How do I use Oracle Database Security in my HTML DB App?

Similar Messages

• How can i start oracle databases? i am using Oracle 8.1.6 for linux.

  when i run dbstart,it gives me following message:
  Database "ora4cweb" warm started.
  but when i use sqlplus,it says:
  ORA-01034: ORACLE not available
  i made a mistake ,i shutdown my linux before i shutdown oracle databases,how can i start oracle databases now?thanks in advance.

  try it without the scripts...
  login to linux as oracle
  start server manager
  svrmgrl
  connect internal
  startup
  select sysdate from dual;if that works
  exitcheck listener
  lsnrctl
  statif nothing running type
  start
  exitnull

• How can I use oracle function to decode the encode value

  Hi everybody,
  If the data is encode value how can I decode this value

  DBMS_OBFUSCATION_TOOLKIT
  DBMS_OBFUSCATION_TOOLKIT allows an application to encrypt data using either the Data Encryption Standard (DES) or the Triple DES algorithms.
  The Data Encryption Standard (DES), also known as the Data Encryption Algorithm (DEA) by the American National Standards Institute (ANSI) and DEA-1 by the International Standards Organization (ISO), has been a worldwide encryption standard for over 20 years. The banking industry has also adopted DES-based standards for transactions between private financial institutions, and between financial institutions and private individuals. DES will eventually be replaced by a new Advanced Encryption Standard (AES).
  DES is a symmetric key cipher; that is, the same key is used to encrypt data as well as decrypt data. DES encrypts data in 64-bit blocks using a 56-bit key. The DES algorithm ignores 8 bits of the 64-bit key that is supplied; however, developers must supply a 64-bit key to the algorithm.
  Triple DES (3DES) is a far stronger cipher than DES; the resulting ciphertext (encrypted data) is much harder to break using an exhaustive search: 2**112 or 2**168 attempts instead of 2**56 attempts. Triple DES is also not as vulnerable to certain types of cryptanalysis as is DES. DES procedures are as follows:
  DESEncrypt Procedure
  DESDecrypt Procedure
  Oracle installs this package in the SYS schema. You can then grant package access to existing users and roles as needed. The package also grants access to the PUBLIC role so no explicit grant needs to be done.
  This chapter discusses the following topics:
  Overview of Key Management
  Summary of DBMS_OBFUSCATION Subprograms
  Overview of Key Management
  Key management, including both generation and secure storage of cryptographic keys, is one of the most important aspects of encryption. If keys are poorly chosen or stored improperly, then it is far easier for a malefactor to break the encryption. Rather than using an exhaustive key search attack (that is, cycling through all the possible keys in hopes of finding the correct decryption key), cryptanalysts typically seek weaknesses in the choice of keys, or the way in which keys are stored.
  Key generation is an important aspect of encryption. Typically, keys are generated automatically through a random-number generator. Provided that the random number generation is cryptographically secure, this can be an acceptable form of key generation. However, if random numbers are not cryptographically secure, but have elements of predictability, the security of the encryption may be easily compromised.
  The DBMS_OBFUSCATION_TOOLKIT package does not generate encryption keys nor does it maintain them. Care must be taken by the application developer to ensure the secure generation and storage of encryption keys used with this package. Furthermore, the encryption and decryption done by the DBMS_OBFUSCATION_TOOLKIT takes place on the server, not the client. If the key is passed over the connection between the client and the server, the connection must be protected using Oracle Advanced Security; otherwise the key is vulnerable to capture over the wire.
  Key storage is one of the most important, yet difficult aspects of encryption and one of the hardest to manage properly. To recover data encrypted with a symmetric key, the key must be accessible to the application or user seeking to decrypt data. The key needs to be easy enough to retrieve that users can access encrypted data when they need to without significant performance degradation. The key also needs to be secure enough that it is not easily recoverable by an unauthorized user trying to access encrypted data he is not supposed to see.
  The three options available to a developer are:
  Store the key in the database
  Store the key in the operating system
  Have the user manage the key
  Storing the Key in the Database
  Storing the keys in the database cannot always provide bullet-proof security if you are trying to protect data against the DBA accessing encrypted data (since an all-privileged DBA can access tables containing encryption keys), but it can provide security against the casual snooper, or against someone compromising the database files on the operating system. Furthermore, the security you can obtain by storing keys in the database does not have to be bullet-proof in order to be extremely useful.
  For example, suppose you want to encrypt an employee's social security number, one of the columns in table EMP. You could encrypt each employee's SSN using a key which is stored in a separate column in EMP. However, anyone with SELECT access on the EMP table could retrieve the encryption key and decrypt the matching social security number. Alternatively, you could store the encryption keys in another table, and use a package to retrieve the correct key for the encrypted data item, based on a primary key-foreign key relationship between the tables.
  A developer could envelope both the DBMS_OBFUSCATION_TOOLKIT package and the procedure to retrieve the encryption keys supplied to the package. Furthermore, the encryption key itself could be transformed in some way (for example, XORed with the foreign key to the EMP table) so that the key itself is not stored in easily recoverable form.
  Oracle recommends using the wrap utility of PL/SQL to obfuscate the code within a PL/SQL package itself that does the encryption. That prevents people from breaking the encryption by looking at the PL/SQL code that handles keys, calls encrypting routines, and so on. In other words, use the wrap utility to obfuscate the PL/SQL packages themselves. This scheme is secure enough to prevent users with SELECT access to EMP from reading unencrypted sensitive data, and a DBA from easily retrieving encryption keys and using them to decrypt data in the EMP table. It can be made more secure by changing encryption keys regularly, or having a better key storage algorithm (so the keys themselves are encrypted, for example).
  Storing the Key in the Operating System
  Storing keys in the operating system (that is, in a flat file) is another option. With Oracle8i you can make callouts from PL/SQL, which you could use to retrieve encryption keys. If you store keys in the O/S and make callouts to retrieve the keys, the security of your encrypted data is only as secure as the protection of the key file on the O/S. Of course, a user retrieving keys from the operating system would have to be able to either access the Oracle database files (to decrypt encrypted data), or be able to gain access to the table in which the encrypted data is stored as a legitimate user.
  User-Supplied Keys
  If you ask a user to supply the key, it is crucial that you use network encryption, such as that provided by Oracle Advanced Security, so the key is not passed from client to server in the clear. The user must remember the key, or your data is nonrecoverable.
  http://download-west.oracle.com/docs/cd/B10501_01/appdev.920/a96612/d_obtool.htm#ARPLS028
  Joel P�rez

• How can I use two database in Dataset in SSRS?

  Hi,
  I am using one query to generate my SSRS report. In that query I am using subquery. Now I am pulling data from multiple tales.
  DB used in sub query is different than the rest of the tables DB.(So total I am using 2 DB(Database))
  So I see that in SSRS, I can connect query(In DataSet Properties) to one DATA_SOURCE only, how can I use other database which is I used in sub-query?
  I have to move this SSRS into PROD and I can't hard code that sub-query's DB name in my query.
  Please give me suggestion. Thanks!!
  Vicky

  In SSRS 2008 R2 you can use the Lookup function (http://technet.microsoft.com/en-us/library/ee210531.aspx ) and LookupSet function (http://technet.microsoft.com/en-us/library/ee240819.aspx
  Depending on your security set up, you can reference a table in a second database on the same server using a three part name:  database.schema.table.  This is more likely to work for you if you wrap your SQL command in a stored procedure.
  Russel Loski, MCT, MCSE Data Platform/Business Intelligence. Twitter: @sqlmovers; blog: www.sqlmovers.com

• How to connect to  Oracle database from webdynprojava application

  Hi
  How to connect to  Oracle database from webdynprojava application. where can we provide the code to connect to database.?
  Thank You.

  Hi,
  You need to create  Java Bean model. The bean is a typical java bean with default constructor, getter and setter. You can have additional methods for query etc. The attributes in the class will be your model node and attributes.
  However you need to configure the connection and create JNDI using visual administrator before writing the code.
  You can also consider writing Session EJB with oracle and using them in WD.
  http://help.sap.com/saphelp_nwce10/helpdata/en/45/dcaa4f05535591e10000000a1553f7/frameset.htm
  Srini

• How to create an Oracle DATABASE through Java Programming Language.. ?

  How to create an Oracle DATABASE through Java Programming Language.. ?

  Oracle database administrators tend to be control freaks, especially in financial institutions where security is paramount.
  In general, they will supply you with a database, but require you to supply all the DDL scripts to create tables, indexes, views etc.
  So a certain amount of manual installation will always be required.
  Typically you would supply the SQL scripts, and a detailled installation document too.
  regards,
  Owen

• How to config the oracle database connection pool in IAS

  Hi,
  Does anyone who hows to config the oracle database connection pool in IAS?
  Thanks so much!!!
  [email protected]
  Jacky

  Jacky,
  You need do the following for oracle type4 driver:
  1) register the driver:
  $IAS_HOME/bin/jdbcsetup
  Driver Identifier: Oracle_Type4_816 (whatever name you like)
  Driver Classname: oracle.jdbc.driver.OracleDriver
  Driver Classpath: .../classes12.zip (install this this zip file somewhere
  and add this zip into the Classpath later).
  2) DataSource Setup:
  start iAS Administration Tool (iASAT)
  Choose Database, unfold iAS1 (your app server instance),
  choose External JDBC Datasource -> add: DataSource Registration
  JNDI Name: yourPoolName
  Driver Type: Oracle_Type4_816 (select what you just register)
  DataSource Url: jdbc:oracle:thin:@hostName:portName:dbName
  Username: your_user_name
  Password: your_passwd
  (Datasource Pool: using defaults for now): you can also customrize the
  parameters for the pool.
  3. Add classes12.zip into CLASSPATH.
  In your application, you can use JNDI lookup to get the DataSource from
  which you get the connection from the pool.
  Hope this helps.
  Good luck.
  Xuran
  "Jacky Yan" <[email protected]> wrote in message
  news:9m0tmp$[email protected]..
  Hi,
  Does anyone who hows to config the oracle database connection pool in IAS?
  Thanks so much!!!
  [email protected]
  Jacky

• C# Application using Oracle database

  Hello!
  I need to create a C# app using oracle database. I don't know how to create a database files (i found that oracle use more than one file for database).
  I need to create new database, than tables and then connect it in C# application. I don't know how to create new database, and when i create it where i can find files od this database that i need to copy to folder of my C# application. I'm new in Oracle, i use version 11g express. I readed so much in google and here but i can't find info about files location and creating new database, just like it is in sql server 2008. I would be thankful for every help, instructions, links to tutorials. Thank you in advance!

  895293 wrote:
  Hello!
  I need to create a C# app using oracle database. I don't know how to create a database files (i found that oracle use more than one file for database).
  I need to create new database, than tables and then connect it in C# application. I don't know how to create new database, and when i create it where i can find files od this database that i need to copy to folder of my C# application. I'm new in Oracle, i use version 11g express. I readed so much in google and here but i can't find info about files location and creating new database, just like it is in sql server 2008. I would be thankful for every help, instructions, links to tutorials. Thank you in advance!Oracle is nothing like SQL Server. The similarities begin and end with SELECT * FROM EMP;
  You don't just locate a file (or files) and drop them wherever you think you want them. You app does not interact directly with the database files at all.
  All oracle documentation is at tahiti.oracle.com

• How are you Using Oracle Lite?

  I'm doing a little research and am curious how people are using Oracle Lite...any feedback would be helpful, thanks!

  Hi Laurie,
  First, Robert - Lite'n up. This a "user forum" and open to any question, right? If we start chastising people for posting what read to me as a rather innocent question you might not expect to get many questions from newbies and responses from the gurus.
  Laurie, I have ported a J2EE application that uses Oracle enterprise as the database and BEA WebLogic as the server to an "off-line" accessible application that uses OLite and Apache Tomcat. Since this application was already written and we did not want to rewrite any [significant] portion, so I decide on Tomcat instead of OLite's Java engine. However, I will most likely use OLite "Web" application(s) for other apps that we are considering porting to this platform. So far, it seems like a great platform for an application that works with a rdbms.
  Hope this helps with your thesis ; )

• Can i  use Oracle Database Audit Vault and Oracle Database Firewall on Solaris?

  Can i  use Oracle Database Audit Vault and Oracle Database Firewall on Solaris?

  4195bee8-4db0-4799-a674-18f89aa500cb wrote:
  i dont have access to My Oracle Support can u send text or html of document please?
  Moderator Action:
  No they cannot send you a document that is available only to those with access to MOS.
  That would violate the conditions of having such service contract credentials.
  Asking someone to violate such privileges is a serious offense and could get that other person's organization banned from all support and all their support contracts cancelled.
  Your post is locked.
  Your duplicate post that you placed into the Audit Vault forum space has been removed (it had no responses).
  This thread which you had placed in the Solaris 10 forum space is moved to the Audit Vault forum space.
  That's the proper location for Audit Vault questions.

• How can i use Unix database in java?

  How can i use Unix database in Java?
  Message was edited by:
  JPro

  I have not a clue about FoxPro, but the db then is FoxPro and not Unix. The better question would be "How do I connect to FoxPro DB running on Unix with JDBC?".
  My answer to that would be, search the Internet for a JDBC driver.

• Using Oracle Database Express Edition in development environment

  Hi All,
  I have doubt regarding the usage Oracle Database Express Edition in Development environment. I am not sure weather I can ask a non technical question here or not. Pleas forgive me if I have done any thing wrong.
  I am working in an IT company where we take up projects outsourced by our clients. As part of our current project we are making some modification to a web application used by an institution. Our client is using Oracle Data Base standard edition. Due to budgetary constraints of our Company we can not set up a Oracle standard edition data base in our development environment.
  So would it be illegal if we use  Oracle Database Express Edition in our development environment?  We can guarantee that  only our internal development team which comprise a maximum of 10 people will have access to this development database and this development data base will never be opened to our Client for their business purpose(Who have their own Oracle standard edition in their environment). As part of the project we delver only table DDL script and stored procedure to our client and they put it in their environment.The sole purpose of a internal Express database will be development only.
  Could some one please tell me if it would be violation of license agreement if we install Oracle Database Express Edition in our development environment.

  Hi Paul,
  Actually I have already gone through the Oracle Technology Network Developer License Terms for Oracle Database 11g Express Edition . But was not quiet clear about the content. It says in the license terms that "We grant you a nonexclusive, nontransferable limited license to use the programs for: (a) purposes of developing, prototyping and running your applications for your own internal data processing operations". Does the term "your application" includes an application we are developing for another company. Since the Express database  is installed in the development environment only and is not opened to any one else not even for Our client it definitely falls under the term "internal data processing operations" right?

• Facing Problem  In Using Oracle Database Cloud Backup Service

  Hi Everyone,
  I m trying to use Oracle Database Backup Service, for this i have done the following as mentioned in the documentation.
  http://www.oracle.com/technetwork/database/features/availability/twp-oracledatabasebackupservice-2183633.pdf
  1.Downloaded the opc_installer from otn and unzipped.
  2. Executed the following statement from command prompt
  java -jar opc_install.jar -serviceName myService -identityDomain myDomain
  -opcId [email protected] -opcPass myPassword -configFile "C:\Oracle\OPC\conf"
  -walletDir  "C:\Oracle\OPC\wallet"  -libDir "C:\Oracle\OPC\lib"
  Using my credentials, servicename , identitydomain in the above statement.
  Download Complete message appears.
  3. Connects to RMAN and configure channel for sbt by passing this.
  configure channel device type sbt parms
  'SBT_LIBRARY=C:\Oracle\OPC\lib\oraopc12.dll
  ENV=(OPC_PFILE=C:\Oracle\OPC\conf\conf.txt)';
  4.To test the installation i executed the given statement "backup device type sbt current controlfile;"
  Starting backup at 31-MAY-14
  RMAN-00571:
  RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS
  RMAN-00571:
  RMAN-03002: failure of backup command at 05/31/2014 04:41:44
  ORA-19554: error allocating device, device type: SBT_TAPE, device name:
  ORA-27000: skgfqsbi: failed to initialize storage subsystem (SBT) layer
  OSD-01400: Message 1400 not found;  product=RDBMS; facility=SOSD
  (OS 7110)
  ORA-19511: Error received from media manager layer, error text:
     SBT error = 7110, errno = 1400, sbtinit: internal error - invalid argument(s)
  Getting the following error.
  My database version is 11g 11.2.0.3 and is installed in windows server 2008.
  Please help to resolve the error.
  Looking for your help.
  Regards

  Hi,
  Could you try the following command ? Seems like some dependent Windows DLL is not being loaded..
  sbttest foo -libname <abs-path-of-directory>\oraopc12.dll
  This will output the reason why oraopc12.dll can't be loaded.
  Thanks

• How to create a oracle database by java code?

  how to create a oracle database by java code?
  please give some ways then that way's code

  I'm not sure what you mean with "database". Do you mean an Oracle instance or an Oracle user/schema (probably the latter, because that's the equivalent to a MS SQL Database).
  Creating an instance is definitely not possible from within Java. To create a new user this should be possible, as this can be done with SQL:
  GRANT connect,resource TO <newuser> IDENTIFIED BY <password>;
  I'm always cautious with questions like this. In 90% of the cases there is something wrong with the initial design. Creating a database shouldn't be something the application is doing.
  Thomas

• What are the advantage of using Oracle Database when compare to SQL SERVER

  Hi all
  Please tell anyone about
  what are the advantage of using Oracle Database when compare to SQL SERVER
  Thanks in advance
  Balamurugan S

  user12842738 wrote:
  Hi,
  There are various differences between the two.
  1. SQL Server is only Windows, but Oracle runs on almost all Platforms.
  2. You can have multiple databases in SQL Server, but Oracle provides you only one database per instance.Given that the very term 'database' has s different meaning in the two products, this "difference" is absolutely meaningless.
  3. SQL Server provides T-SQL for writing programs, whereas Oracle provides PL/SQLWhich means what? Both products have a procedural programming language. They named them differently, and the languages are not interchangeable. Means nothing in comparing the features/strengths/weaknesses/suitability to purpose.
  4. Backup types in both are the same. (Except Oracle provides an additional backup called Logical Backup.)You make that sound like "Logical Backup" is something more than it is. It is nothing more than an export of the data and metadata. Many experts don't even consider it a backup. I'm sure SQL Server provides the same functionality though they probably call it by some other name.
  5. Both provide High Availability.Well, I guess they both have a suite of features they refer to as "High Availability". But what does that really mean? The devil is in the details. Remember, the two products don't even agree on what constitutes a "database".
  6. Both come in various distributions.???
  >
  If you are going for an Implementation, you can try SQL Server Express Edition and Oracle XE which are free to use.
  Then you can choose whichever is comfortable for your needs.
  Thanks.