Index
A B C D E F
G H I J K L M N O P R S T U V W
X
A
- access
- unauthorized, 1-13
- access control
- described, 1-5
- directory, 5-5
- least privilege,
9-5
- Oracle Connection Manager, 9-52
<
/dl>
- access control lists (ACLs), 6-2
- administration
- delegation of, 5-7, 9-46
- enterprise user, 9-49
- application context
- accessed globally, 9-13
- accessed locally, 9-13
- initialized externally, 9-13
- initialized globally, 9-13
- overview, 9-12
- secure, 9-18
- virtual private database (VP
D), 9-12
- application security
-
directory-based, 5-6
- policies, 9-16
- requirements, 1-14
- secure application role, 9-21
- auditing
- customizable, 7-2, 9-6
- fine-grained, 7-3<
/a>, 9-21
- in multitier systems, 7-3
- introduction, 7-1
- multitier applications, 9-22
- security requirements, 7-1
- authentication, 9-25
- application user proxy authenticati
on, 9-14
- biometric, 9-35
- CyberSafe, 4-3, 9-34
- DCE, 4-6, 9-36
- described, 1-5, 4-1, 9-5
- directory, 5-4
- Entrust/PKI, 8-6, 9-3
4
- Kerberos, 4-3
- methods, 8-5, 9-4, 9-31
- multitier, 6-4
- password-authenticated users, 6-3
- password-based, 4-2
- PKI certificate-based, 4-7, 8-4
- PKI methods, 8-5, 9-32
- proxy, 3-6, 4-7
, 9-10
- RADIUS protocol, 4-4, 9-34
- SecurID, 9-35
- smart cards,
4-5, 9-35
- SSL, 8-6, 9-33
- strong, 4-2, 9-31
- token cards, 4-4,
9-35
- authorization
- biometrics, 4-6
- described, 1-5
- directory, 5-5, 5-6
- multitier, 6-4
- proxy, 4-7
- availability
Real Application Clusters, 9-9
- security factors, 1-6, 2-12, 9-7
B
- backup and recovery, 9-8
- Baltimore Technologies, 9-33
- biometric authorization, 4-6, 9-35
C
- certificate authorities, 9-33
- introduction, 8-4
- certificates
<
dl class="L2IX">
- contents, 8-5
- introduction, 8-4
- support for multiple, 9-42
- trusted, 8-5, 9-40
- X.509 Version 3, 8-6
checksums, 9-27, 9-47
- algorithms, 3-4
- SSL, 9-28
confidentiality, 1-4
connection
- management, 9-51
- multitier, <
a href="protnet.htm#1006156">3-2
connection pooling, 4-8, 9-14
credentials
- secure storage, 8-7
CyberSafe ActiveTrust, 4-3
CyberSafe authentication, 4-3, 9-34
D
- data
- deep data protection, 9-15
- encryption of stored, 2-10
- Data Encryption Standard (DES
), 2-11, 3-4, 9-6, 9-27
- database links
- current user, 9-39
- DBMS_OBFUSCATION_TOOLKIT, 9-6
- directory security
- administrative roles, 5-10
<
dd class="L2IX">application security, 5-6, 9-39
- domains and roles, 5-8
discretionary access control (DAC)
- least privilege, 9-5
Distribute
d Computing Environment (DCE)
- authentication, 4-6, 9-36
E
- encryption
- algorith
ms, 2-10, 3-4
- for network transmission, 3-3, 9-26
- stored data, 2-10, 9-6
- enterprise roles, 2-5, 9-49
- enterprise user security
- features, 9-37
- global roles, 2-5
- graphical user interfaces, 9-38
- introduction, 6-1
- privilege administration, 6-2
enterprise users
- password authenticated, 6-3, <
a href="galsyste.htm#1007907">9-37
- Entrust certificates, 9-40<
/dd>
- Entrust Profile, 9-33
- Entrust/PKI authentication, 8-6, 9-33
F
- failover, 9-9
- Federal Information Processing Standard 140-1 (FIPS),
9-24
- fine-grained access control
- facilitating VPD, 9-19
- per-user, 9-20
- fine-grai
ned auditing, 7-3, 9-21
- firewalls, 3-5, 9-52, 9-53
G
- GTE CyberTrust certificates, 9-40, 9-41
H
- hashing, password, 5-4
I
-
integrity
- checking, 3-4
- database mechanis
ms, 2-11, 9-3
- described, 1-6
- directory, 9-47
- entity integrit
y enforcement, 9-4
- Oracle Advanced Security features, 9-27
- referential, 2-11, 9-4<
/dd>
- Internet
- access control, 9-54<
/dd>
- data access increased, 1-8
- hosted system security, 1-10, 9-16
- increased data availability, 1-9
- large user communities, 1-10
- scalability of security, 1-10, 9-15
- security challenges, 1-7
- security features, 9-15
- security requirements, 1-7
J
- Java
- class execution, 9-23
-
security implementation, 9-23
- Java Database Connectivity (JDBC)
<
dl class="L2IX">
- application user proxy authentication, 9-12
- encryption, 9-30
- JDBC-OCI driver, 3-7, <
a href="galsyste.htm#1019445">9-10, 9-29
- network security, 3-7
- supported drivers, 9-29
- Thin
driver, 3-7, 9-29
Java Secure So
cket Extension (JSSE), 9-31
Java virtual machine (JVM), 9-23
java.lang.SecurityManager, 9-23
K
Kerberos authentication, 4-3, 9-34
- Kerberos Single Sign-On, 4-3
L
- label based access co
ntrol
- introduction, 2-9
- Oracle Label Sec
urity, 9-44
- LDAP
- application s
ecurity, 5-6
- compliance, 9-47
- delegation of administration, 5-7
- directory access controls, 5-5
- introduction, 5-2
- O
racle Internet Directory, 9-41
- security features, 5-2
- server instance architecture, 9-48
- single
sign-on, 9-36
- lightweight sessions, 4-8
- Login Server, 4-10
M
- MD4 hash
ing scheme, 5-5, 9-47
- MD5 Checksum, 3-4, 5-5, 9-7, 9-27, 9-28, 9-47
- Microsof
t Active Directory, 9-39
- multitier systems
- auditing, 7-3, 9-22
- authentication, 6-4
- proxy authentication, 4-7, 9-11
- security, 3-6
- single sign-o
n, 4-10
N
- network security
- database enforced, 3-3
- encryption,
3-3
- firewalls, 3-5
- Java Database Connectivity (JDBC
), 3-7
- managing privileges, 2-7
- multitier connection management, 3-2
- Oracle Advanced Security fea
tures, 9-26
- PKI, 8-8
- Sec
ure Sockets Layer, 3-5
- valid node checking, 3-2
- VPD database enforced access, 9-55
O
- Oracle Advanced Security, 9-23, 9-25
- authentication, 9-31
- PKI implementation, 9-39
- Oracle Application Server
- SSL encrypt
ion, 9-28
- Oracle Call Interface (OCI)
- JDBC driver, 9-10
- JDBC-OCI driver, 3-7
- PKI, 9-40
- Oracle Connection Manager, 3-2
- firewall support, 9-53
- firewalls, 9-52
- security features, 9-51
- Oracle Enterprise Login Assistant, 9-33, 9-41
- Oracle Enterprise Security Manager, 9-39, <
a href="galsyste.htm#1008059">9-41, 9-42
- Oracle Internet Directory, 9-41
- architecture, 9-48
components, 9-47
- enterprise user administration, 9-49
- security benefits, 9-47
- se
curity features, 9-45
Oracle Java SSL, 9-31
Oracle Label Security, 9-21, 9-4
4
Oracle Net Firewall Proxy, 9-53
Oracle Net Servi
ces, 9-26
- protocol support, 9-5
1
- security features, 9-50
Oracle Passwor
d Protocol, 9-31
Oracle Policy Manager, 9-20<
/a>
Oracle Wallet Manager, 8-7, 9-31, 9-33, 9-41, 9-42
Oracle wallets, 9-40
P
- partitioning, 9-19
- virtual private database (VPD), 9-19
- passwords
- authentication, 4-2
<
dd class="L2IX">authentication of enterprise users, 6-3, 9-37
- protection in directory, 5-4, 9-47
security risks, 1-13
PKCS #12 containers, 9-42
PKCS#10 certificates, 9-41
policy function, 9-55
privacy of communications, 1-5
privileges
- enterprise administration, 6-2
- least, 9-5
- managing, 2-3
- network facilities, 2-7
- roles
to manage, 2-4
- schema object, 2-2, 2-3
- stored procedures to manage, 2-6
- system, 2-2
- views to manage, 2-7<
/a>
profiles
- user, 9-7
protocol conversion, 9-51
proxy authentication, 3-6, 4-7, 9-10
- application user, 9-11, 9-14
- directory, 9-11
- expanded credential, 9
-11
- Kerberos and CyberSafe, 9-34
proxy a
uthorization, 4-7
Public Key Certificate Standard #12 (PKCS#12), 8-7
Public Key Certificate Standards (PKCS), 9-33
public key infrastructure (PKI)
- advantages, 8-3
- authentication, 4-7, 9-32
- authentication methods, 8-5
- certificate-based authentication, 8-4
- components, 8-2, 9-40
<
dd class="L2IX">cryptography, 8-3
- interoperability, 9-42
- introduction, 8-1
- network security, 8-8
- Oracle Advanced Security, 9-39
- O
racle implementation, 9-43
- security features, 8-1<
/a>
- single sign-on, 8-7
- supported vendors, 9-33
R
- RADIUS protocol
- authenti
cation, 4-4, 9-34
- smart cards, 9-35
- supported vendors, 9-34
- RADIUS-compliant smart cards, 4-5
- RADIUS-compliant token cards, 4-4
- RC4 encryption algorithm, 2-11, 3-4, 9-27
- Real Application Clusters
- availability, 9-9
- referential integrity, 9-4
- replication, advanced, 9-8
- resource limitation, 9-7
- roles
- database, 2-4
- directory administration, 5-10
- enterprise, 2-5, 6-4
- global, 2-5
- managing privileges, 2-4
- secure application, 2-6
- secure application role, 9-21
- types of, 9-5
- row level security
- introduction, 2-8
RSA certificates, 9-40, 9-41
- RSA Data Security RC4, 3-4, 9-27
- RSA Se
curID tokens, 9-35
S
- scalability
- security, 1-14, 9-14
- sc
hema objects
- privileges on, 2-3
- secure application roles, 2-6, 9-21, 9-55
- Secure Hash Algorithm (SHA), 3-5, 5-5, 9-27, 9-28, 9-47
- Secure Sockets Layer (SSL), 9-40
- authe
ntication, 8-6, 9-33
- checksums, 9-28
- encryption, 9-28
- network sec
urity, 3-5
- Oracle Internet Directory, 9-46
- single sign-on, 9-41
- SecurID token cards, <
a href="galsyste.htm#1007754">9-35
- security
- administration team, 1-17
- application, 9-16
- ap
plication context, 9-12
- application user proxy authentication, 9-14
- auditing, 7-1
- availability,
1-6, 2-12
- credentials, storage, 8-7
- database, 2-2
- database integ
rity mechanisms, 2-11
- deep data protection, 9
-15
- directory authentication, 5-4
- directory-based,
5-6, 9-39
- enterprise user, 6-1
- firewalls, 3-5
- good practices
, 2-13
- hosted systems, 1-10
- integrity, 1-6
- Internet, 1-7, 1-10, 9-15
- Java Beans, 9-25
- Java implementation, 9-23
- label ba
sed access control, 2-9
- LDAP features, 5-2
- multitier systems, 1-14, 3-6
- myths, 1-2
- network, 9-26
- Oracle Advanced Security, 9-23
- Oracle Enterprise Edition, <
a href="galsyste.htm#1006870">9-14
- Oracle Internet Directory, 9-45
- Oracle Label Security, 9-44
- Oracle Net Services, 9-50
- Oracle Standard Edition, 9-1
- password protection, 1-13, 5-4
- perso
nnel dimension, 1-3
- physical dimension, 1-3
- PKI, 8-1
- privileges, 2-2<
/a>
- procedural dimension, 1-4
- requirements, 1-14
- row level, 2-8
- scalabili
ty, 1-14, 9-14
- scope of issues, 1-2
- secure application role, 9-21
- security directory integrity, 5-1
- shared schemas, 6-2
- single sign-on, 4-9, 6-4
- strong authentication, 4-2
- technical dimension, 1-4
- threats and countermeasures, 1-11, 1-15
- virtual private database (VPD), 2-9
<
/dl>
- SecurityManager class, 9-23
- sessions
- lightweight, 4-8
- multiplexing, 9-52
- shared schemas
- Oracle Internet Directory, 9-50
- security features, 6-2, 9-38
- single sign-on
- Entrust-based, 9-33, 9-36
- implementations, 4-9, 9-36
- introduction, 6-4
multitier, 4-10
Oracle Enterprise Login Assistant, 9-41
PKI, 8-7, 9-36<
/a>
server-based, 4-9
Single Sockets Layer (
SSL)
- current user database links, 9-39
smart cards, 4-5, 9-35
storage
- secure credentials, 8-7
- secure data, 1-5
stored data encryption, 1-5
stored program units
- managing privileges, 2-6, <
a href="galsyste.htm#1006654">9-6
T
- tables
- pri
vileges on, 2-3
- TCP.EXCLUDED_NODES networking parameter, 9-54
- TCP.INVITED_NODES networking parameter, 9-54<
/dd>
- TCP.VALIDNODE_CHECKING networking parameter, 9-54
- toke
n cards, 9-35
- benefits, 4-4
- Triple DES (3DES), 2-11, 3-4, <
a href="galsyste.htm#1006677">9-6, 9-27, 9-43
U
- UNIX hashing scheme, 5-5
- user models, 9-20
- users
- authentication of, 9-5
V
- valid node checking, 3-2, 9-54
- VeriSign, 9-33, 9-40, 9-41
- views
- complex and dyn
amic, 2-9
- managing privileges, 2-7, 9-6
- virtual private database (VPD), 9-19
- application context, 9-12
- database
enforced network access, 9-55
- how it works, 9
-18
- introduction, 2-9
- network security, 3-3
- Oracle Label Security, 9-21, 9-44
- Oracle Policy Manager, 9-20
- overv
iew, 9-17
- user models, 9-20
W
- wallets, 9-40
- encryption,
9-43
X
- X.509 Version 3 certificates, 8-6, 9-10, 9-11, 9-33, 9-40, 9-41, 9-42<
/dd>
<
br>
Copyright © 2000, 2003 Oracle Corporation
