization
    • about 1
    • advantages 1
    • role creation 1
    • roles 1
  • global roles
    • about 1
  • global users 1
  • grace period for login attempts
    • example 1
  • grace period for password expiration 1
  • GRANT ALL PRIVILEGES statement
    • SELECT ANY DICTIONARY privilege, exclusion of 1
  • GRANT ANY PRIVILEGE system privilege 1
  • GRANT CONNECT THROUGH clause
    • consideration when setting FAILED_LOGIN_ATTEMPTS parameter 1
    • for proxy authorization 1
  • granting privileges and roles
    • about 1
    • finding information about 1
    • specifying ALL 1
  • GRANT statement
    • ADMIN OPTION 1
    • creating a new user 1
    • object privileges 1 , 2
    • system privileges and roles 1
    • when takes effect 1
    • WITH GRANT OPTION 1
  • guidelines for security
    • auditing 1
    • custom installation 1
    • data files and directories 1
    • encrypting sensitive data 1
    • installation and configuration 1
    • networking security 1
    • operating system accounts, limiting privileges 1
    • operating system users, limiting number of 1
    • ORACLE_DATAPUMP access driver 1
    • Oracle home default permissions, disallowing modification 1
    • passwords 1
    • Secure Sockets Layer
      • mode 1
      • TCPS protocol 1
    • symbolic links, restricting 1
    • user accounts and privileges 1

H

  • hackers
    • See: security attacks
  • handshake
    • SSL 1
  • HS_ADMIN_EXECUTE_ROLE role
    • about 1
  • HS_ADMIN_ROLE role
    • about 1
  • HS_ADMIN_SELECT_ROLE role
    • about 1
  • HTTP authentication
    • See: access control lists (ACL), wallet access
  • HTTPS
    • port, correct running on 1

I

  • IMP_FULL_DATABASE role
    • about 1
  • indexed data
    • encryption 1
  • indirectly granted roles 1
  • INHERIT ANY PRIVILEGES privilege
    • about 1
    • managing 1
    • revoking from powerful users 1
    • when it should be granted 1
  • INHERIT PRIVILEGES privilege
    • about 1
    • auditing 1
    • managing 1
    • when it should be granted 1
  • initialization parameter file
    • parameters for clients and servers using Kerberos 1
    • parameters for clients and servers using RADIUS 1
    • parameters for clients and servers using SSL 1
  • initialization parameters
    • application protection 1
    • MAX_ENABLED_ROLES 1
    • O7_DICTIONARY_ACCESSIBILITY 1
    • OS_AUTHENT_PREFIX 1
    • OS_ROLES 1
    • SEC_MAX_FAILED_LOGIN_ATTEMPTS 1
    • SEC_RETURN_SERVER_RELEASE_BANNER 1
    • SEC_USER_AUDIT_ACTION_BANNER 1
    • SEC_USER_UNAUTHORIZED_ACCESS_BANNER 1
  • INSERT privilege
    • granting 1
    • revoking 1
  • installation
    • guidelines for security 1
  • intruders
    • See: security attacks
  • invoker’s rights
    • about 1
    • code based access control
      • about 1
      • granting and revoking roles to program unit 1
      • how code based access control works 1
      • tutorial 1
    • compared with definer’s rights 1
    • controlled step-in 1
    • procedure privileges, used with 1
    • procedure security 1
    • secure application roles 1
    • secure application roles, requirement for enabling 1
    • security risk 1
    • views
      • about 1
      • finding user who invoked invoker’s right view 1
  • IP addresses
    • falsifying 1

J

  • JAVA_ADMIN role 1
  • JAVA_DEPLOY role 1
  • Java Byte Code Obfuscation 1
  • Java Database connectivity (JDBC)
    • implementation of Oracle Advanced Security 1
  • Java Database Connectivity (JDBC)
    • configuration parameters 1
    • Oracle extensions 1
    • thin driver features 1
  • JAVADEBUGPRIV role 1
  • Java Debug Wire Protocol (JDWP)
    • network access for debugging operations 1
  • JAVAIDPRIV role 1
  • Java schema objects
    • auditing 1
  • Java stored procedures
    • network access for debugging operations 1
  • JAVASYSPRIV role 1
  • JAVAUSERPRIV role 1
  • JDBC
    • See: Java Database Connectivity
  • JDBC connections
    • JDBC/OCI proxy authentication
      • multiple user sessions 1
      • Oracle Virtual Private Database 1
    • JDBC Thin Driver proxy authentication
      • configuring 1
      • with real user 1
  • JDeveloper
    • debugging using Java Debug Wire Protocol 1
  • JMXSERVER role 1

K

  • Kerberos
    • authentication adapter utilities 1
    • configuring authentication 1 , 2
    • configuring for database server 1
    • configuring for Windows 2008 Domain Controller KDC 1
    • kinstance 1
    • kservice 1
    • realm 1
    • sqlnet.ora file sample 1
    • system requirements 1
  • Kerberos:authentication fallback behavior 1
  • Kerberos:connecting to database 1
  • Kerberos authentication
    • configuring for SYSDBA or SYSOPER access 1
    • password management 1
  • Kerberos Key Distribution Center (KDC) 1
  • key generation
    • encryption 1
  • key storage
    • encryption 1
  • key transmission
    • encryption 1
  • kinstance (Kerberos) 1
  • kservice (Kerberos) 1

L

  • LBAC_DBA role 1
  • LBACSYS.ORA_GET_AUDITED_LABEL function
    • about 1
  • LBACSYS schema
    • ORA_DV_AUDPOL predefined audit policy for 1
  • ldap.ora
    • which directory SSL port to use for no authentication 1
  • least privilege principle
    • about 1
    • granting user privileges 1
    • middle-tier privileges 1
  • libraries
    • auditing 1
  • lightweight users
    • example using a global application context 1
    • Lightweight Directory Access Protocol (LDAP) 1
  • listener
    • endpoint
      • SSL configuration 1
    • not an Oracle owner 1
    • preventing online administration 1
    • restrict privileges 1
    • secure administration 1
  • listener.ora file
    • administering remotely 1
    • default location 1
    • FIPS 140-2 Cipher Suite settings 1
    • online administration, preventing 1
    • Oracle wallet setting 1
    • TCPS, securing 1
  • local privilege grants
    • about 1
    • granting 1
    • revoking 1
  • local roles
    • about 1
    • creating 1
    • rules for creating 1
  • local user accounts
    • creating 1
  • local users
    • about 1
  • lock and expire
    • default accounts 1
    • predefined user accounts 1
  • log files
    • owned by trusted user 1
  • logical reads limit 1
  • logon triggers
    • externally initialized application contexts 1
    • for application context packages 1
    • running database session application context package 1
    • secure application roles 1
  • LOGSTDBY_ADMINISTRATOR role 1

M

  • malicious database administrators 1
    • See also: security attacks
  • manager default password 1
  • managing roles with RADIUS server 1
  • materialized views
    • auditing 1
  • MD5 message digest algorithm 1
  • memory
    • users, viewing 1
  • MERGE INTO statement, affected by DBMS_RLS.ADD_POLICY statement_types parameter 1
  • methods
    • privileges on 1
  • Microsoft Windows
    • Kerberos
      • configuring for Windows 2008 Domain Controller KDC 1
  • middle-tier systems
    • client identifiers 1
    • enterprise user connections 1
    • password-based proxy authentication 1
    • privileges, limiting 1
    • proxies authenticating users 1
    • proxying but not authenticating users 1
    • reauthenticating user to database 1
    • USERENV namespace attributes, accessing 1
  • mining models
    • auditing 1
  • mixed mode auditing capabilities 1
  • monitoring user actions 1
    • See also: auditing, standard auditing, fine-grained auditing
  • multiplex multiple-client network sessions 1
  • multitenant container database (CDB)
    • See: CDBs
  • My Oracle Support
    • security patches, downloading 1

N

  • nCipher hardware security module
    • using Oracle Net tracing to troubleshoot 1
  • Net8
    • See: Oracle Net
  • Netscape Communications Corporation 1
  • network authentication
    • external authentication 1
    • guidelines for securing 1
    • roles, granting using 1
    • Secure Sockets Layer 1
    • smart cards 1
    • third-party services 1
    • token cards 1
    • X.509 certificates 1
  • network connections
    • denial-of-service (DoS) attacks, addressing 1
    • guidelines for security 1 , 2 , 3
    • securing 1
  • network encryption
    • about 1
    • configuring 1
  • network IP addresses
    • guidelines for security 1
  • nondatabase users
    • about 1
    • auditing 1
    • clearing session data 1
    • creating client session-based application contexts 1
    • global application contexts
      • package example 1
      • reason for using 1
      • setting 1
      • tutorial 1
    • One Big Application User authentication
      • about 1
      • features compromised by 1
      • security risks 1
    • Oracle Virtual Private Database
      • how it works with 1
      • tutorial for creating a policy group 1

O

  • O7_DICTIONARY_ACCESSIBILITY initialization parameter
    • about 1
    • data dictionary protection 1
    • default setting 1
    • securing data dictionary with 1
  • obfuscation 1
  • object privileges
    • about 1
    • granting on behalf of the owner 1
    • managing 1
    • revoking 1
    • revoking on behalf of owner 1
    • schema object privileges 1
    • synonyms 1
    • with common privilege grants 1
  • objects
    • applications, managing privileges in 1
    • granting privileges 1
    • privileges
      • applications 1
      • managing 1
    • protecting in shared schemas 1
    • protecting in unique schemas 1
    • SYS schema, access to 1
  • object types
    • auditing 1
  • OEM_ADVISOR role 1
  • OEM_MONITOR role 1
  • OFB ciphertext encryption mode 1
  • okcreate
    • Kerberos adapter utility 1
  • okdstry
    • Kerberos adapter utility 1
  • okinit
    • Kerberos adapter utility 1
  • oklist
    • Kerberos adapter utility 1
  • OLAP_DBA role 1
  • OLAP_USER role 1
  • OLAP_XS_ADMIN role 1
  • One Big Application User authentication
    • See: nondatabase users
  • operating systems
    • accounts 1
    • authentication
      • about 1
      • advantages 1
      • disadvantages 1
      • external 1
      • roles, using 1
    • default permissions 1
    • enabling and disabling roles 1
    • operating system account privileges, limiting 1
    • role identification 1
    • roles, granting using 1
    • roles and 1
    • users, limiting number of 1
  • OPTIMIZER_PROCESSING_RATE role 1
  • OPW-00005 error 1
  • ORA_ACCOUNT_MGMT predefined unified audit policy 1
  • ORA_CIS_RECOMMENDATIONS predefined unified audit policy 1
  • ORA_DATABASE_PARAMETER predefined unified audit policy 1
  • ORA_DV_AUDPOL predefined unified audit policy 1
  • ORA_LOGON_FAILURES predefined unified audit policy 1
  • ORA_OLS_SESSION_LABELS application context 1
  • ORA_SECURECONFIG predefined unified audit policy 1
  • ORA-01720 error 1
  • ORA-06512 error 1 , 2
  • ORA-06598 error 1
  • ORA-12650 error 1
  • ORA-1536 error 1
  • ORA-24247 error 1 , 2 , 3
  • ORA-28009 error 1
  • ORA-28017 error 1
  • ORA-28040 error 1 , 2
  • ORA-28575 error 1
  • ORA-40300 error 1
  • ORA-40301 error 1
  • ORA-40302 error 1
  • ORA-45622 errors 1
  • ORACLE_DATAPUMP access driver
    • guidelines for security 1
  • Oracle Advanced Security
    • checksum sample for sqlnet.ora file 1
    • configuration parameters 1
    • disabling authentication 1
    • encryption sample for sqlnet.ora file 1
    • Java implementation 1 , 2
    • network authentication services 1
    • network traffic encryption 1
    • SSL features 1
    • user access to application schemas 1
  • Oracle Call Interface (OCI)
    • application contexts, client session-based 1
    • proxy authentication
      • Oracle Virtual Private Database, how it works with 1
    • proxy authentication with real user 1
    • security-related initialization parameters 1
  • Oracle Connection Manager
    • securing client networks with 1
  • Oracle Database Enterprise User Security
    • password security threats 1
  • Oracle Database Real Application Clusters
    • archive timestamp for audit records 1
    • global contexts 1
  • Oracle Database Real Application Security
    • auditing 1
  • Oracle Database Vault
    • auditing 1
  • Oracle Data Guard
    • SYSDG administrative privilege 1
  • Oracle Data Pump
    • exported data from VPD policies 1
  • Oracle Developer Tools For Visual Studio (ODT)
    • debugging using Java Debug Wire Protocol 1
  • Oracle Enterprise Manager
    • PDBs 1
    • statistics monitor 1
  • Oracle Enterprise Security Manager
    • role management with 1
  • Oracle home
    • default permissions, disallowing modification 1
  • Oracle Internet Directory
    • Diffie-Hellman SSL port 1
  • Oracle Internet Directory (OID)
    • authenticating with directory-based service 1
    • SYSDBA and SYSOPER access, controlling 1
  • Oracle Java Virtual Machine (OJVM)
    • permissions, restricting 1
  • Oracle Label Security
    • auditing 1
  • Oracle Label Security (OLS)
    • Oracle Virtual Private Database, using with 1
  • OracleMetaLink
    • See: My Oracle Support
  • Oracle Net
    • firewall support 1
  • Oracle parameters
    • authentication 1
  • Oracle Password Protocol 1
  • Oracle Real Application Clusters
    • global application contexts 1
  • Oracle Recovery Manager
    • auditing 1
    • events that are audited 1
    • SYSBACKUP administrative privilege 1
  • Oracle Technology Network
    • security alerts 1
  • Oracle Virtual Private Database
    • exporting data using Data Pump Export 1
  • Oracle Virtual Private Database (VPD)
    • about 1
    • ANSI operations 1
    • application contexts
      • tutorial 1
      • used with 1
    • applications
      • how it works with 1
      • users who are database users, how it works with 1
    • applications using for security 1
    • automatic reparsing, how it works with 1
    • benefits 1
    • CDBs 1
    • column level 1
    • column-level display 1
    • column masking behavior
      • enabling 1
      • restrictions 1
    • components 1
    • configuring 1
    • cursors, shared 1
    • edition-based redefinitions 1
    • editions, results in 1
    • Enterprise User Security proxy authentication, how it works with 1
    • exporting data 1
    • finding information about 1
    • flashback query, how it works with 1
    • function
      • components 1
      • how it is executed 1
    • JDBC proxy authentication, how it works with 1
    • nondatabase user applications, how works with 1
    • OCI proxy authentication, how it works with 1
    • Oracle Label Security
      • exceptions in behavior 1
      • using with 1
    • outer join operations 1
    • performance benefit 1
    • policies, Oracle Virtual Private Database
      • about 1
      • applications, validating 1
      • attaching to database object 1
      • column display 1
      • column-level display, default 1
      • dynamic 1
      • multiple 1
      • optimizing performance 1
      • privileges used to run 1
      • SQL statements, specifying 1
    • policy groups
      • about 1
      • benefits 1
      • creating 1
      • default 1
      • tutorial, implementation 1
    • policy types
      • context sensitive, about 1
      • context sensitive, altering existing policy 1
      • context-sensitive, audited 1
      • context sensitive, creating 1
      • context sensitive, refreshing 1
      • context sensitive, restricting evaluation 1
      • context sensitive, when to use 1
      • DYNAMIC 1
      • dynamic, audited 1
      • shared context sensitive, about 1
      • shared context sensitive, when to use 1
      • shared static, about 1
      • shared static, when to use 1
      • static, about 1
      • static, audited 1
      • static, when to use 1
      • summary of features 1
    • privileges required to create policies 1
    • SELECT FOR UPDATE statements in policies 1
    • tutorial, simple 1
    • user models 1
    • Web-based applications, how it works with 1
  • Oracle Virtual Private Datebase (VPD)
    • predicates
      • audited in fine-grained audit policies 1
  • Oracle Wallet Manager
    • X.509 Version 3 certificates 1
  • Oracle wallets
    • authentication method 1
    • setting location 1
    • sqlnet.listener.ora setting 1
    • sqlnet.ora location setting 1
  • orapki utility
    • about 1
    • adding a certificate request to a wallet with 1
    • adding a root certificate to a wallet with 1
    • adding a trusted certificate to a wallet with 1
    • adding user certificates to a wallet with 1
    • cert create command 1
    • cert display command 1
    • certificate revocation lists 1
    • changing the wallet password with 1
    • converting wallet to use AES256 algorithm 1
    • creating a local auto-login wallet with 1
    • creating an auto-login wallet with 1 , 2
    • creating a wallet with 1
    • creating signed certificates for testing 1
    • crl delete command 1
    • crl display command 1
    • crl hash command 1
    • crl list command 1
    • crl upload command 1
    • examples 1
    • exporting a certificate from a wallet with 1
    • exporting a certificate request from a wallet with 1
    • managing certificate revocation lists 1
    • syntax 1
    • viewing a test certificate with 1
    • viewing a wallet with 1
    • wallet add command 1
    • wallet convert command 1
    • wallet create command 1
    • wallet display command 1
    • wallet export command 1
  • ORAPWD utility
    • case sensitivity in passwords 1
    • changing SYS password with 1
  • ORDADMIN role 1
  • OS_AUTHENT_PREFIX parameter 1
  • OS_ROLES initialization parameter
    • operating-system authorization and 1
    • operating system role grants 1
    • REMOTE_OS_ROLES and 1
    • using 1
  • OSS.SOURCE.MY_WALLET parameter 1 , 2
  • outer join operations
    • Oracle Virtual Private Database affect on 1

P

  • packages
    • auditing 1 , 2
    • examples 1
    • examples of privilege use 1
    • granting roles to 1
    • privileges
      • divided by construct 1
      • executing 1 , 2
  • parallel execution servers 1
  • parallel query, and SYS_CONTEXT 1
  • parameters
    • authentication
      • Kerberos 1
      • RADIUS 1
      • Secure Sockets Layer (SSL) 1
    • configuration for JDBC 1
    • encryption and checksumming 1
  • pass phrase
    • read and parse server.key file 1
  • PASSWORD_LIFE_TIME profile parameter 1
  • PASSWORD_LOCK_TIME profile parameter 1
  • PASSWORD_REUSE_MAX profile parameter 1
  • PASSWORD_REUSE_TIME profile parameter 1
  • PASSWORD command
    • about 1
  • password files
    • case sensitivity, effect on SEC_CASE_SENSITIVE_LOGON parameter 1
    • how used to authenticate administrators 1
  • passwords
    • about managing 1
    • account locking 1
    • administrator
      • authenticating with 1
      • guidelines for securing 1
    • aging and expiration 1
    • altering 1
    • ALTER PROFILE statement 1
    • application design guidelines 1
    • applications, strategies for protecting passwords 1
    • brute force attacks 1
    • case sensitivity, configuring 1
    • changing for roles 1
    • complexity, guidelines for enforcing 1
    • complexity verification
      • about 1
    • connecting without 1
    • CREATE PROFILE statement 1
    • danger in storing as clear text 1
    • database user authentication 1
    • default, finding 1
    • default profile settings
      • about 1
    • default user account 1
    • delays for incorrect passwords 1
    • duration 1
    • encrypting 1 , 2
    • examples of creating 1
    • expiring
      • explicitly 1
      • procedure for 1
      • proxy account passwords 1
      • with grace period 1
    • failed logins, resetting 1
    • grace period, example 1
    • guidelines for security 1
    • history 1 , 3
    • Java code example to read passwords 1
    • length 1
    • lifetime for 1
    • life time set too low 1
    • lock time 1
    • management rules 1
    • managing 1
    • maximum reuse time 1
    • ORAPWD utility 1
    • PASSWORD_LOCK_TIME profile parameter 1
    • PASSWORD_REUSE_MAX profile parameter 1
    • PASSWORD_REUSE_TIME profile parameter 1
    • password complexity verification
      • how database checks 1
      • ora12c_verify_function function 1
      • privileges required 1
      • verify_function_11G function 1
    • password file risks 1
    • policies 1
    • privileges for changing for roles 1
    • privileges to alter 1
    • protections, built-in 1
    • proxy authentication 1
    • requirements
      • additional 1
      • minimum 1
    • reusing 1 , 2
    • reusing passwords 1
    • role password case sensitivity 1
    • roles authenticated by passwords 1
    • roles enabled by SET ROLE statement 1
    • secure external password store 1
    • security risks 1
    • SYS account 1
    • SYS and SYSTEM 1
    • used in roles 1
    • utlpwdmg.sql password script
      • password management 1
    • verified using SHA-512 hash function 1
  • PDB_DBA role 1
  • PDBs
    • auditing
      • types of audit settings allowed 1
      • unified audit policy syntax 1
      • what can be audited 1
    • common roles
      • about 1
      • creating 1
      • granting 1
      • how they work 1
      • privileges required for management 1
      • revoking 1
      • rules for creating 1
    • common users
      • about 1
      • accessing data in PDBs 1
      • creating 1
      • viewing privilege information 1
    • Enterprise Manager
      • about 1
      • creating common roles 1
      • creating common users 1
      • creating local roles 1
      • creating local users 1
      • dropping common roles 1
      • dropping common users 1
      • dropping local roles 1
      • dropping local users 1
      • editing common roles 1
      • editing common users 1
      • editing local roles 1
      • editing local users 1
      • logging in 1
      • revoking common privilege grants 1
      • revoking local privilege grants 1
      • switching to different container 1
    • fine-grained audit policies 1
    • local roles
      • about 1
      • creating 1
      • rules for creating 1
    • local users
      • about 1
      • creating 1
    • privileges
      • common 1
      • granting 1
      • how affected 1
      • object 1
      • revoking 1
      • viewing information about 1
    • PUBLIC role 1
    • sqlnet.ora settings 1
    • transparent sensitive data protection 1
    • viewing information about 1
    • Virtual Private Database policies 1
  • performance
    • application contexts 1
    • auditing 1
    • Oracle Virtual Private Database policies 1
    • Oracle Virtual Private Database policy types 1
    • resource limits and 1
  • permissions
    • default 1
    • run-time facilities 1
  • PKCS #11 devices 1
  • PKCS #11 error
    • ORA-40300 1
    • ORA-40301 1
    • ORA-40302 1
  • PKI
    • See: public key infrastructure (PKI)
  • PL/SQL
    • roles in procedures 1
  • PL/SQL packages
    • auditing 1 , 2
  • PL/SQL procedures
    • setting application context 1
  • PL/SQL stored procedures
    • network access for debugging operations 1
  • PMON background process
    • application contexts, cleaning up 1
  • positional parameters
    • security risks 1
  • principle of least privilege
    • about 1
    • granting user privileges 1
    • middle-tier privileges 1
  • privileges
    • about 1
    • access control lists, checking for external network services 1
    • altering
      • passwords 1
      • users 1
    • altering role authentication method 1
    • applications, managing 1
    • auditing, recommended settings for 1
    • auditing use of 1
    • cascading revokes 1
    • column 1
    • compiling procedures 1
    • creating or replacing procedures 1
    • creating users 1
    • dropping profiles 1
    • finding information about 1
    • granting
      • about 1 , 2
      • examples 1 , 2
      • object privileges 1 , 2
      • system 1
      • system privileges 1
    • grants, listing 1
    • grouping with roles 1
    • managing 1
    • middle tier 1
    • object
      • granting and revoking 1
    • on selected columns 1
    • procedures
      • creating and replacing 1
      • executing 1
      • in packages 1
    • READ ANY TABLE system privilege
      • about 1
      • restrictions 1
    • READ object privilege 1
    • reasons to grant 1
    • revoking privileges
      • about 1
      • object 1
      • object privileges, cascading effect 1
      • object privileges, requirements for 1
      • schema object 1
    • revoking system privileges 1
    • roles
      • creating 1
      • dropping 1
      • restrictions on 1
    • roles, why better to grant 1
    • schema object
      • DML and DDL operations 1
      • packages 1
      • procedures 1
    • SELECT system privilege 1
    • SQL statements permitted 1
    • synonyms and underlying objects 1
    • system
      • granting and revoking 1
      • SELECT ANY DICTIONARY 1
    • SYSTEM and OBJECT 1
    • system privileges
      • about 1
    • trigger privileges 1
    • used for Oracle Virtual Private Database policy functions 1
    • view privileges
      • creating a view 1
      • using a view 1
    • views 1
  • procedures
    • auditing 1 , 2
    • compiling 1
    • definer’s rights
      • about 1
      • roles disabled 1
    • examples of 1
    • examples of privilege use 1
    • granting roles to 1
    • invoker’s rights
      • about 1
      • roles used 1
    • privileges for procedures
      • create or replace 1
      • executing 1
      • executing in packages 1
    • privileges required for 1
    • security enhanced by 1
  • process monitor process (PMON)
    • cleans up timed-out sessions 1
  • PRODUCT_USER_PROFILE table
    • SQL commands, disabling with 1
  • products and options
    • install only as necessary 1
  • profile parameters
    • FAILED_LOGIN_ATTEMPTS 1
    • PASSWORD_GRACE_TIME 1 , 2
    • PASSWORD_LIFE_TIME 1 , 2 , 3
    • PASSWORD_LOCK_TIME 1 , 2
    • PASSWORD_REUSE_MAX 1 , 2
    • PASSWORD_REUSE_TIME 1 , 2
  • profiles
    • about 1
    • assigning to user 1
    • creating 1
    • dropping 1
    • finding information about 1
    • finding settings for default profile 1
    • managing 1
    • privileges for dropping 1
    • specifying for user 1
    • viewing 1
  • program units
    • granting roles to 1
  • PROVISIONER role 1
  • PROXY_USERS view 1
  • proxy authentication
    • about 1
    • advantages 1
    • auditing operations 1
    • auditing users 1
    • client-to-middle tier sequence 1
    • creating proxy user accounts 1
    • middle-tier
      • authorizing but not authenticating users 1
      • authorizing to proxy and authenticate users 1
      • limiting privileges 1
      • reauthenticating users 1
    • passwords, expired 1
    • privileges required for creating users 1
    • secure external password store, used with 1
    • security benefits 1
    • users, passing real identity of 1
  • proxy user accounts
    • privileges required for creation 1
  • pseudo columns
    • USER 1
  • PUBLIC_DEFAULT profile
    • profiles, dropping 1
  • public key infrastructure (PKI)
    • about 1
  • Public Key Infrastructure (PKI)
    • certificate 1
    • certificate authority 1
    • certificate revocation lists 1
    • PKCS #11 hardware devices 1
    • wallets 1
  • PUBLIC role
    • about 1
    • CDBs
      • PUBLIC role 1
    • granting and revoking privileges 1
    • procedures and 1
    • security domain of users 1

Q

  • quotas
    • tablespace 1
    • temporary segments and 1
    • unlimited 1
    • viewing 1

R

  • RADIUS
    • accounting 1
    • asynchronous authentication mode 1
    • authentication modes 1
    • authentication parameters 1
    • challenge-response
      • authentication 1
      • user interface 1 , 2
    • configuring 1
    • database links not supported 1
    • initialization parameter file setting 1
    • location of secret key 1
    • minimum parameters to set 1
    • smartcards and 1 , 2 , 3 , 4
    • SQLNET.AUTHENTICATION_SERVICES parameter 1
    • sqlnet.ora file sample 1
    • SQLNET.RADIUS_ALTERNATE_PORT parameter 1
    • SQLNET.RADIUS_ALTERNATE_RETRIES parameter 1
    • SQLNET.RADIUS_ALTERNATE_TIMEOUT parameter 1
    • SQLNET.RADIUS_ALTERNATE parameter 1
    • SQLNET.RADIUS_AUTHENTICATION_INTERFACE parameter 1
    • SQLNET.RADIUS_AUTHENTICATION_PORT parameter 1
    • SQLNET.RADIUS_AUTHENTICATION_RETRIES parameter 1
    • SQLNET.RADIUS_AUTHENTICATION parameter 1
    • SQLNET.RADIUS_CHALLENGE_KEYWORD parameter 1
    • SQLNET.RADIUS_CHALLENGE_RESPONSE parameter 1
    • SQLNET.RADIUS_CLASSPATH parameter 1
    • SQLNET.RADIUS_SECRET parameter 1
    • SQLNET.RADIUS_SEND_ACCOUNTING parameter 1
    • synchronous authentication mode 1
    • system requirements 1
  • RADIUS authentication 1
  • READ ANY TABLE system privilege
    • about 1
    • restrictions 1
  • READ object privilege
    • about 1
    • guideline for using 1
    • SQL92_SECURITY initialization parameter 1
  • reads
    • limits on data blocks 1
  • realm (Kerberos) 1
  • REDACT_AUDIT transparent sensitive data protection default policy 1
  • redo log files
    • auditing committed and rolled back transactions 1
  • REFERENCES privilege
    • CASCADE CONSTRAINTS option 1
    • revoking 1 , 2
  • REMOTE_OS_AUTHENT initialization parameter
    • guideline for securing 1
    • setting 1
  • REMOTE_OS_ROLES initialization parameter
    • OS role management risk on network 1
    • setting 1
  • remote authentication 1
  • remote debugging
    • configuring network access 1
  • resource limits
    • about 1
    • call level, limiting 1
    • connection time for each session 1
    • CPU time, limiting 1
    • determining values for 1
    • idle time in each session 1
    • logical reads, limiting 1
    • private SGA space for each session 1
    • profiles 1
    • session level, limiting 1
    • sessions
      • concurrent for user 1
      • elapsed connection time 1
      • idle time 1
      • SGA space 1
    • types 1
  • RESOURCE privilege
    • CREATE SCHEMA statement, needed for 1
  • RESOURCE role
    • about 1
  • restrictions 1
  • REVOKE CONNECT THROUGH clause
    • revoking proxy authorization 1
  • REVOKE statement
    • system privileges and roles 1
    • when takes effect 1
  • revoking privileges and roles
    • cascading effects 1
    • on selected columns 1
    • REVOKE statement 1
    • specifying ALL 1
    • when using operating-system roles 1
  • ROLE_SYS_PRIVS view
    • application privileges 1
  • ROLE_TAB_PRIVS view
    • application privileges, finding 1
  • role identification
    • operating system accounts 1
  • roles
    • about 1 , 2
    • ADM_PARALLEL_EXECUTE_TASK role 1
    • ADMIN OPTION and 1
    • advantages in application use 1
    • application 1 , 2 , 3 , 5
    • application privileges 1
    • applications, for user 1
    • AUDIT_ADMIN role 1
    • AUDIT_VIEWER role 1
    • AUTHENTICATEDUSER role 1
    • authorization 1
    • authorized by enterprise directory service 1
    • CAPTURE_ADMIN role 1
    • CDB_DBA role 1
    • changing authorization for 1
    • changing passwords 1
    • common, auditing 1
    • common, granting 1
    • CONNECT role
      • about 1
    • create your own 1
    • CSW_USR_ROLE role 1
    • CTXAPP role 1
    • CWM_USER role 1
    • database role, users 1
    • DATAPUMP_EXP_FULL_DATABASE role 1
    • DATAPUMP_IMP_FULL_DATABASE role 1
    • DBA role 1
    • DBFS_ROLE role 1
    • DDL statements and 1
    • default 1
    • default, setting for user 1
    • definer’s rights procedures disable 1
    • dependency management in 1
    • disabling 1
    • dropping 1
    • EJBCLIENT role 1
    • EM_EXPRESS_ALL role 1
    • EM_EXPRESS_BASIC role 1
    • enabled or disabled 1 , 2
    • enabling 1 , 2
    • enterprise 1 , 2
    • EXP_FULL_DATABASE role 1
    • finding information about 1
    • functionality 1 , 2
    • functionality of 1
    • GATHER_SYSTEM_STATISTICS role 1
    • GLOBAL_AQ_USER_ROLE role 1
    • global authorization
      • about 1
    • global roles
      • about 1
      • creating 1
      • external sources, and 1
    • granted to other roles 1
    • granting and revoking to program units 1
    • granting roles
      • about 1
      • methods for 1
      • system 1
      • system privileges 1
    • granting to program units 1
    • GRANT statement 1
    • guidelines for security 1
    • HS_ADMIN_EXECUTE_ROLE role 1
    • HS_ADMIN_ROLE role 1
    • HS_ADMIN_SELECT_ROLE role 1
    • IMP_FULL_DATABASE role 1
    • in applications 1
    • indirectly granted 1
    • invoker’s rights procedures use 1
    • JAVA_ADMIN role 1
    • JAVA_DEPLOY role 1
    • JAVADEBUGPRIV role 1
    • JAVAIDPRIV role 1
    • JAVASYSPRIV role 1
    • JAVAUSERPRIV role 1
    • JMXSERVER role 1
    • job responsibility privileges only 1
    • LBAC_DBA role 1
    • listing grants 1
    • listing privileges and roles in 1
    • listing roles 1
    • LOGSTDBY_ADMINISTRATOR role 1
    • management using the operating system 1
    • managing roles
      • about 1
      • categorizing users 1
    • managing through operating system 1
    • managing with RADIUS server 1
    • maximum number a user can enable 1
    • multibyte characters in names 1
    • multibyte characters in passwords 1
    • naming 1
    • network authorization 1
    • network client authorization 1
    • OEM_ADVISOR role 1
    • OEM_MONITOR role 1
    • OLAP_DBA role 1
    • OLAP_USER role 1
    • OLAP_XS_ADMIN role 1
    • One Big Application User, compromised by 1
    • operating system 1
    • operating system authorization 1
    • operating-system authorization 1
    • operating system granting of 1
    • operating system identification of 1
    • operating system-managed 1 , 2
    • operating system management and the shared server 1
    • OPTIMIZER_PROCESSING_RATE role 1
    • ORDADMIN role 1
    • password case sensitivity 1
    • PDB_DBA role 1
    • predefined 1
    • privileges, changing authorization method for 1
    • privileges, changing passwords 1
    • privileges for creating 1
    • privileges for dropping 1
    • PROVISIONER role 1
    • RESOURCE role 1
    • restricting from tool users 1
    • restrictions on privileges of 1
    • REVOKE statement 1
    • revoking 1 , 2
    • SCHEDULER_ADMIN role 1
    • schemas do not contain 1
    • security domains of 1
    • SET ROLE statement
      • about 1
      • example 1
      • OS_ROLES parameter 1
    • setting in PL/SQL blocks 1
    • SPATIAL_CSW_ADMIN role 1
    • SPATIAL_WFS_ADMIN role 1
    • unique names for 1
    • use of passwords with 1
    • user 1 , 2
    • users capable of granting 1
    • uses of 1 , 2
    • WFS_USR_ROLE role 1
    • WITH GRANT OPTION and 1
    • without authorization 1
    • WM_ADMIN_ROLE role 1
    • XDB_SET_INVOKER roles 1
    • XDB_WEBSERVICES_OVER_HTTP role 1
    • XDB_WEBSERVICES_WITH_PUBLIC role 1
    • XDB_WEBSERVICES role 1
    • XDBADMIN role 1
    • XS_CACHE_ADMIN role 1
    • XS_NSATTR_ADMIN role 1
    • XS_RESOURCE role 1
  • root
    • viewing information about 1
  • root file paths
    • for files and packages outside the database 1
  • row-level security
    • See: fine-grained access control, Oracle Virtual Private Database (VPD)
  • RSA private key 1
  • run-time facilities
    • restriction permissions 1

S

  • sample schemas 1
  • Sample Schemas
    • remove or relock for production 1
    • test database 1
  • Sarbanes-Oxley Act
    • auditing to meet compliance 1
  • SCHEDULER_ADMIN role
    • about 1
  • schema-independent users 1
  • schema object privileges 1
  • schema objects
    • cascading effects on revoking 1
    • default tablespace for 1
    • dropped users, owned by 1
    • granting privileges 1
    • privileges
      • DML and DDL operations 1
      • granting and revoking 1
      • view privileges 1
    • privileges on 1
    • privileges to access 1
    • privileges with 1
    • revoking privileges 1
  • schemas
    • auditing, recommended settings for 1
    • private 1
    • shared, protecting objects in 1
    • shared among enterprise users 1
    • unique 1
    • unique, protecting objects in 1
  • SCOTT user account
    • restricting privileges of 1
  • SEC_CASE_SENSITIVE_LOGON initialization parameter
    • deprecated 1
  • SEC_CASE_SENSITIVE_LOGON parameter
    • conflict with SQLNET.ALLOWED_LOGON_VERSION_SERVER setting 1
  • SEC_MAX_FAILED_LOGIN_ATTEMPTS initialization parameter 1
  • SEC_PROTOCOL_ERROR_FURTHER_ACTION initialization parameter 1
  • sec_relevant_cols_opt parameter 1
  • SEC_RETURN_SERVER_RELEASE_BANNER initialization parameter 1
  • SEC_USER_AUDIT_ACTION_BANNER initialization parameter 1
  • SEC_USER_UNAUTHORIZED_ACCESS_BANNER initialization parameter 1
  • secconf.sql script
    • password settings 1
  • secret key
    • location in RADIUS 1
  • secure application roles
    • about 1
    • creating 1
    • creating PL/SQL package 1
    • finding with DBA_ROLES view 1
    • invoker’s rights 1
    • invoker’s rights requirement 1
    • package for 1
    • user environment information from SYS_CONTEXT SQL function 1
    • using to ensure database connection 1
  • secure external password store
    • about 1
    • client configuration 1
    • examples 1
    • how it works 1
    • proxy authentication, used with 1
  • Secure Sockets Layer (SSL)
    • about 1
    • architecture 1
    • AUTHENTICATION parameter 1
    • authentication parameters 1
    • authentication process in an Oracle environment 1
    • certificate key algorithm 1
    • cipher suites 1 , 2
    • client and server parameters 1
    • client authentication parameter 1
    • client configuration 1
    • combining with other authentication methods 1
    • configuration files, securing 1
    • configuring 1
    • configuring for SYSDBA or SYSOPER access 1
    • enabling 1
    • filtering certificates 1
    • FIPS mode setting (SSLFIPS_140) 1
    • global users with private schemas 1
    • guidelines for security 1
    • handshake 1
    • industry standard protocol 1
    • listener, administering 1
    • mode 1
    • multiple certificates, filtering 1
    • pass phrase 1
    • requiring client authentication 1
    • RSA private key 1
    • securing SSL connection 1
    • server.key file 1
    • server configuration 1
    • SQLNET.AUTHENTICATION_SERVICES parameter 1
    • sqlnet.ora file sample 1
    • SSL_CIPHER_SUITES parameter 1
    • SSL_CLIENT_AUTHENTICATION 1
    • SSL_SERVER_CERT_DN 1
    • SSL_SERVER_DN_MATCH 1
    • SSL_VERSION parameter 1
    • system requirements 1
    • TCPS 1
    • version parameter 1
    • wallet location, parameter 1
    • ways to configure parameters for 1
  • SecurID
    • token cards 1
  • security
    • application enforcement of 1
    • default user accounts
      • locked and expired automatically 1
      • locking and expiring 1
    • domains, enabled roles and 1
    • enforcement in application 1
    • enforcement in database 1
    • multibyte characters in role names 1
    • multibyte characters in role passwords 1
    • passwords 1
    • policies
      • applications 1
      • SQL*Plus users, restricting 1
      • tables or views 1
    • procedures enhance 1
    • resources, additional 1
    • roles, advantages in application use 1
  • security alerts 1
  • security attacks
    • access to server after protocol errors, preventing 1
    • application context values, attempts to change 1
    • application design to prevent attacks 1
    • command line recall attacks 1 , 2
    • denial of service 1
    • denial-of-service
      • bad packets, addressing 1
    • denial-of-service attacks through listener 1
    • disk flooding, preventing 1
    • eavesdropping 1
    • encryption, problems not solved by 1
    • falsified IP addresses 1
    • falsified or stolen client system identities 1
    • hacked operating systems or applications 1
    • intruders 1
    • password cracking 1
    • password protections against 1
    • preventing malicious attacks from clients 1
    • preventing password theft with proxy authentication and secure external password store 1
    • session ID, need for encryption 1
    • shoulder surfing 1
    • SQL injection attacks 1
    • unlimited authenticated requests, preventing 1
    • user session output, hiding from intruders 1
  • security domains
    • enabled roles and 1
  • security patches
    • about 1
    • downloading 1
  • security policies
    • See: Oracle Virtual Private Database, policies
  • security risks
    • ad hoc tools 1
    • applications enforcing rather than database 1
    • application users not being database users 1
    • bad packets to server 1
    • database version displaying 1
    • encryption keys, users managing 1
    • invoker’s rights procedures 1
    • password files 1
    • passwords, exposing in programs or scripts 1
    • passwords exposed in large deployments 1
    • positional parameters in SQL scripts 1
    • privileges carelessly granted 1
    • remote user impersonating another user 1
    • sensitive data in audit trail 1
    • server falsifying identities 1
    • users with multiple roles 1
  • security settings scripts
    • password settings
      • secconf.sql 1
  • Security Sockets Layer (SSL)
    • use of term includes TLS 1
  • SELECT_CATALOG_ROLE role
    • SYS schema objects, enabling access to 1
  • SELECT ANY DICTIONARY privilege
    • data dictionary, accessing 1
    • exclusion from GRANT ALL PRIVILEGES privilege 1
  • SELECT FOR UPDATE statement in Virtual Private Database policies 1
  • SELECT object privilege
    • guideline for using 1
    • privileges enabled 1
  • separation of duty concepts 1
  • sequences
    • auditing 1
  • server.key file
    • pass phrase to read and parse 1
  • SESSION_ROLES data dictionary view
    • PUBLIC role 1
  • SESSION_ROLES view
    • queried from PL/SQL block 1
  • sessions
    • listing privilege domain of 1
    • memory use, viewing 1
    • time limits on 1
    • when auditing options take effect 1
  • SET ROLE statement
    • application code, including in 1
    • associating privileges with role 1
    • disabling roles with 1
    • enabling roles with 1
    • when using operating-system roles 1
  • SGA
    • See: System Global Area (SGA)
  • SHA-512 cryptographic hash function
    • enabling exclusive mode 1
  • Shared Global Area (SGA)
    • See: System Global Area (SGA)
  • shared server
    • limiting private SQL areas 1
    • operating system role management restrictions 1
  • shoulder surfing 1
  • smartcards
    • and RADIUS 1 , 2 , 3 , 4
  • smart cards
    • guidelines for security 1
  • SPATIAL_CSW_ADMIN role 1
  • SPATIAL_WFS_ADMIN role 1
  • SQL*Net
    • See: Oracle Net Services
  • SQL*Plus
    • connecting with 1
    • restricting ad hoc use 1
    • statistics monitor 1
  • SQL92_SECURITY initialization parameter
    • READ object privilege impact 1
  • SQL Developer
    • debugging using Java Debug Wire Protocol 1
  • SQL injection attacks 1
  • SQLNET.ALLOWED_LOGON_VERSION
    • See: SQLNET.ALLOWED_LOGON_VERSION_CLIENT, SQLNET.ALLOWED_LOGON_VERSION_SERVER,
  • SQLNET.ALLOWED_LOGON_VERSION_SERVER parameter
    • conflict with SEC_CASE_SENSITIVE_LOGON FALSE setting 1
    • effect on role passwords 1
  • SQLNET.AUTHENTICATION_KERBEROS5_SERVICE parameter 1
  • SQLNET.AUTHENTICATION_SERVICES parameter 1 , 2 , 4 , 5 , 6 , 7 , 8 , 9 , 10 , 11
  • SQLNET.CRYPTO_CHECKSUM_CLIENT parameter 1 , 2
  • SQLNET.CRYPTO_CHECKSUM_SERVER parameter 1 , 2
  • SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT parameter 1 , 2
  • SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER parameter 1 , 2
  • SQLNET.ENCRYPTION_CLIENT parameter 1 , 2
  • SQLNET.ENCRYPTION_SERVER parameter 1 , 2
  • SQLNET.ENCRYPTION_TYPES_CLIENT parameter 1 , 2
  • SQLNET.ENCRYPTION_TYPES_SERVER parameter 1 , 2
  • SQLNET.KERBEROS5_CC_NAME parameter 1
  • SQLNET.KERBEROS5_CLOCKSKEW parameter 1
  • SQLNET.KERBEROS5_CONF parameter 1
  • SQLNET.KERBEROS5_REALMS parameter 1
  • sqlnet.ora file
    • Common sample 1
    • FIPS 140-2
      • Cipher Suite settings 1
      • enabling tracing 1
    • Kerberos sample 1
    • Oracle Advanced Security checksum sample 1
    • Oracle Advanced Security encryption sample 1
    • Oracle wallet setting 1
    • OSS.SOURCE.MY_WALLET parameter 1 , 2
    • parameters for clients and servers using Kerberos 1
    • parameters for clients and servers using RADIUS 1
    • parameters for clients and servers using SSL 1
    • PDBs 1
    • RADIUS sample 1
    • sample 1
    • SQLNET.AUTHENTICATION_KERBEROS5_SERVICE parameter 1
    • SQLNET.AUTHENTICATION_SERVICES parameter 1 , 2 , 4 , 5 , 6 , 7 , 8
    • SQLNET.CRYPTO_CHECKSUM_CLIENT parameter 1
    • SQLNET.CRYPTO_CHECKSUM_SERVER parameter 1
    • SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT parameter 1 , 2
    • SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER parameter 1 , 2
    • SQLNET.ENCRYPTION_CLIENT parameter 1
    • SQLNET.ENCRYPTION_SERVER parameter 1 , 2
    • SQLNET.ENCRYPTION_TYPES_CLIENT parameter 1
    • SQLNET.ENCRYPTION_TYPES_SERVER parameter 1
    • SQLNET.KERBEROS5_CC_NAME parameter 1
    • SQLNET.KERBEROS5_CLOCKSKEW parameter 1
    • SQLNET.KERBEROS5_CONF parameter 1
    • SQLNET.KERBEROS5_REALMS parameter 1
    • SQLNET.SSL_EXTENDED_KEY_USAGE 1
    • SSL_CLIENT_AUTHENTICATION parameter 1
    • SSL_CLIENT_AUTHETNICATION parameter 1
    • SSL_VERSION parameter 1 , 2
    • SSL sample 1
    • Trace File Set Up sample 1
  • SQLNET.RADIUS_ALTERNATE_PORT parameter 1 , 2
  • SQLNET.RADIUS_ALTERNATE_RETRIES parameter 1 , 2
  • SQLNET.RADIUS_ALTERNATE_TIMEOUT parameter 1 , 2
  • SQLNET.RADIUS_ALTERNATE parameter 1 , 2
  • SQLNET.RADIUS_AUTHENTICATION_INTERFACE parameter 1
  • SQLNET.RADIUS_AUTHENTICATION_PORT parameter 1
  • SQLNET.RADIUS_AUTHENTICATION_RETRIES parameter 1
  • SQLNET.RADIUS_AUTHENTICATION parameter 1
  • SQLNET.RADIUS_CHALLENGE_KEYWORDparameter 1
  • SQLNET.RADIUS_CHALLENGE_RESPONSE parameter 1
  • SQLNET.RADIUS_CLASSPATH parameter 1
  • SQLNET.RADIUS_SECRET parameter 1
  • SQLNET.RADIUS_SEND_ACCOUNTING parameter 1 , 2
  • SQLNET.SSL_EXTENDED_KEY_USAGE parameter 1
  • SQL statements
    • dynamic 1
    • object privileges permitting in applications 1
    • privileges required for 1 , 2
    • resource limits and 1
    • restricting ad hoc use 1
  • SSL
    • See: Secure Sockets Layer (SSL)
  • SSL_CIPHER_SUITES parameter 1
  • SSL_CLIENT_AUTHENTICATION parameter 1 , 2 , 3
  • SSL_SERVER_CERT_DN parameter 1
  • SSL_SERVER_DN_MATCH parameter 1
  • SSL_VERSION parameter 1 , 2 , 3
  • standard auditing
    • affected by editions 1
    • archiving audit trail 1
    • privilege auditing
      • about 1
      • multitier environment 1
    • records
      • archiving 1
    • statement auditing
      • multitier environment 1
  • standard audit trail
    • records, purging 1
  • statement_types parameter of DBMS_RLS.ADD_POLICY procedure 1
  • storage
    • quotas and 1
    • unlimited quotas 1
  • stored procedures
    • using privileges granted to PUBLIC role 1
  • strong authentication
    • centrally controlling SYSDBA and SYSOPER access to multiple databases 1
    • guideline 1
  • symbolic links
    • restricting 1
  • synchronous authentication mode, RADIUS 1
  • synonyms
    • object privileges 1
    • privileges, guidelines on 1
  • SYS_CONTEXT function
    • about 1
    • auditing nondatabase users with 1
    • database links 1
    • dynamic SQL statements 1
    • example 1
    • parallel query 1
    • syntax 1
    • unified audit policies 1
    • used in views 1
    • validating users 1
  • SYS_DEFAULT Oracle Virtual Private Database policy group 1
  • SYS_SESSION_ROLES namespace 1
  • SYS.AUD$ table
    • archiving 1
  • SYS.FGA_LOG$ table
    • archiving 1
  • SYS account
    • auditing 1
    • changing password 1
    • policy enforcement 1
  • SYS and SYSTEM
    • passwords 1
  • SYS and SYSTEM accounts
    • auditing 1
  • SYSASM privilege
    • password file 1
  • SYSBACKUP privilege
    • operations supported 1
    • password file 1
  • SYSDBA privilege
    • password file 1
  • SYSDG privilege
    • operations supported 1
    • password file 1
  • SYSKM privilege
    • operations supported 1
    • password file 1
  • SYSMAN user account 1
  • SYS objects
    • auditing 1
  • SYSOPER privilege
    • password file 1
  • SYS schema
    • objects, access to 1
  • System Global Area (SGA)
    • application contexts, storing in 1
    • global application context information location 1
    • limiting private SQL areas 1
  • system privileges
    • about 1
    • ADMIN OPTION 1
    • ANY
      • guidelines for security 1
    • CDBs 1
    • GRANT ANY PRIVILEGE 1
    • granting 1
    • granting and revoking 1
    • power of 1
    • restriction needs 1
    • revoking, cascading effect of 1
    • SELECT ANY DICTIONARY 1
    • with common privilege grants 1
  • system requirements
    • Kerberos 1
    • RADIUS 1
    • SSL 1
    • strong authentication 1
  • SYS user
    • auditing example 1

T

  • tables
    • auditing 1
    • privileges on 1
  • tablespaces
    • assigning defaults for users 1
    • default quota 1
    • quotas, viewing 1
    • quotas for users 1
    • temporary
      • assigning to users 1
    • unlimited quotas 1
  • TCPS protocol
    • Secure Sockets Layer, used with 1
    • tnsnames.ora file, used in 1
  • TELNET service 1
  • TFTP service 1
  • thin JDBC support 1
  • TLS See Secure Sockets Layer (SSL) 1
  • token cards 1 , 2
  • trace file
    • set up sample for sqlnet.ora file 1
  • trace files
    • access to, importance of restricting 1
    • bad packets 1
    • FIPS 140-2 1
    • location of, finding 1
  • Transparent Data Encryption
    • about 1
    • enabling for FIPS 140-2 1
    • SYSKM administrative privilege 1
  • transparent sensitive data protection (TSDP)
    • about 1
    • altering policies 1
    • benefits 1
    • bind variables
      • about 1
      • expressions of conditions 1
    • creating policies 1
    • disabling policies 1
    • disabling REDACT_AUDIT policy 1
    • dropping policies 1
    • enabling REDACT_AUDIT policy 1
    • finding information about 1
    • general steps 1
    • PDBs 1
    • privileges required 1
    • REDACT_AUDIT policy 1
    • sensitive columns in INSERT or UPDATE operations 1
    • sensitive columns in same SELECT query 1
    • sensitive columns in views 1
    • use cases 1
    • Virtual Private Database
      • DBMS_RLS.ADD_POLICY parameters 1
      • general steps 1
      • tutorial 1
  • transparent tablespace encryption
    • about 1
  • Transport Layer Security (SSL)
    • compared to SSL 1
  • triggers
    • auditing 1 , 2
    • CREATE TRIGGER ON 1
    • logon
      • examples 1
      • externally initialized application contexts 1
    • privileges for executing
      • roles 1
    • WHEN OTHERS exception 1
  • troubleshooting
    • finding errors by checking trace files 1
  • trusted procedure
    • database session-based application contexts 1
  • tsnames.ora configuration file 1
  • tutorials
    • application context, database session-based 1
    • auditing
      • creating policy to audit nondatabase users 1
      • creating policy using email alert 1
    • external network services, using email alert 1
    • global application context with client session ID 1
    • invoker’s rights procedure using CBAC 1
    • nondatabase users
      • creating Oracle Virtual Private Database policy group 1
      • global application context 1
    • Oracle Virtual Private Database
      • policy groups 1
      • policy implementing 1
      • simple example 1
    • TSDP with VPD 1
  • types
    • creating 1
    • privileges on 1
    • user defined
      • creation requirements 1

U

  • UDP and TCP ports
    • close for ALL disabled services 1
  • UGA
    • See: User Global Area (UGA)
  • unified auditing
    • benefits 1
    • compared with mixed mode auditing 1
    • database creation 1
    • disabling 1
    • finding if migrated to 1
    • mixed mode auditing
      • about 1
      • capabilities 1
    • purging records
      • example 1
      • general steps for manual purges 1
      • general steps for scheduledl purges 1
    • tutorial 1
  • unified audit policies
    • about 1
    • best practices for creating 1
    • dropping
      • about 1
      • procedure 1
    • location of 1
    • predefined
      • ORA_ACCOUNT_MGMT 1
      • ORA_CIS_RECOMMENDATIONS 1
      • ORA_DATABASE_PARAMETER 1
      • ORA_DV_AUDPOL 1
      • ORA_LOGON_FAILURES 1
      • ORA_SECURECONFIG 1
    • syntax for creating 1
    • users, applying to 1
    • users, excluding 1
    • users, success or failure 1
  • unified audit policies, administrative users
    • example 1
    • users that can be audited 1
  • unified audit policies, administriave users
    • configuring 1
  • unified audit policies, altering
    • about 1
    • configuring 1
    • examples 1
  • unified audit policies, CDBs
    • about 1
    • appearance in audit trail 1
    • configuring 1
    • examples 1 , 2
  • unified audit policies, conditions
    • about 1
    • configuring 1
    • examples 1
  • unified audit policies, disabling
    • about 1 , 2
    • configuring 1
  • unified audit policies, enabling
    • about 1
    • configuring 1
    • for groups of users through roles 1
  • unified audit policies, object actions
    • about 1
    • actions that can be audited 1
    • appearance in audit trail 1
    • configuring 1
    • dictionary tables
      • auditing 1
    • examples 1
    • SYS objects 1
  • unified audit policies, Oracle Database Real Application Security
    • about 1
    • configuring 1
    • events to audit 1
    • examples 1
    • how events appear in audit trail 1
    • predefined
      • about 1
      • ORA_RAS_POLICY_MGMT 1
      • ORA_RAS_SESSION_MGMT 1
  • unified audit policies, Oracle Database Vault
    • about 1
    • appearance in audit trail 1
    • attributes to audit 1
    • configuring 1
    • data dictionary views 1
    • examples 1
    • how events appear in audit trail 1
  • unified audit policies, Oracle Data Miner
    • about 1
  • unified audit policies, Oracle Data Mining
    • configuring 1
    • how events appear in audit trail 1
  • unified audit policies, Oracle Data Pump
    • about 1
    • appearance in audit trail 1 , 2
    • configuring 1
    • events to audit 1
    • examples 1
    • how events appear in audit trail 1
  • unified audit policies, Oracle Label Security
    • about 1
    • appearance in audit trail 1
    • configuring 1
    • events to audit 1
    • examples 1
    • how events appear in audit trail 1
    • LBACSYS.ORA_GET_AUDITED_LABEL function 1
    • user session label events 1
  • unified audit policies, Oracle Recovery Manager
    • about 1
    • how events appear in audit trail 1
  • unified audit policies, Oracle SQL*Loader
    • about 1
    • configuring 1
    • events to audit 1
    • example 1
    • how events appear in audit trail 1
  • unified audit policies, privileges
    • about 1
    • appearance in audit trail 1
    • configuring 1
    • examples 1
    • privileges that can be audited 1
    • privileges that cannot be audited 1
  • unified audit policies, roles
    • about 1
    • configuring 1
    • examples 1
  • unified audit session ID, finding 1
  • unified audit trail
    • about 1
    • archiving 1
    • loading audit records to 1
    • when records are created 1
    • writing audit trail records to AUDSYS
      • about 1
      • configuring modes 1
      • immediate-write mode 1
      • manually flushing records to AUDSYS 1
      • minimum flush threshold for queues 1
      • queued-write mode 1
  • unified audit trail, object actions
    • READ object actions 1
    • SELECT object actions 1
  • unified audit trail, Oracle Data Mining
    • events to audit 1
    • examples 1
  • UNLIMITED TABLESPACE privilege 1
  • UPDATE privilege
    • revoking 1
  • user accounts
    • administrative user passwords 1
    • common
      • creating 1
    • common user
      • about 1
    • default user account 1
    • local
      • creating 1
    • local user
      • about 1
    • password guidelines 1
    • passwords, encrypted 1
    • privileges required to create 1
    • proxy users 1
  • USERENV function
    • used in views 1
  • USERENV namespace
    • about 1
  • User Global Area (UGA)
    • application contexts, storing in 1
  • user names
    • schemas 1
  • user privileges
    • CDBs 1
  • USER pseudo column 1
  • users
    • administrative option (ADMIN OPTION) 1
    • altering 1
    • altering common users 1
    • altering local users 1
    • application users not known to database 1
    • assigning unlimited quotas for 1
    • auditing 1
    • database role, current 1
    • default roles, changing 1
    • default tablespaces 1
    • dropping 1 , 2
    • dropping profiles and 1
    • dropping roles and 1
    • enabling roles for 1
    • enterprise 1 , 2
    • enterprise, shared schema protection 1
    • external authentication
      • about 1
      • advantages 1
      • assigning profiles 1
      • operating system 1
      • user creation 1
    • finding information about 1
    • finding information about authentication 1
    • global
      • assigning profiles 1
    • hosts, connecting to multiple
      • See external network services, fine-grained access to 1
    • information about, viewing 1
    • listing roles granted to 1
    • memory use, viewing 1
    • names
      • case sensitivity 1
      • how stored in database 1
    • network authentication, external 1
    • nondatabase 1 , 2
    • objects after dropping 1
    • operating system external authentication 1
    • password encryption 1
    • privileges
      • for changing passwords 1
      • for creating 1
      • granted to, listing 1
      • of current database role 1
    • profiles
      • assigning 1
      • creating 1
      • specifying 1
    • proxy authentication 1
    • proxy users, connecting as 1
    • PUBLIC role 1 , 2
    • quota limits for tablespace 1
    • restricting application roles 1
    • restrictions on user names 1
    • roles and
      • for types of users 1
    • schema-independent 1
    • schemas, private 1
    • security, about 1
    • security domains of 1
    • tablespace quotas 1
    • tablespace quotas, viewing 1
    • user accounts, creating 1
    • user models and Oracle Virtual Private Database 1
    • user name, specifying with CREATE USER statement 1
    • views for finding information about 1
  • user sessions, multiple within single database connection 1
  • utlpwdmg.sql
    • about 1

V

  • valid node checking 1
  • views
    • about 1
    • access control list data
      • external network services 1
      • wallet access 1
    • application contexts 1
    • audited activities 1
    • auditing 1
    • audit management settings 1
    • audit trail usage 1
    • authentication 1
    • bind variables in TSDP sensitive columns 1
    • DBA_COL_PRIVS 1
    • DBA_HOST_ACES 1
    • DBA_HOST_ACLS 1
    • DBA_ROLE_PRIVS 1
    • DBA_ROLES 1
    • DBA_SYS_PRIVS 1
    • DBA_TAB_PRIVS 1
    • DBA_USERS_WITH_DEFPWD 1
    • DBA_WALLET_ACES 1
    • DBA_WALLET_ACLS 1
    • definer’s rights 1
    • encrypted data 1
    • invoker’s rights 1
    • Oracle Virtual Private Database policies 1
    • privileges 1 , 2
    • profiles 1
    • ROLE_SYS_PRIVS 1
    • ROLE_TAB_PRIVS 1
    • roles 1
    • security applications of 1
    • SESSION_PRIVS 1
    • SESSION_ROLES 1
    • transparent sensitive data protection 1
    • USER_HOST_ACES 1
    • USER_WALLET_ACES 1
    • users 1
  • Virtual Private Database
    • See: Oracle Virtual Private Database
  • VPD
    • See: Oracle Virtual Private Database
  • vulnerable run-time call
    • made more secure 1

W

  • Wallet Manager
    • See: Oracle Wallet Manager
  • wallets
    • authentication method 1
  • Web applications
    • user connections 1 , 2
  • Web-based applications
    • Oracle Virtual Private Database, how it works with 1
  • WFS_USR_ROLE role 1
  • WHEN OTHERS exceptions
    • logon triggers, used in 1
  • Windows native authentication 1
  • WITH GRANT OPTION clause
    • about 1
    • user and role grants 1
  • WM_ADMIN_ROLE role 1

X

  • X.509 certificates
    • guidelines for security 1
  • XDB_SET_INVOKER role 1
  • XDB_WEBSERVICES_OVER_HTTP role
    • about 1
  • XDB_WEBSERVICES_WITH_PUBLIC role 1
  • XDB_WEBSERVICES role 1
  • XDBADMIN role 1
  • XS_CACHE_ADMIN role 1
  • XS_NSATTR_ADMIN role 1
  • XS_RESOURCE role 1