Index
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
R
S
T
U
V
W
X
A
- access
- unauthorized, 1-14, 1-15
- access control
- described, 1-6
- directory, 5-7
- least privilege, 9-4
- Oracle Connection Manager, 9-57
- access control lists (ACLs), 6-3
- administration
- delegation of, 5-8, 9-50
- enterprise user, 9-55
- application context
- accessed globally, 9-18
- accessed locally, 9-17
- initialized externally, 9-17
- initialized globally, 9-18
- overview, 9-16
- secure, 9-15
- virtual private database (VPD), 9-17
- application security
- directory-based, 5-8
- policies, 9-13
- requirements, 1-15
- secure application role, 9-21
- auditing
- customizable, 7-3, 9-5
- fine-grained, 7-3, 9-21
- in multitier systems, 7-4
- introduction, 7-2
- multitier applications, 9-23
- security requirements, 7-2
- authentication, 9-26
- application user proxy authentication, 9-18
- biometric, 9-37
- CyberSafe, 4-4, 9-36
- DCE, 4-7, 9-38
- described, 1-6, 4-2, 9-4
- directory, 5-5
- Entrust/PKI, 8-8, 9-36
- Kerberos, 4-4
- methods, 8-7, 9-4, 9-33
- multitier, 6-5
- password-authenticated users, 6-5
- password-based, 4-2
- PKI certificate-based, 4-7, 8-5
- PKI methods, 8-7, 9-34
- proxy, 3-8, 4-8, 9-9
- RADIUS protocol, 4-4, 9-36
- SecurID, 9-37
- smart cards, 4-6, 9-37
- SSL, 8-7, 9-35
- strong, 4-3, 9-33
- token cards, 4-5, 9-37
- authorization
- biometrics, 4-7
- described, 1-6
- directory, 5-7, 5-8
- multitier, 6-5
- proxy, 4-8
- availability
- Real Application Clusters, 9-8
- security factors, 1-7, 2-13, 9-6
B
- backup and recovery, 9-7
- Baltimore Technologies, 9-34
- biometric authorization, 4-7, 9-37
C
- certificate authorities, 9-34
- introduction, 8-5
- certificates
- contents, 8-6
- introduction, 8-5
- support for multiple, 9-46
- trusted, 8-6, 9-43
- X.509 Version 3, 8-7
- checksums, 9-29, 9-51
- algorithms, 3-6
- SSL, 9-29
- confidentiality, 1-5
- connection
- management, 9-57
- multitier, 3-3
- connection pooling, 4-9, 9-18
- credentials
- secure storage, 8-8
- CyberSafe ActiveTrust, 4-4
- CyberSafe authentication, 4-4, 9-36
D
- data
- deep data protection, 9-12
- encryption of stored, 2-11
- Data Encryption Standard (DES), 2-11, 3-5, 9-6, 9-28
- database links
- current user, 9-42
- DBMS_OBFUSCATION_TOOLKIT, 9-6
- directory security
- administrative roles, 5-12
- application security, 5-8, 9-42
- domains and roles, 5-10
- discretionary access control (DAC)
- least privilege, 9-4
- Distributed Computing Environment (DCE)
- authentication, 4-7, 9-38
E
- encryption
- algorithms, 2-11, 3-5
- for network transmission, 3-4, 9-27
- stored data, 2-11, 9-6
- enterprise roles, 2-6, 9-55
- enterprise user security
- features, 9-40
- global roles, 2-5
- graphical user interfaces, 9-41
- introduction, 6-1, 6-2
- privilege administration, 6-3
- enterprise users
- password authenticated, 6-5, 9-41
- Entrust certificates, 9-43
- Entrust Profile, 9-35
- Entrust/PKI authentication, 8-8, 9-35
F
- failover, 9-8
- Federal Information Processing Standard 140-1 (FIPS), 9-24
- fine-grained access control
- facilitating VPD, 9-19
- per-user, 9-20
- fine-grained auditing, 7-3, 9-21
- firewalls, 3-7, 9-58, 9-59
G
- GTE CyberTrust certificates, 9-43, 9-44
H
- hashing, password, 5-6
I
- integrity
- checking, 3-6
- database mechanisms, 2-12, 9-3
- described, 1-6
- directory, 9-51
- entity integrity enforcement, 9-3
- Oracle Advanced Security features, 9-29
- referential, 2-12, 9-3
- Internet
- access control, 9-59
- data access increased, 1-9
- hosted system security, 1-11, 9-13
- increased data availability, 1-9
- large user communities, 1-10
- scalability of security, 1-10, 9-13
- security challenges, 1-8
- security features, 9-12
- security requirements, 1-8
J
- Java
- class execution, 9-23
- security implementation, 9-23
- Java Database Connectivity (JDBC)
- application user proxy authentication, 9-11
- encryption, 9-31
- JDBC-OCI driver, 3-9, 9-10, 9-30
- network security, 3-8
- supported drivers, 9-30
- Thin driver, 3-9, 9-31
- Java Secure Socket Extension (JSSE), 9-32
- Java virtual machine (JVM), 9-23
- java.lang.SecurityManager, 9-23
K
- Kerberos authentication, 4-4, 9-36
- Kerberos Single Sign-On, 4-4
L
- label based access control
- introduction, 2-10
- Oracle Label Security, 9-48
- LDAP
- application security, 5-8
- compliance, 9-52
- delegation of administration, 5-8
- directory access controls, 5-7
- introduction, 5-3
- Oracle Internet Directory, 9-44
- security features, 5-4
- server instance architecture, 9-52
- single sign-on, 9-39
- lightweight sessions, 4-9
- Login Server, 4-11
M
- MD4 hashing scheme, 5-6, 9-51
- MD5 Checksum, 3-6, 5-6, 9-6, 9-29, 9-51
- Microsoft Active Directory, 9-42
- multitier systems
- auditing, 7-4, 9-23
- authentication, 6-5
- proxy authentication, 4-8, 9-10
- security, 3-8
- single sign-on, 4-11
N
- network security
- database enforced, 3-4
- encryption, 3-4
- firewalls, 3-7
- Java Database Connectivity (JDBC), 3-8
- managing privileges, 2-7
- multitier connection management, 3-3
- Oracle Advanced Security features, 9-27
- PKI, 8-9
- Secure Sockets Layer, 3-6
- valid node checking, 3-3
- VPD database enforced access, 9-61
O
- Oracle Advanced Security, 9-24, 9-26
- authentication, 9-33
- PKI implementation, 9-43
- Oracle Call Interface (OCI)
- JDBC driver, 9-10
- JDBC-OCI driver, 3-9
- PKI, 9-43
- Oracle Connection Manager, 3-3
- firewall support, 9-59
- firewalls, 9-58
- security features, 9-57
- Oracle Enterprise Login Assistant, 9-35, 9-44
- Oracle Enterprise Security Manager, 9-42, 9-45, 9-46
- Oracle Internet Directory, 9-44
- architecture, 9-53
- components, 9-51
- enterprise user administration, 9-55
- security benefits, 9-51
- security features, 9-50
- Oracle Java SSL, 9-32
- Oracle Label Security, 9-20, 9-48
- Oracle Net Firewall Proxy, 9-59
- Oracle Net Services, 9-27
- protocol support, 9-57
- security features, 9-56
- Oracle Password Protocol, 9-32
- Oracle Policy Manager, 9-20
- Oracle Wallet Manager, 8-8, 9-32, 9-35, 9-44, 9-46
- Oracle wallets, 9-44
- Oracle9i Application Server
- SSL encryption, 9-30
P
- partitioning, 9-19
- virtual private database (VPD), 9-19
- passwords
- authentication, 4-2
- authentication of enterprise users, 6-5, 9-41
- protection in directory, 5-6, 9-51
- security risks, 1-14
- PKCS #12 containers, 9-46
- PKCS#10 certificates, 9-44
- privacy of communications, 1-5
- privileges
- enterprise administration, 6-3
- least, 9-4
- managing, 2-3
- network facilities, 2-7
- roles to manage, 2-4
- schema object, 2-2, 2-3
- stored procedures to manage, 2-7
- system, 2-2
- views to manage, 2-8
- profiles
- user, 9-6
- protocol conversion, 9-57
- proxy authentication, 3-8, 4-8, 9-9
- application user, 9-11, 9-18
- directory, 9-10
- expanded credential, 9-10
- Kerberos and CyberSafe, 9-36
- proxy authorization, 4-8
- Public Key Certificate Standard #12 (PKCS#12), 8-8
- Public Key Certificate Standards (PKCS), 9-34
- public key infrastructure (PKI)
- advantages, 8-3
- authentication, 4-7, 9-34
- authentication methods, 8-7
- certificate-based authentication, 8-5
- components, 8-3, 9-43
- cryptography, 8-4
- interoperability, 9-45
- introduction, 8-1
- network security, 8-9
- Oracle Advanced Security, 9-43
- Oracle implementation, 9-47
- security features, 8-2
- single sign-on, 8-9
- supported vendors, 9-34
R
- RADIUS protocol
- authentication, 4-4, 9-36
- smart cards, 9-37
- supported vendors, 9-36
- RADIUS-compliant smart cards, 4-6
- RADIUS-compliant token cards, 4-5
- RC4 encryption algorithm, 2-11, 3-5, 9-28
- Real Application Clusters
- availability, 9-8
- referential integrity, 9-3
- replication, advanced, 9-7
- resource limitation, 9-6
- roles
- database, 2-4
- directory administration, 5-12
- enterprise, 2-6, 6-5
- global, 2-5
- managing privileges, 2-4
- secure application, 2-6
- secure application role, 9-21
- types of, 9-5
- row level security
- introduction, 2-9
- RSA certificates, 9-43, 9-44
- RSA Data Security RC4, 3-5, 9-28
- RSA SecurID tokens, 9-37
S
- scalability
- security, 1-16, 9-18
- schema objects
- privileges on, 2-3
- secure application roles, 2-6, 9-21, 9-61
- Secure Hash Algorithm (SHA), 3-6, 5-6, 9-29, 9-51
- Secure Sockets Layer (SSL), 9-43
- authentication, 8-7, 9-35
- checksums, 9-29
- encryption, 9-29
- network security, 3-6
- Oracle Internet Directory, 9-50
- single sign-on, 9-44
- SecurID token cards, 9-37
- security
- administration team, 1-19
- application, 9-13
- application context, 9-16
- application user proxy authentication, 9-18
- auditing, 7-2
- availability, 1-7, 2-13
- credentials, storage, 8-8
- database, 2-2
- database integrity mechanisms, 2-12
- deep data protection, 9-12
- directory authentication, 5-5
- directory-based, 5-8, 9-42
- enterprise user, 6-2
- firewalls, 3-7
- good practices, 2-14
- hosted systems, 1-11
- integrity, 1-6
- Internet, 1-8, 1-10, 9-12, 9-13
- Java Beans, 9-25
- Java implementation, 9-23
- label based access control, 2-10
- LDAP features, 5-4
- multitier systems, 1-15, 3-8
- myths, 1-2
- network, 9-27
- Oracle Advanced Security, 9-24
- Oracle Internet Directory, 9-50
- Oracle Label Security, 9-48
- Oracle Net Services, 9-56
- Oracle9i Enterprise Edition, 9-12
- Oracle9i Standard Edition, 9-2
- password protection, 1-14, 5-6
- personnel dimension, 1-4
- physical dimension, 1-4
- PKI, 8-1
- privileges, 2-2
- procedural dimension, 1-4
- requirements, 1-5, 1-15
- row level, 2-9
- scalability, 1-16, 9-18
- scope of issues, 1-3
- secure application role, 9-21
- security directory integrity, 5-2
- shared schemas, 6-4
- single sign-on, 4-10, 6-6
- strong authentication, 4-3
- technical dimension, 1-4
- threats and countermeasures, 1-12, 1-17
- virtual private database (VPD), 2-9
- SecurityManager class, 9-23
- sessions
- lightweight, 4-9
- multiplexing, 9-58
- shared schemas
- Oracle Internet Directory, 9-55
- security features, 6-4, 9-42
- single sign-on
- Entrust-based, 9-35, 9-39
- implementations, 4-10, 9-39
- introduction, 6-6
- multitier, 4-11
- Oracle Enterprise Login Assistant, 9-44
- PKI, 8-9, 9-39
- server-based, 4-10
- Single Sockets Layer (SSL)
- current user database links, 9-42
- smart cards, 4-6, 9-37
- storage
- secure credentials, 8-8
- secure data, 1-5
- stored data encryption, 1-5
- stored program units
- managing privileges, 2-7, 9-5
T
- tables
- privileges on, 2-3
- TCP.EXCLUDED_NODES parameter, 9-60
- TCP.INVITED_NODES parameter, 9-60
- TCP.VALIDNODE_CHECKING parameter, 9-60
- token cards, 9-37
- benefits, 4-5
- Triple DES (3DES), 2-11, 3-5, 9-6, 9-28, 9-46
U
- UNIX hashing scheme, 5-6
- user models, 9-20
- users
- authentication of, 9-4
V
- valid node checking, 3-3, 9-60
- VeriSign, 9-34, 9-43, 9-44
- views
- complex and dynamic, 2-9
- managing privileges, 2-8, 9-5
- virtual private database (VPD), 9-19
- application context, 9-17
- database enforced network access, 9-61
- how it works, 9-15
- introduction, 2-9
- network security, 3-4
- Oracle Label Security, 9-20, 9-48
- Oracle Policy Manager, 9-20
- overview, 9-14
- user models, 9-20
W
- wallets, 9-44
- encryption, 9-46
X
- X.509 Version 3 certificates, 8-7, 9-9, 9-10, 9-34, 9-35, 9-44, 9-46
