Security :: How To Secure Database
Jul 18, 2010how can i secure my database from hacking by any one of these:
1-sql injections
2- DON(Danial Of service)
3- buffer overflow
4- listner hack
how can i secure my database from hacking by any one of these:
1-sql injections
2- DON(Danial Of service)
3- buffer overflow
4- listner hack
I'm doing online business of selling my manufacturing product to my customer through internet. It is so much easy way but with this there are some unwanted threads that might be disturb business working area. I want to keep my customer online data from hacker but have no strong software who minimize or protect them hackers.
View 1 Replies View Relatedoracle version oracle 10gr2
os: windows 64
from [URL] How to I use secure external password in asp.dot net or c# dot net with reference to [URL]
I've created the wallet, but then how apply it in dot net context?
string connectionString = "Data Source=ARK2;User ID=scott; Password=tiger";
suppose I created a secure db connect string, what should be user id and password?
Is it user id="" password=""
or user_id ="/" password=""
How to secure oracle database, I am having the oracle database which will be packed as package in a machine and will be delivered to client place , need to ensure that the client will not access the database by any means.
Even he breaks the password (he should not break but despite client has broken the password) and went inside the database, he should not be able to see the databases Procedures ,views,functions and triggers. Can we Encrypt this, if so can client will be able to decrypt the same? Is there a way to secure the database from the client not to access the database.
regarding Database Hardening, i am new to this concept
View 2 Replies View Relatedi have created a database on my pc and i have given a password at the time of installation , after the installation it is accessed successfully by the given password , but i observed that when i gave anything in password then it is also accessed by it and i don't have any other database of this same name.
And when i access it through another system then it is accessed only by its original password not by any other password.
Two questions.
1. Both Oracle Secure Backup and Oracle Secure Backup Express for x86 Solaris download the same file.
Is there no difference on Solaris?
2. Have installed and configured sgen driver and tapes can be labelled OK and the first backup works
BUT appending the next backup to the tape I get the following.
Space to EOD.
BSR
Device says it is offline
Transcript below
8231: 2012/12/21.10:16:28 (pvfw) previous state is invalid
8232: 2012/12/21.10:16:28 (alv) backup image label is valid, file 1, section 1
8233: 2012/12/21.10:16:28 (pvfw) invalidating tape position in mount db
8234: 2012/12/21.10:16:28 (ial) invalidate backup image label (was valid)
8235: 2012/12/21.10:16:28 ***0 wst__exec: op=16 (eod), buf=0x0, count=1 (0x1), parm=0x0
[code]........
My scenario:
We have OSB 10.44 installed on 64 Bit Red Hat OS. Is working pretty fine with a Virtual Library that is configured in an Storage Box. Now we have acquired a Physical Storage and we want to duplicate the backups already taken by the Virtual Library into the new Physical Library.
We have 20 drives for the VTL and for the physical we are planning to have the same to duplicate all backups from VTL. That is being done in case Emergency Failures, so we can restore from Physical Library in case the VTL fails.
The question is: Is there any documentation on how to do duplicate backups.?
The duplicate backups copy wont be done in real time. They will be done after the backup is finished in the VTL and then will start the copy in the physical library.
We have Employee table, there is a field name Employee_no. field size is 6.can we restrict some one not to increase or decrease the field size of Employee_no. even User has admin role.
is there any way to restrict admin user that he should not allow to enter the value of field more or less than 6 characters through Toad or SQL Plus 8.0.
------------------------------------------------------
for example
field: employee_no
feild_size: 6
field_type: Varchar2
When we enter Employee no A000001(7 digit) then database not allowed to update because its field size is 6 characters we want to restrict admin user in Toad or SQL Plus 8.0 because he is Toad and SQL Plus user.
Is there any setting on oracle that allows to disconnect users automatically and display a message to users such: "Try a new connection to the db in 30 minutes"?
View 7 Replies View RelatedWe currently hardcode the password inside our Java application to make the connection with the Database,this makes the password to be visible to all users who can read the application code. How can we encrypt the database password so we don't have to hardcode it into the application?
View 1 Replies View Relatedwhat sort of queries IT auditors run against the database? assist me wit these so that I can run them before hand in order to sort out any security vulnerabilities which we might potentially have prior to this being picked up by external auditors?
View 2 Replies View RelatedI am having one table Where,different country names are stored. while viewing data, I have to make sure that if country name having "USA" can only view its data. How can i do at DB level without passing where clause. Is Virtual Database in this case?
View 25 Replies View Relatedwhat is the difference b/w rman and oracle secure backup.
View 1 Replies View RelatedI want to secure files that I saved in xml db with TDE, but tablespace encryption(tde) is not supported on the sysaux tablespace.
Is there any way to move the tables where XML DB saves data to another tablespace where TDE is enabled?
We are trying to use the SFTp transport in OSB 11g. Did the setup as mentioned in the documentation.The SFTP server is hosted on linux machine and using the user password mechanism.
We are reading a file using the ftp adapter and routing to the business service that is based on sftp.The file is picked up properly by proxy but while sending the file through SFTP, we are facing the following error.At the source and destination ends, the directories have the full permissions as required.
BEA-381801
Caused By: com.bea.wli.sb.transports.TransportException: No such file
at com.bea.wli.sb.transports.sftp.connector.SFTPTransportProvider.sendMessage(SFTPTransportProvider.java:198)
at com.bea.wli.sb.transports.sftp.connector.SFTPTransportProvider.sendMessageAsync(SFTPTransportProvider.java:110)
at sun.reflect.GeneratedMethodAccessor1005.invoke(Unknown Source)
[code]...
resolve this error.
how to encrypt 9i database-link passwords? In 10g when we browse the link it show **** but in 9i it shows the actual password.
View 5 Replies View Relatedquery to find the current user accessing the database
View 5 Replies View RelatedHow can I export FGA / row level security policies from one database to another? I have created a new version of my schools ERP database, with upgraded application software, and now need to get the policies from our current production system to the new one.
View 5 Replies View RelatedI'm checking the possibility to use Active Directory to log on the our Oracle databases. But only for dba's and developers, not application users. We use Oracle 10.2.0.4 (and soon 11g) As OS on the databaseserver we use AIX5L 5.3
Is it possible to implement Active Directory on databases running on AIX ? If it is possible, what must be done to get it to work, software ... etc ?
While installing datavault on 11g database, getting error in between the process. Error is as below -
ORA-01031: insufficient privileges
ORA-06512: at "DVSYS.DBMS_MACADM" line 1740
ORA-06512: at line 1
how to rectify the problem.
I used the below link for configuring database vault on existing database.{URL]////
While conducting security audits of our databases, I noticed that the DBA role has three privileges I've never heard of, let alone used:
UNDER ANY TABLE
UNDER ANY TYPE
UNDER ANY VIEW
I can't find anything in the Oracle documentation or on Metalink about them.
Database 11.1.0.7
Applications 12.1.3
OS RHEL 5.5
how to configure log miner with oracle database 11g as we need to analyze redolog files.how to install,configure,use log miner.
I'd like to have my 11g database authenticate users against an OpenLDAP service. We'd still create accounts in the database, and do authorization within the database, but I'd just want to the user's passwords authenticated externally, against the OpenLDAP service. Is this possible? My searching through these forums and Google seems to indicate that you can do it if you run an Oracle Internet Directory (OID) service. I do not want to have to install and maintain an Oracle Internet Directory service. I'd like to do it without it.
I have a working PL/SQL function (below) that can authenticate a passed in username & password against our OpenLDAP directory. Is there any way for me to have Oracle call this function for the database user authentication? Or is there any other way for me to get the Oracle database to directly authenticate against OpenLDAP without having to run OID?
create or replace function ldap_authenticate(username varchar2, password varchar2)
return boolean is
begin
begin
if dbms_ldap.success = dbms_ldap.simple_bind_s(
[code]........
Is there a way where we can audit database session from a particular applications? For example : We need to audit Toad and SQL developer sessions .
View 1 Replies View RelatedMy database is hung while generating the AWR report. I observe the mmon is running for long time. is it okay if i kill, will that have any impact to database.
View 2 Replies View RelatedIs there a way to find out the user access the database?
View 1 Replies View Related understanding where to store the static SQL code (Database or Application).Consider a scenario, that I am executing a simple SQL from Java which is returning some value, and it will not be changed in future.
should I store this sql in java application code or in database in form of procedure/function and returning the result to Java. Is there any security/performance impact?
For a one week, oracle database (v 9.0.1.0.0) is hanging frequently.I could't showdown/restart the database. After restart the server (RedHat), the database is opened without any problem.after 9 or 10 hours once again hanging. too large spaces are availble in my HardDisk.
View 3 Replies View RelatedJust installed the new 2.0.8 version. Its been a while I am interested on using PM for our company.The problem I have is creating an Oracle DB connection. When I create a new Oracle DB connection, and test it, Steps 3 and 4 fail.What is strange is that I followed the following procedure in PM 1.9-825 and worked fine. I am wondering if something changed in the new PM 2.0.8 version (I noticed that php_oci8.dll was commented out in php.ini).
Oracle Version is 10GR2
PM installed on clean XP sp3
1. Got a new Windows XP SP3 PC
2. Installed PM 2.0.8
3. Edited php.ini and uncommented [PHP_OCI8] and extension=php_oci8.dll
4. Installed oracle instant client “instantclient-basic-win32-10.2.0.5” in c:oracle
5. Installed oracle instant client “instantclient-sqlplus-win32-10.2.0.4” in c:oracle
6. Added c:oracle in PATH environment variable
7. Created ORACLE_HOME = c:oracle environment variable
8. Added TNS_ADMIN = c: environment variable
9. Copied working tnsnames.ora file into c:
10. Rebooted.
-------------------------------------
1. Tried sqlplus connection to my oracle db and worked.
2. Launched PM
3. Created a new process
4. Created a new DB connection as follows:
a. Engine:Oracle
b. Server:192.168.xxx.xxx
c. Database name: my_name (where my_name appears in tns_names.ora)
d. Username:my_username
e. Password:my_password
[code]....