I was perusing (yes, "perusing") the My Oracle Support Community Database Administration posts recently when I came across this one: "How to hide oracle database account password in a create user sql script". The poster had a problem that every database administrator has had to confront at one time or another: namely, how to embed a … Continue reading How to hide Oracle passwords in a script?
In Part 1 and Part 2 of this series I described the process for configuring the server wallet, sqlnet.ora, and listener.ora files. In this post I will discuss how to configure the client for SSL authentication with a smart card. At this point it is assumed that an Oracle Client has already been installed. The … Continue reading Database Authentication with a Smart Card – Part 3 (Client)
In my previous post I discussed the first steps in the configuration of an Oracle database for user authentication using a smart card, such as the DoD Common Access Card (CAC). Along with some general considerations for setting up SSL/TLS authentication, I went over the construction of the database server's Oracle Wallet. In this post … Continue reading Database Authentication with a Smart Card – Part 2 (Server)
I hate changing passwords every so many days. Seems like I no sooner get all of my passwords reset than it is time to start changing them again. Working in a government environment, one of those things that I tried to figure out for years was how to log on to a database using my … Continue reading Database Authentication with a Smart Card – Part 1 (Wallet)
One of the most problematic STIG checklist items is this one: Rule Title: Database account passwords should be stored in encoded or encrypted format whether stored in database objects, external host files, environment variables or any other storage locations. STIG ID: DG0067-ORACLE11 Rule ID: SV-24641r1_rule Vuln ID: V-3812 Severity: CAT I Vulnerability Discussion: Database passwords stored … Continue reading Database Account Password Storage
As a database administrator I have been called on to oversee many, many kinds of systems over the years. I have supported everything from prototype proof-of-concept systems with a single programmer to high availability production systems with thousands of end users; servers that support commercial off-the-shelf applications and servers that support multiple custom Java applications. It is an industry standard … Continue reading Shared Application Accounts and Developers
An Oracle database link is one of the most straight forward and useful methods for transferring data from one system to another. Data in remote systems can be searched or copied from table to table over the network, just like it was in the local database. If not handled correctly however, a database link can become a major … Continue reading Secure Database Links
The second Installation STIG item pertains to access controls for the account (typically 'oracle') that owns the Oracle software on the database server. Group ID (Vulid): V-2422 Group Title: DBMS software owner account access Rule ID: SV-24374r1_rule Severity: CAT II Rule Version (STIG-ID): DG0040-ORACLE11 Rule Title: The DBMS software installation account should be restricted to … Continue reading Software Owner Account Access