Database Reference
In-Depth Information
Working from an Existing Oracle Database
If you are working from an existing database installation, you may have some issues to address. If you
have a default Oracle Database 11.2 installation, then you need only consider the steps you have taken
since installation to see if you have undone any built-in/default security. At minimum, you need to
assure password complexity and secrecy. However, if you have a database that has been around for a
while and has been upgraded from previous releases of Oracle, then you may have to spend some time
and effort correcting the security issues.
I recommend you adopt a resource that Arup Nanda of the Oracle Technology Network has
produced, called Project Lockdown. Project Lockdown is a series of checklists, tasks, and projects that
will effectively enable and enforce Oracle database security. You can find this resource on the Oracle
Technology Network web site at
www.oracle.com/technetwork/articles/project-lockdown-133916.pdf.
Project Lockdown may take as much as several months to accomplish, depending on how lax your
current security stance is. However, the first couple phases, which are the most critical, may be
accomplished in a week.
Oracle Users and Schemas
Once Oracle Database 11g is up and running, you will want to consider users and user security, even
before you think about the data, because users create data. Even application databases that don't belong
to any particular person are associated with a user in an Oracle database. Each user on a local database
has an associated schema, which is basically an organized storage allocation for Oracle structures (or
objects) such as tables and indexes that belong to the user. See Table 2-1 for a list of users we will
discuss.
Table 2-1.
Oracle Users We Will Use or Create
Username
Description
SYS
Default Oracle system administrator.
HR
Human resources user/schema; installs with sample Oracle
structures.
secadm
Our security administrator; we will create this account and give it
privileges to implement all the security measures we need.
appsec
Our application security user; we will create this user and load code
and other structures into her schema that we can use for app security.
appusr
Our first application user account; this account will only have the
privileges needed to use the client application.
osuser
This is a pseudonym for any operating system username on your
system; e.g., the username you use to log into Windows.
appver
User for application verification, covered in Chapter 10.
