9i vs 10g Security Differences

Similar Messages

• What's the security difference between WPA and WPA2 Personal?

  In order to get my G4 iMac (OS 10.4.11) onto my new AEBS(b/g/n) wi-fi network, I had to drop the network security down from WPA2 Personal to WPA/WPA2 Personal.
  What are the potential security risks in this mode? I know that WEP is no longer secure, so I'm concerned about WPA also being vulnerable.
  If there's a good online explanation of these security differences (not necessarily Apple-only), you just give me that link.
  Thanks

  Hi,
  Summary:
  1.WPA2 is the improved version of WPA
  2.WPA only supports TKIP encryption while WPA2 supports AES
  3.Theoretically, WPA2 is not hackable while WPA is
  4.WPA2 requires more processing power than WPA
  http://www.differencebetween.net/technology/difference-between-wpa-and-wpa2/

• Jdeveloper 10g security using jazn

  Hello,
  in my adf 10g application I am using JDeveloper 10.1.3.2
  I need to secure my application, after using custom log-in module and html form page to authenticate the users using a database procedure the user should be redirected to the page he requested.
  It works fine, Except for one case that is : when I try to access any page ,I am forwarded to the log-in form ,wait for the current session(anonymous session) to timeout (set my application to timeout after 1 minute for testing purpose) ,after the timeout interval I submit my credentials then I should get redirected to the requested page. instead I am faced with page not found.
  Note:in the production environment the time out is set to 15 minute.
  this is my understandiong of the authentication process- correct me if I am mistaken:
  <ol>
  <li>request a certain page.</li>
  <li> if there is no JSessionID for authenticated session then:
  <ul>
  <li>create an anonymous session .</li>
  <li>store the requested page url in the session.</li>
  <li> forward the request to the log-in form.</li>
  <li> set a header for a cookie in the response that contain the anonymous session id.</li>
  <li>the user submit credentials through the page -the request will now have id of the anonymous session. </li>
  <li> authenticate the user through submitted values.</li>
  <li>if credentials are valid then forward to the requested page url which is saved in the anonymous session</li>
  </ul>
  </li>
  </ol>
  but since the session timed out a new anonymous session will be created but this one will not have the requested page url which causes the error.
  so, is there any way to specify a default page (my main page) that all users will be redirected to upon successful log-in regardless of the requested page?

  Hi,
  you can use a servlet filter to detect if a session has expired. Upon first access, check if the session is authenticated, if it is not then you do whatever needs to be done. If the session is authenticated and the request doesn't contain a custom session key (indicating that a previously created session is used) you perform a redirect to your home page. Make sure hat once the redirect to your home page happens you set the custom session flag so that successive requests are not redirected
  Frank

• Flex on Oracle Application Server 10g - security problems

  Hi,
  I'm working with Flex components (swf files), I'm trying to view them in a browser and i'm facing some security problems.
  The server i'm trying to run the files on is: Oracle application server 10g on Unix server.
  Please help me with the server's configuration to allow running swf files on it.
  In the relation of Flex, there is a file that must be on the server's root named: "crossdomain.xml". This file defines which IPs can the swf object can take/get data from. Maybe there are configurations to that file that needs to be done on the server?
  Thank you,
  Inbal

  No. Not only it isn't certified, but it is also impossible to run forms compiled with the 11g compiler with the 10g runtime. For 11g there is a install bundle for the developer suite / application server.
  cheers

• OBIEE 10g security.

  Hi,
  We have OBIEE 10g version and trying to implemented data security using rpd user groups and filters. Now the requirement is to implement writeback functionality; where user should see example, 5 rows but can update only 2 rows based on some condition. Any ideas if it can be achieved and how?
  Regards,
  Ven

  Hi,
  Try to refer below my blog and for the dataset - update/insert implement data level security by group wise then it will work
  http://obieeelegant.blogspot.sg/2010/12/write-back-steps-1-go-to-repository.html
  Thanks
  Deva

• Developer 10g - Security Setting do not allow Websites to user Active X

  Hi
  I am Salman
  I Install Developer 10g (10.1.2.0.2) on Windows Vista 32 Bit
  I make a Test Form and Run through IE 7, following error generate:
  "Your Security Setting do not allow websites to user Active X controls installed on your computer. This page may not display correctly"
  What will be the solution ?
  Can any one guide me in this regard
  My ID is [email protected]
  Salman

  change the following browser setting:
  Tool > Internet Options > Advanced > Security: Allow active content to run files on my computer.
  Checking this box may resolve your issue but be weary that fi you use your pc for internet then it will also allow external Active X content to run on your pc too.

• Message level security: difference digital signature and certificate

  Hi everybody,
  could anybody please explain the difference between <b>digital signature</b> and <b>certificate</b>?
  Thans
  Regards Mario

  Mario,
  A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.
  A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.
  where as
  A digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital certificates conform to a standard, X.509. Digital certificates can be kept in registries so that authenticating users can look up other users' public keys.
  hope it helps u.
  --Archana

• JDev 10g - Security - web.xml - URL pattern matching

  Hello,
  I use JDeveloper 10.1.3.4. It's 4 hours I try to figure out what is going on:
  I set security constraint in web.xml:
  &lt;security-constraint&gt;
  &lt;web-resource-collection&gt;
  &lt;web-resource-name&gt;books&lt;/web-resource-name&gt;
  &lt;url-pattern&gt;faces/app/books/*&lt;/url-pattern&gt;
  &lt;url-pattern&gt;faces/*/app/books/*&lt;/url-pattern&gt;
  &lt;/web-resource-collection&gt;
  &lt;auth-constraint&gt;
  &lt;role-name&gt;books&lt;/role-name&gt;
  &lt;/auth-constraint&gt;
  &lt;/security-constraint&gt;
  User is logged in with role "books" for sure.
  http://192.168.0.109:8988/lib/faces/app/books/page.jspx can be seen
  but dialogs can't be seen, url is : http://192.168.0.109:8988/lib/faces/__ADFv__?_afPfm=1.5&_t=fred&_vir=/app/books/Search.jspx&loc=en&_rtrnId=2it redirects to login page.
  Another thing, when I set only one url pattern : faces/app/books/*.jspx
  I can't even see faces/app/books/page.jspx page!
  It's very curious, have to be something else somewhere to set, because in SRDemo app this 2 cases don't cause problems.
  Bart
  snowface.net - snowboard equipement reviews

  Hi,
  dialogs are not opened by a GET request, which is what container managed authorization looks at. It basically bypasses this kind of security, which means that developers should check manually on teh command component that launches teh dialog if the authenticated user is allowed to do this. Also note that the default JSfnavigation is by postback which means you have to set all navigation to use the redirect flag to make it work with container managed security
  Frank

• DB2 UDB - Oracle 10g Size Difference

  Hi -
  We are looking to migrate a production database from DB2 UDB to Oracle 10g. Can anyone provide any insight as to what kind of size changes we can expect?
  Thanks!

  I don't know even the a b c of DB2 but still I can say that it must be saving some sort of metadata as oracle. In oracle 10g the extra tablespaces which you must have to create are SYSTEM and SYSAUX which actually store the metadata and AWR information. How big your current database is on DB2, check it with and without metadata.
  Daljit Singh

• 10g security patch

  on oracle site, i searched for Security patches for version 10.2.0.2
  The search did not return anything
  search criteria:
  product: RDBMS server
  Release: Oracle 10.2.0.2
  Platform: Opracle Solaris on SPARC 64bit
  Type: Patch, PatchSet
  Classification: Security
  If i do the same search for _10.2.0.4_, it returns _1 CPU_ patch. Does this mean if I have 10.2.0.2 i do not need to apply any security patches?

  See answer for your 2nd question
  http://swervedba.wordpress.com/2011/05/30/oracle-patch-sets-psu-and-cpu/
  PSU is generally the recommended way to go as long as you are making a educated decision and it suits the needs of your business.
  thanks

• OWB 10G Security and User MGMT

  Hi, will 10G OWB have a proper interface for administering the userbase?
  Can we finally get away from the umm beta feel, of running sql scripts from the command line please?
  Regards,
  Richard.

  Awww. OK still a wee bit of waiting then. Hmm when will we see the ability to make a mapping for a table based function? Currently unbound, and you need to do all the work externally.
  Cheers,
  Richard.

• Financial Application Database Security in iOS 3 and iOS 4

  I have been looking from a long time for the Security Difference between iOS 3 and iOS 4. I have gone through with various official document but could not find the worth answer.
  Why did apple enhanced the security level in iOS 4 by using "NSFileProtectionComplete"?
  Was the data not secure earlier in iOS 3??
  What if the user has not upgraded to iOS 4,will the financial info of the user be not secure in iOS 3??
  If it is secure then please justify.

  It's the same thing for new devices that are only initialized ad synced in my iTunes.
  Thanks for your response! Meanwhile, hope this could attract attention from some Apple "insiders/experts" who know exactly what's going on. Also, I'll post the answer here if Apple support or some friend of mine figures out what's really going on, though I count more on the members in this forum for the answer to this question.

• Oracle 10g Database course

  Hi Guys, i am currently doing my oracle database 10g, SQL fundamental 1, from NIIT, i have been suggested i do the PL/SQL Course and then appear for the ocp and oca exam and once i pass the exam then i should enroll my self for 10g workshop one and workshop two, and again appear for the oca and ocp exam, my question to u all is what are the oppurtunies of doing the oracle database 10g course?as i dont have any experiance earlier, will i get an job after completing my course? i have done my php and my sql course,it was an certification course no exam was held i have also done java again havnt given any exam. need suggestion's

  Guys, this is what i am being taught at NIIT for oracle 10g
  1.     Oracle 10g: Introduction to SQL Ed 3
  This course is divided in 2 parts:
  1.     Oracle Database 10g: SQL Fundamentals (Part I)
  2.     Oracle Database 10g: SQL Fundamentals (Part II)
  •     Run data manipulation statements (DML) to update data in the Oracle Database 10g
  •     Create tables to store and utilize views to display and retrieve data
  •     Identify the major structural components of Oracle Database 10g
  •     Create reports of sorted, restricted and aggregated data
  •     Employ SQL functions to generate and retrieve customized data
  •     Retrieve row and column data from tables with the SELECT statement
  •     Manage Schema Objects
  •     Manipulate large Datasets
  •     Generate Reports by Grouping Related Data
  •     Retrieve data using Sub-queries
  2.     Oracle Database 10g: PL/SQL Fundamentals
  •     Use PL/SQL programming constructs and conditional control statements
  •     Write PL/SQL code to interface with the database
  •     Design PL/SQL program units that execute efficiently
  •     Handle run-time errors
  3.     Oracle Database 10g: Administration Workshop I
  •     Install Oracle Database 10g and configure a database
  •     Manage the Oracle instance
  •     Manage the Database storage structures
  •     Create and administer user accounts
  •     Perform backup and recovery of a database
  •     Monitor, troubleshoot, and maintain a database
  •     Configure Oracle Net services
  •     Move data between databases and files
  4.     Oracle Database 10g: Administration Workshop II
  •     Use RMAN to create and manage backup sets and image copies
  •     Recover the database to a previous point in time
  •     Use Oracle Secure Backup to backup and recover a database
  •     Use Oracle's Flashback technology to recover your database
  •     Detect block corruptions and take appropriate measures to correct them
  •     Use the various Database advisors and views to monitor and improve database performance
  •     Control database resource usage with the Resource Manager
  •     Simplify management tasks by using the Scheduler
  •     Review database log files for diagnostic purposes
  •     Customize language-dependent behavior for the database and individual sessions
  •     Administer a VLDB
  •     Implement a secure database
  •     Transport data across platforms
  5.     Oracle Database 10g: Backup and Recovery
  •     Plan effective backup and recovery procedures
  •     Use Recovery Manager to create backups and perform recovery operations
  •     Use Oracle Flashback technologies to recover from human error
  •     Install Oracle Secure Backup
  •     Perform an Oracle-suggested backup to tape
  •     Use Oracle Secure Backup to perform a file system backup
  •     Use Oracle Secure Backup to perform a file system restoration
  •     Perform an encrypted database backup and restore
  •     Manage the Oracle Secure Backup environment
  •     Monitor and tune Recovery Manager
  •     Perform tablespace point-in-time recovery
  •     Create a duplicate database
  •     Create and manage a recovery catalog database
  6.     Oracle Database 10g: Performance Tuning
  •     Use the Oracle Database tuning methodology appropriate to the available tool
  •     Utilize database advisors to proactively tune an Oracle database
  •     Use the tools based on the Automatic Workload Repository to tune the database
  •     Use Statspack reports to tune the database
  •     Diagnose and tune common database performance problems
  •     Use Enterprise Manager performance-related pages to monitor an Oracle database
  7.     Oracle Database 10g: Security Release 2
  •     Use basic database security features
  •     Choose a user authentication model
  •     Secure the database and its listener
  •     Use the Enterprise Security Manager tool
  •     Manage users using proxy authentication
  •     Implement Enterprise User Security
  •     Describe the benefits and requirements associated with the Advanced Security Option
  •     Manage secure application roles
  •     Implement fine-grain access control
  •     Manage the Virtual Private Database (VPD)
  •     Implement fine-grain auditing
  •     Use Transparent Data Encryption
  •     Use file encryption
  •     Encrypting and Decrypt table columns
  •     Setup a simple Label Security policy
  8.     Oracle Database 10g: SQL Tuning Workshop
  •     Describe the basic steps in processing SQL statements
  •     Describe the causes of performance problems
  •     Understand where SQL tuning fits in an overall tuning methodology
  •     Describe Automatic SQL Tuning
  •     Use the diagnostic tools to gather information about SQL statement processing
  •     Understand Optimizer behavior
  •     Influence the optimizer behavior
  •     Influence the physical data model so as to avoid performance problems
  Is this enought to qualify for a job as a DBA in a good company?also after this can i qualify for ocp and oca exam?

• Reg: Authorisation difference between BW3.5 & BI 7

  Hi All,
  Please update the security differences between BW3.5 & BI 7.
  Regards,
  Venu

  Dear Venugopal
  Iu2019m going to try help you regarding your question,
  The authorization perspective of 3.X is focused in the authorization object, thatu2019s means that each user needs a group of authorization object to use the BW system, they are grouped in roles. Each authorization object have a specific function, it is to control object access and data access. The control access is defined for each component of BW as InfoObject, InfoProvider, InfoCube, DSO, OHD, Query, BEx Analyzer, BEx application designer, Enterprise Portal, ect. The other is data control access is defined for a set of characteristics relevant of authorization, created in the tcode RSSM where you set up an authorization object.
  The main difference of version 3.X between 7.X is the set up data access. The tcode RSSM was obsoleted and they have released the new tcode RSECADMIN where you can handling whole authorization system, in these tcode you can access to analysis authorization maintence (new concept), instead of reporting authorization object.
  In summary, the strong chancing in the BI 7.0 has been in the data access authorization, with the new concept analysis authorization.
  Other hand, regarding object access there are a some new functionality as portal, open hub destination that are incorporated new authorization object.
  I hope these comments help you about your question,
  Luis

• Oracle10G database security

  Hi,
  How to get a clear concept of legal securities specified in 10G workshop -I and how to implement test it.

  Hi,
  If you read that chapter( I dont remember the number) , the concepts are basically the generic guidelines that are supposed to be followed by any company like the security of their medical records, security that they should not take any sensitive info document out of the company etc.These are not the concepts that Oracle has developed.Oracle is merely following that. The chapters talks about these concepts to make the foundation clear that why exactly we need security in the database.If you ask me,you don't need to go into the gory details of those concepts.Whatyou really should focus upon is the next part that talks about Auditing and its variations.About those concepts,just do google for them and there will be alot of of details you will find.
  If you want to know more about security than I suggest you take up Oracle 10g SEcurity course.It only talks about the security and its much more details.
  HTH
  Aman....