Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed
 

PUBLIC ROLE AND DEFINER RIGHTS

Hi All,
I received Applied Oracle Security in the post this weekend from Amazon. Yes they are still selling actual books, as well as offering Amazing Elastic Clouds to the masses.
Being Oracle Press I expected the book to be from the Oracle vendor perspective, but having said that David Knox’s previous Oracle Press book was a very good read, so let’s start with a positive open mind. The Database Vault chapter looks good with a fundamentals and advanced section. DBV is beginning to be taken up, though if a low priv user can make themselves DBA and a DBA can make themselves SYSDBA then the added icing on the cake of DBV should not be relied on in it’s self. Need to firm up the foundations as well.
There are a couple of nice Apex security chapters though I have not used this software much commercially, I can see its appeal.
The book includes a chapter on Audit Vault which runs as the Oracle unix user so is susceptible to escalations giving ability to tamper with the audit trail mechanism. Sentrigo HH runs as a seperate user from Oracle so this is not an issue for HH. If you are interested in either DBV or Apex then worth buying the book. It is not on Safari but can be purchased electronically for Kindle.

My current perspective on Oracle security is that there are a few central basic core improvements that could be made to the Oracle DB to allow more direct access to users securely.
One of these is the issue of how to allocate privileges on PL packages efficiently. If a package is found to be vulnerable then public execute is revoked and privileges to the user that requires it are granted. BUT have a think why public was granted in the first place.
One reason is that it means every user can execute the package, BUT the other is that any other package can also execute the package using their definer rights. Roles are not enabled with DEFINER rights, that is except for the PUBLIC “ROLE”. PUBLIC is the only customisable grouping that is picked up by definer rights so if a package is granted to public then any other package can also execute it. This is interesting in my opinion because what it illustrates is that the reason for so many public grants is because PUBLIC is the only role which can pass it’s privileges via DEFINER rights. So the ability for more precisely defined roles to be effective through definer rights would enable the revocation of more public grants and mean that many would not need to be granted originally. So DEFINER rights Roles please Oracle :)
Of course major changes to the core RDBMS are not easy, but it is good to have a wish list.
Cheers,
Paul

Comments are closed.