Oracle® Healthcare Data Warehouse Foundation Secure Installation and Configuration Guide Release 6.1 E27595-06 |
|
|
PDF · Mobi · ePub |
The following principles are fundamental to using any application securely.
One of the principles of good security practice is to keep all software versions and patches up to date.
Oracle continually improves its software and documentation. Critical Patch Updates are the primary means of releasing security fixes for Oracle products to customers with valid support contracts. They are released on the Tuesday closest to the 17th day of January, April, July and October. Oracle highly recommends that customers apply these patches as soon as they are released.
Although the importance of passwords is well known, the following basic rule of security management is worth repeating:
Ensure all your passwords are strong passwords.
You can strengthen passwords by creating and using password policies for your organization. For guidelines on securing passwords and for additional ways to protect passwords, refer to the Oracle Database Security Guide specific to the database release you are using.
You should modify the following passwords to use your policy-compliant strings:
Passwords for the database default accounts, such as SYS and SYSTEM.
Passwords for the database application-specific schema accounts, such as HDM and HDI
You should not configure a password for the database listener as that enables remote administration. For more information, refer to the section Removing the Listener Password of Oracle® Database Net Services Reference 11g Release 2 (11.2).
Refer to the Oracle 11gR2 Database Security Guide for more information.
The principle of least privilege states that users should be given the least amount of privilege to perform their jobs. Overly ambitious granting of responsibilities, roles, grants - especially early on in an organization's life cycle when people are few and work needs to be done quickly - often leaves a system wide open for abuse. User privileges should be reviewed periodically to determine relevance to current job responsibilities. Before executing DDL scripts to create HDWF, a database user should be created with the specified limited set of privileges. DBA access should not be given to the user. For complete privileges to be granted to HDWF user, refer to the following section.
Before executing DDL scripts to create HDWF, a database user should be created with the specified limited set of privileges. DBA access should not be given to the user. For complete privileges to be granted to HDWF user, refer to the following section.