Oracle startup/security question

I am new to Oracle and am being tasked with a security lockdown. One of the questions I am being asked is if this:
The DBMS opens data files and reads configuration files at system startup. If the DBMS does
not verify the trustworthiness of the files at startup, it is vulnerable to malicious alterations of its
configuration or unauthorized replacement of data.
I have searched around and cannot find anything about this. Does anyone know if there is an integrity check or other procedure that Oracle does (or can be configured to do) at startup to make sure the files are as expected?
Thanks
Jim

In my opinion, if Oracle DB opens, then files are intact & can be trusted.

Similar Messages

  • HA Oracle startup/shutdown question

    Environment:
    2 Sunfire V890's running solaris 2.9 and SC3.1U4
    Hello All,
    I am having a problem with oracle startup and shutdown in my cluster. In order to get oracle to startup after a failover, shutdown what have you, I need to implement the following procedure as a pre/post oracle startup operation/script. Can anyone tell me if there is a place or hook in the HAOracle agent where I can add my own operation? I would rather avoid having to write a GDS agent in order to do this, if it is at all possilble.
    Thanks,
    George Cebulka
    PS
    Please Note: (This is a DBA thing, not mine!)
    ************** Begin *********************
    After a failover or startup we need following to avoid the �authentication error�
    1. remove the sqlnet.ora soft link from $ORACLE_HOME/network/admin
    1. rm /global/oracle/oracledb/oraclev10201/network/admin/sqlnet.ora
    2. Create a new soft link to sqlnet.ora in $ORACLE_HOME/network/admin as following
    1. ln �s /global/pitt/dba/network/net8/sqlnet.ora /global/oracle/oracledb/oraclev10201/network/admin/sqlnet.ora
    3. startup the database and listeners (using cluster database).
    4. Now database is up and running and we need to turn on radius authentication for which we need this post stuff
    5. Remove the sqlnet.ora link
    1. rm /global/oracle/oracledb/oraclev10201/network/admin/sqlnet.ora
    6. Create a new soft link to replace sqlnet.ora with radius sqlnet.ora
    1. ln �s /global/pitt/dba/network/net8/sqlnet.ora.radius /global/oracle/oracledb/oraclev10201/network/admin/sqlnet.ora
    *************** End ******************

    You could also try the following:
    Create two GDS agents, where you need to include the steps to disable the pmf action script, which I describe in a blog at
    http://blogs.sun.com/TF/entry/disabling_pmf_action_script_with .
    This is needed since your scripts will not leave a process running for PMF.
    1. GDS resource (for this example I call it ora-prestart-rs):
    Start_command: It will do the steps to implement the original sqlnet.ora file + the steps from the blog
    Probe_command: /bin/true
    Stop_command: not needed
    2. GDS resource (for this example I call it ora-poststart-rs):
    Start_command: It will do the steps to setup the link for the radius sqlnet.ora file + the steps from the blog
    Probe_command: /bin/true
    Stop_command: It will do the steps to re-implement the original sqlnet.ora file
    Then you create the following resource dependencies (here I assume the name for the SUNW.oracle_server resource is ora-rs):
    scrgadm -c -j ora-rs -y Resource_dependencies=ora-prestart-rs
    scrgadm -c -j ora-poststart-rs -y Resource_dependencies=server-dwdd-rs
    Maybe you need to setup the same dependencies to include the SUNW.oracle_listerner resource. You did not mention which of those is facing problems.
    Of course, I never tried this. But this would enable you to use the HA Oracle agent unchanged.
    Greets
    Thorsten
    PS: I forgot to also mention that you need to set the Restart_type extension property for the SUNW.oracle_server resource to RESOURCE_GROUP_RESTART:
    scrgadm -c -j ora-rs -y Restart_type=RESOURCE_GROUP_RESTART
    That way a triggered restart by ora-rs will allways force the RG to go through stop/start - and only then the link will get set back to the sqlnet.ora the SUNW.oracle_server needs to work correctly.
    Note again - this is theory and needs proper testing.
    Message was edited by:
    Thorsten.Frueauf

  • Filevault encryption: no security questions, no recovery code; how to revert?

    Running the latest Yosemite (10.10.2) on an iMac (upgraded from Mavericks) ...
    I decided I wanted to encrypt the boot drive on our iMac, so I clicked to turn on Filevault. Here's what happened:
    I was NOT offered a recovery key. (As this point, I didn't know when the key is normally offered.)
    I DID get a window that asked if I wanted Apple to save my key, and I clicked on the radio button to do so. Then I clicked on CONTINUE.
    I did NOT get any security questions to answer, just a RESTART button. I thought, maybe the security questions come after the restart.
    I clicked on RESTART and the iMac restarted and encrypted the drive (17 hours).
    Concerned that I didn't have a recovery key, I read up on the forums. Sounded like if I simply used my user password, I could turn off Filevault to decrypt the drive, and I'd be back to where I started. I did so, and watched as it decrypted the drive (6 hours). Filevault indicates that is is "now off." 
    I thought I'd try again, so I clicked to turn on Filevault. This time, I did NOT get a recovery key (same as before) and I did NOT get the window asking if I wanted Apple to save my key — only an immediate RESTART button. I canceled.
    I restarted the iMac, noting that the startup graphics were different — the iMac now starts immediately with an all-white screen, something that one forum participant said is evidence that your boot drive IS encrypted regardless of what Filevault says.
    This concerned me because it now seemed like the drive might be encrypted and I had no recovery key and hadn't been asked any security questions.
    I thought if I turned on Filevault I could generate a fresh recovery key that would supplant anything Apple was storing for me — and give me a chance to answer security questions.
    I turned on Filevault and was, for the third time, NOT offered a recovery key but this time I DID get the window that asked if I wanted Apple to save my key. Apparently the restart at least added this screen. I cancelled.
    So while Filevault says it is off, the immediate white start-up screen suggests the drive may be encrypted. Regardless, Filevault is not offering a recovery key or security questions.
    I have sketchy ideas about how to rectify things:
    I could start up from an external backup (unencrypted) of the boot drive, erase the boot drive, and clone the backup to the boot drive. Will that create a bootable (non-encrypted) startup drive? I don't think so ...
    I could start up from the external backup (unencrypted) of the boot drive, erase the boot drive, then do a clean install of Yosemite on the boot drive. Would that clear any existing encryption? I don't know ...
    Or I read about using Terminal to un-encrypt a drive?
    Any advice would be much appreciated.
    Thanks,
    Bradley

    Click here for information. If you can't get the answers emailed to you for some reason, contact the iTunes Store staff via the link in that article.
    (80111)

  • HT201363 whenever i want to download an app, they ask me for 3 security questions.  I answer them and then it says "session has timed out".  And then the whole process repeats itself.  How can I download a free app if this keeps coming up?

    Whenever I want to download a free app, it asks me for 3 security questions.  I answer them.  Then it says "session has timed out".  Then the whole process starts over.  How can I get around this?

    Hey everyone in Apple world!
    I figured out how to fix the flashing yellow screen problem that I've been having on my MBP!  Yessssss!!!
    I found this super handy website with the golden answer: http://support.apple.com/kb/HT1379
    I followed the instructions on this page and here's what I did:
    Resetting NVRAM / PRAM
    Shut down your Mac.
    Locate the following keys on the keyboard: Command (⌘), Option, P, and R. You will need to hold these keys down simultaneously in step 4.
    Turn on the computer.
    Press and hold the Command-Option-P-R keys before the gray screen appears.
    Hold the keys down until the computer restarts and you hear the startup sound for the second time.
    Release the keys.
    I went through the 6 steps above twice, just to make sure I got rid of whatever stuff was holding up my bootup process.  Since I did that, my MBP boots up just like normal.  No flashing yellow screen anymore!!   
    (Note that I arrived at this solution when I first saw this page: http://support.apple.com/kb/TS2570?viewlocale=en_US)
    Let me know if this works for you!
    Elaine

  • Where to find the doc for Oracle server security

    I am preparing for Oracle 9i upgrade OCP and looking for
    the document which talks about Oracle server security
    which includes Application context, Security Role and etc.
    Thanks

    hi,
    this is the portal content management forum. for your database question please use the database forums:
    http://forums.oracle.com/forums/index.jsp?cat=18
    thanks,
    christian

  • Is there any guide lines how you can secure windows 7 gpo enable system services startup security settings?

    Is there any guide lines how you can secure windows 7 gpo enable system services startup security settings?
    For example like many do with Forefront Client Security Anti-Malware service, and there is lots of other service that you would like to have control over to get an secure and stable Windows 7.
    /SaiTech

    Hi, 
    Since there is no response from you, we considered that you have gotten what you want in previous post. 
    For further question, please don't hesitate to come back here and let's discuss again. 
    If you have any feedback on our support, please click here
    Kate Li
    TechNet Community Support

  • Trying to use Oracle Label Security with a XMLType

    Hi everybody.
    I'm trying to apply some of the Oracle Label Security functionalities to a table created from the annotations of a XML Schema
    (Below I show part of this XML Schema:
    <?xml version="1.0" encoding="UTF-8"?>
    <xs:schema xmlns:xdb="http://xmlns.oracle.com/xdb"
    xmlns:xs="http://www.w3.org/2001/XMLSchema"
    elementFormDefault="qualified"
    attributeFormDefault="unqualified">
    <xs:element name="FILE_INFO" xdb:SQLType="FILE_INFO" xdb:defaultTable="TABLE_FILE_INFO">
    <xs:complexType>
    <xs:choice>
    <xs:element name="FILE_INFO_DICOM"
    type="FILE_INFO_DICOM_TYPE" />
    <xs:element name="FILE_INFO_ANALYZE"
    type="FILE_INFO_ANALYZE_TYPE" />
    </xs:choice>
    </xs:complexType>
    </xs:element>
    <xs:complexType name="FILE_INFO_DICOM_TYPE" xdb:SQLType="FILE_INFO_DICOM_TYPE">
    <xs:sequence>
    <xs:element name="ELEMENT_INFO_DICOM"
    type="ELEMENT_INFO_DICOM_TYPE"
    minOccurs="0"
    maxOccurs="unbounded"
    xdb:defaultTable="TABLE_ELEMENT_INFO_DICOM"
    xdb:SQLInline ="false"/>
    </xs:sequence>
    </xs:complexType>
    <xs:complexType name="ELEMENT_INFO_DICOM_TYPE" xdb:SQLType="ELEMENT_INFO_DICOM_TYPE">
    <xs:all>
    <xs:element name="Description" type="xs:string" minOccurs="0" maxOccurs="1" />
    <xs:element name="GroupTag" type="xs:string" minOccurs="0" maxOccurs="1" />
    <xs:element name="ElementTag" type="xs:string" minOccurs="0" maxOccurs="1" />
    <xs:element name="VR" type="xs:string" minOccurs="0" maxOccurs="1"/>
    <xs:element name="Value" type="xs:string" minOccurs="0" maxOccurs="1"/>
    </xs:all>
    </xs:complexType>
    ................etc
    I've created a security policy that I have tested on relational tables (not based on any object type) and works correctly.
    BEGIN
    SA_POLICY_ADMIN.APPLY_TABLE_POLICY(policy_name => 'policy1',
    schema_name => 'oe',
    table_name => 'TABLE_FILE_INFO',
    table_options => 'LABEL_DEFAULT, READ_CONTROL, WRITE_CONTROL',
    label_function => NULL,
    predicate => NULL);
    END;
    When I try to apply this policy to the XMLSchema-created table (TABLE_FILE_INFO) I get next error messages:
    ORA-22856: cannot add columns to object tables
    ORA-00604 error occurred at recursive SQL level 1
    ORA-12445: cannot change HIDDEN property of column.
    ORA-06512: in "LBACSYS.LBAC_POLICY_ADMIN", line 257
    ORA-06512: in line 2
    I suppose that the main problem is that the apply_plicy procedure is trying to add an extra column to a table created from a defined type.
    So my questions are: It's that true? Is it possible to apply a policy to the content of XML documents, I mean, if I want to restrict that some users see some subset of a XML document based on a specific policy, is there anything similar to Oracle Label security for XML? (as defined with the annotations in the XML Schema, some elements will be mapped to rows of a XMLType-based table when a XML document is inserted into the XMLDB repository (marked to follow the previous XML Schema of course)
    Hope someone can help to solve my doubts...
    Thanks,
    Marcos.

    Have you ever answered this question? If not, have you tried to use the "HIDE" property on your table_options?

  • My iPad wont let me download apps bc security questions, but when I try to make them it freezes

    Every time I try to download an app it tells me I need to update my security questions, but once I click to make the questions the box goes white. So I'm not sure how to fix it

    The new questions show on your account on http://appleid.apple.com ? If they do then try logging out and back into your account on your phone (assuming that is where you are trying to purchase from) and see if the new questions then show on it.

  • How do I delete an Apple iCloud account from my iPhone without password, security questions, or email?

    For some reason, an old iD is stuck on my phone. My iPhone 4s is nearly filled with documents and data, to the point where I cannot take pictures, and I can't reset it without using this old iD. I don't know why this is now popping up instead of the one I am registered with. I gained access to the old email the iD is under, but none of the iTunes emails are coming in so I assume it is set up under a different email. For the security question of birthdays, I tried every household member's birthday, and none worked. I have tried the password we used on that account when it was active, along with every other possiblility. I don't know what to do anymore and I have very limited use of my phone if I don't get this sorted out and deleted from my phone.
    Thank you for any help!

    Not without password.

  • My old email account was disabled and I can't remember my password - how can I reset my password or move $ to a new itunes/email account?  It seems I must have mis-typed my information because I can't answer the security questions correctly...

    My old email account is disabled and I can't remember my itunes password - how can I reset my password or move $ to a new itunes/email account?  It seems I must have mis-typed my account information because I can't answer the security questions correctly...

    ➡ https://iforgot.apple.com/

  • How can I access my iCloud email account when I don't remember the password and Apple won't accept the answer to my security question?

    I set up an email account with " @me.com". I get a wrong password message when I try to log in. When I try to change my password I get an INcorrect answer message to the security question I'm asked my birth date so I know I have it right, unless I did a typo when I set up the account. When I choose email me the reset password lnk I cannot retrieve the email because it won't accept the password. I wanted to justemail Apple for instructions but cannot find an email address for that. Any help would be appreciated.

    I tried that without any luck. I was hoping I could get Apple to reset it for me or delete the account so I could recreate it or at least tell me what is listed as my birth date, the security question answer.

  • I've forgotten my security question answers, and now it won't let me download anything without them.., I've forgotten my security question answers, and now it won't let me download anything without them..

    Help.. I've had this issue for over a month, i have over five dollars on my iTunes account and i want to buy music and games but Itunes continuously requests for my Itunes security questions. Is there any possible way i can CHANGE then without having to make a new itunes account?

    You need to contact Apple to get the questions reset, which can be done by clicking here and picking a method for your country, or if that's not an option, by filling out and submitting this form.
    (95930)

  • How can you change your security question for I tunes?

    How can you change your security question for I tunes?

    If you have a rescue email address (which is not the same thing as an alternate email address) set up on your account then the steps half-way down this page give you a reset link on your account : http://support.apple.com/kb/HT5312
    If you don't have a rescue email address (you won't be able to add one until you can answer 2 of your questions) then you will need to contact iTunes Support / Apple to get the questions reset.
    Contacting Apple about account security : http://support.apple.com/kb/HT5699
    When they've been reset (and if you don't already have a rescue email address) you can then use the steps half-way down the HT5312 link above to add a rescue email address for potential future use

  • I can't remember the answers to ANY of my security questions. And in order to reset them I apparently have to remember the answers to at least two, which doesn't really help me at all considering my dilemma. Anyone know what I should do??

    Please help!! I can't remember any of the answers to my security questions (I made them approximately four years ago and don't know what I was thinking).
    How can I change my questions without answering my security questions that I don't know?!??

    You need to ask Apple to reset your security questions; this can be done by phoning AppleCare and asking for the Account Security team, or clicking here and picking a method, or if your country isn't listed in either article, filling out and submitting this form.
    They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
    (105971)

  • I've forgot my answers for security questions. Can't you reset them or do something like this?

    I have bought a new iphone 5s a week ago. Today I wanted to purchase an app. And the security system asked me for an answer for my security questions.  But I don't remember them. What should I do?

    Frequently asked questions about Apple ID - http://support.apple.com/kb/HE37 --> Can I change the answers to the security questions for my Apple ID?  --> Yes. You can change the answers to the security questions provided when you originally signed up for your Apple ID. Go to My Apple ID (http://appleid.apple.com/) and click Manage your account.
    Some Solutions for Resetting Forgotten Security Questions - https://discussions.apple.com/docs/DOC-4551
    Rescue email address and how to reset Apple ID security questions - http://support.apple.com/kb/ht5312 - "If you can't recall your Apple ID security questions and answers, the optional rescue email provides a way to reset them. Additionally, all future security-related emails for your Apple ID will be sent to the rescue email address."
    Jan 2014 post about contacting Apple to reset security questions - https://discussions.apple.com/message/24543247 and https://discussions.apple.com/message/24671039
    If you can't remember them over the space of a week you had better write them down.

Maybe you are looking for