Security in oracle

Hello,
I'm planning to write my bachelor thesis and i'm writing about Security in Oracle database. I heard that security is an audit subject and it's interesting to talk about security. I wanna know what can i do at the practice part of my thesis? I wanna some ideas of what to do at the practice part, what's interesting to do in practice, regarding to this subject.
Thanks!

Hi roger;
Give more details, security concept has huge concepts. Also i suggest check below link
Security
http://www.oracle.com/technetwork/topics/security/whatsnew/index.html
Security Solutions From Oracle
http://www.oracle.com/us/technologies/security/security-solutions-151411.html?origref=http://www.google.com.tr/
Regard
Helios

Similar Messages

  • How to install Oracle Label Security in Oracle Database 10g EE

    Hello All
    I just want to know how to install Oracle Label Security in Oracle 10g Database EE.
    I read in Oracle Enterprise Manager Grid Control Installation and Basic Configuration that Label Security must be installed before installing Enterprise Manager Grid Control.
    I have Oracle Database 10g Release 1 (10.1.0.1) on my Windows XP System, and I patch it to 10.1.0.3.
    M.
    Sorry about my English.

    Options is to connect to Oracle Policy Manager or use Oracle Internet Directory (OID)to administer Oracle Label Security.
    Find more ways in the Documentation here:
    http://download-uk.oracle.com/docs/cd/B19306_01/network.102/b14267/toc.htm

  • Error while "Enabling Security for Oracle Management Service"

    Hi,
    I have installed OEM 10GR1 on Solaris 9. I am using 9.2.0 database for repository.
    My first installation of OEM and agent went smoothly, and everything was working fine.
    Then, I tried to follow configurating security for Grid Control Framework. I got following error:
    /oracle/app/oracle/product/10gEM>cd bin
    /oracle/app/oracle/product/10gEM/bin>./emctl secure oms
    Oracle Enterprise Manager 10g Release 10.1.0.3.0.
    Copyright (c) 1996, 2004 Oracle Corporation. All rights reserved.
    Enter Enterprise Manager Root Password :
    Enter Agent Registration password :
    Enter a Hostname for this OMS :
    Checking Repository... Done.
    Checking Repository for an existing Enterprise Manager Root Key... Done.
    Generating Enterprise Manager Root Key (this takes a minute)... Done.
    Fetching Root Certificate from the Repository... Done.
    Generating Registration Password Verifier in the Repository... Done.
    Generating Oracle Wallet Password for Enterprise Manager OMS... Done.
    Generating Oracle Wallet for Enterprise Manager OMS...Missing /oracle/app/oracle/product/10gEM/sysman/wallets/oms.uxtora1/ewallet.p12
    :/oracle/app/oracle/product/10gEM/bin>
    Please help.

    Thanks for response. I had temp space full issue with repository database. After bouncing database, the temp tablespace became empty, and the secure operation went smooth.

  • Implementing Function Security in Oracle apps.

    I wanted to restrict certain menus in Payables manager for a particular user. How should i implement it? Is there any live example of implementing function security in oracle apps? Please Help.

    Hi,
    One approach is to create a custom menu and attach to it all the menus and functions you want and the add this menu to a new responsibility. But this is not the best way to solve the issue because you have to define different menus + responsibilities for each different user. Other way is to create roles which can be assigned to users.
    Thanks,
    Bahchevanov.

  • SOAP Header Security in Oracle Service Bus

    Currently we are in the process of implementing the SOAP Header Security through Oracle Service Bus. We have a requirement that BPEL need to call a external web service. That web service will be registered in OSB. While making the call, the OSB need to add the SOAP security header(user name & Pwd) in proxy service before forwarding the request to business service. Can you please help me find some information about that.

    Hi Manoj,
    The request payload which is going to the target is
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    </soap:Header>
    <soapenv:Body>
    <man:GetDefaultRechargeValuesRequest xmlns:man="http://www.NII.com/ManagePrepaidRecharge/workflow/ManagePrepaidRecharge">string</man:GetDefaultRechargeValuesRequest>
    </soapenv:Body>
    </soapenv:Envelope>
    whereas the target expects the soap header populated. the payload expected by the target is
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <gsa:Authentication xmlns:gsa="http://www.nextel.com.br/Wbs/Gsa">
    <gsa:Account>test</gsa:Account>
    <gsa:Password>test</gsa:Password>
    <gsa:Guid>f65748e63b01</gsa:Guid>
    </gsa:Authentication>
    </soap:Header>
    <soapenv:Body>
    <man:GetDefaultRechargeValuesRequest xmlns:man="http://www.NII.com/ManagePrepaidRecharge/workflow/ManagePrepaidRecharge">string</man:GetDefaultRechargeValuesRequest>
    </soapenv:Body>
    </soapenv:Envelope>
    The Problem now is, when i call a business service(WSDL of the target) from a proxy service and when i set the above expression to the $header using replace action in the proxy service itself, the above expression,instead of going as a request to the business service, it is populated in the response.
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <gsa:Authentication xmlns:gsa="http://www.nextel.com.br/Wbs/Gsa">
    <gsa:Account>test</gsa:Account>
    <gsa:Password>test</gsa:Password>
    <gsa:Guid>f65748e63b01</gsa:Guid>
    </gsa:Authentication>
    </soap:Header>
    <soapenv:Body>
    <ns0:GetDefaultRechargeValuesResponse xmlns:ns0="http://www.NII.com/ManagePrepaidRecharge/workflow/ManagePrepaidRecharge">
    <ns0:StandardHeaderBlock>
    <ns2:ServiceState xmlns:ns2="http://xmlns.oracle.com/apps/StandardHeaderBlock">
    <ns2:errorCode>SOA_ERR_TARGET_SYSTEM_FAILURE</ns2:errorCode>
    <ns2:errorDesc>
    OSB Service Callout action received an error response
    </ns2:errorDesc>
    </ns2:ServiceState>
    </ns0:StandardHeaderBlock>
    </ns0:GetDefaultRechargeValuesResponse>
    </soapenv:Body>
    </soapenv:Envelope>
    Since the authentication details are not reaching the target, it is giving a target system failure. Can you suggest a remedy to this please.

  • Migrating Security In Oracle BI 11g - Project Amelia

    We'd like to introduce an open source project that assists with the migration of basic security from an OBI 11g (FMW) source environment to a target environment. The project generates a WLST script that executes a security artifact migration process. It is also great for creating an inventory of application roles and principal assignments that can be used in project documentation.
    This is a perfect tool for upgrades from OBI 10g to OBI 11g.
    Advanced users should have no problem testing and running the solution. Please provide feedback or potentially consider contributing to the project.
    The project page can be found here,
    http://amelia.artofbi.com/
    The project code can be downloaded from here,
    https://github.com/artofbi/Oracle-FMW-Amelia
    The first post and description of the project can be found here,
    http://www.artofbi.com/index.php/2011/09/introducing-project-amelia-easier-migration-of-obi-11g-security/
    This project was originally designed to provide a quicker mechanism for migrating Oracle BI 11g security. It clearly has a resounding place in other OPSS based FMW applications. Project Amelia is a new open source project to assist with migrating and documenting Policy Store Security in Oracle Fusion Middleware, specifically for but not limited to Oracle Business Intelligence 11g. The project contains the core scripts and binary files required for utilization in any Java ready Operating System.
    The project is released under the Apache License 2.0 which means it is free to use, free to share, and free to copy.
    Please feel free to leave any comments or questions in the forum thread.
    Cheers,
    Christian
    http://www.artofbi.com

    Check this http://www.rittmanmead.com/2011/02/obiee-11g-migrations/
    and http://docs.oracle.com/cd/E23943_01/doc.1111/e15722/toc.htm

  • REP-56110: Failed to connect to security repository Oracle Portal.

    Dear All,
    I need your help on the error REP-56110: Failed to connect to security repository Oracle Portal.
    I have installed Oracle Application Server 10g R2.
    I have enabled SSO for form Sevice and Report Service.
    I created OID user login and map it to my database user (on which my Application Run).
    When i run my application, SSO page apear. I login it with user id and Password and My application Runing Succesfully. But when i call Reports from my Application through Run_Repor_Object or Web.Show document. I get the error REP-56110: Failed to connect to security repository Oracle Portal.
    my oid user id and passwor is as follow
    username = ssotest
    password = ssotest1
    IF i run rwservlet command. It is showing the Server page with Secure mode.
    http://server:7778/reports/rwservlet/showjobs?
    What is the reasong behind this? Help me out.
    http://server/reports/rwservlet?destype=cache&desformat=pdf&report=sr_master.rdf&FromDate='01-JAN-12'&ToDate='31-DEC-12'&SSOConn=test/OracleDB/ssotest
    where -- test is my Resoruce Name define in OID
    oracleDB Resource Type
    ssotest my sso user name
    Edited by: Meherban Khan on Mar 27, 2012 6:21 AM

    I changed %PORTAL_DB_USERNAME%/%PORTAL_DB_PASSWORD%@%PORTAL_DB_TNSNAME%
    with the actual username/password of the portal schema. Now i get the following Error.
    REP-56071: Security check failed with error message: Error code30004 - Cannot access the output type:cache
    In package:wwv_rw_usr function:security_check
    Command line is: server=rep_portal_form_report_services report=KPIx/Churn Analysis/ChurnByAgeGroup.jsp destype=cache desformat=html rundate="27-DEC-05 12:12:20"
    Executed on:12/27/05 12:12:29

  • Doubtful about security of oracle's Wrap code!

    Dears
    I am little bit doubtful about security of oracle's own Wrap code like package "sys.utl_smtp" .
    Someone can easily Unwrap it without source code?
    How it possible? whats your opinion about this? please can anybody clear me.
    Regards
    Abdul Halim
    Edited by: Abdul Halim on May 31, 2013 8:14 PM

    Halm, you are operating under the mistaken belief that your code deserves hiding from the customer and competitors to begin with. Why? All you are doing in the code is performing DML. It is not like your application is the only one in the world that performs its function.
    If someone really wanted to they could figure out what your code is basically doing just by looking at the table and file data before and after running the code. By careful manipulation of the data and studying the results they can figure out what is being done and then develop their own specific of the how it is done. One can also look at Oracle's internals as the code is being processed both using Oracle provided views and direct peaking at Oracle's shared memory. Then there are tools like sql trace which will captute the SQL, waits, and binds for the process.
    But all of this is kind of mute in that most shops do not have the talent to write their own unwrapper nor has the shop purchased an unwrapper so if you wrap the code it is going to be secured from most users and competitiors. I would just recommend that potential customers not purchase your product becuase the customer is going to need access to the code either for debugging (bugs will exist in the code) or tuning. Likely both.
    IMHO -- Mark D Powell --

  • Web connectivity and security in Oracle 8i

    How can i make Web Connectivity with Oracle 8i database.
    Junaid Tareen

    <BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by [email protected] ():
    What do you mean by data level security?
    Can you give an example and explain your query?<HR></BLOCKQUOTE>
    When giving him permissions to users on a table I want that the user can manipulate only certain columns and that the others are restricted for him. If it is connected by application, SQL, ODBC, etc. That it always has activates the restrictions on the data of those columns.
    Ej.
    I have a table with 5 columns, need to give permissions him of select to users on that table but single desire to show the users columns to him the 1,2 and 3.Las others will remain restricted for those users until it is decided to assign them.

  • Security for Oracle BPM PAPI WS

    Hi all,
    1) While creating a session using PAPI WS if we use the password same as username can't the webservices be invoked by other applications in te same network? How to prevent this? Any application which knows an username in Oracle BPM directory can invoke these web services!!
    2)What is username token profile mechanism for WS?
    how to apply username token profile for PAPI WS when invoked from .net apps? I need details.
    Regards,
    Som

    1.) Any application which knows the username/password could invoke the services. The passwords are only the same as the username in Studio, not in enterprise.
    2.) Username Token profile is a WS-Security standard. Using WCF you would be able to set the username/password which will be included in the SOAP header.

  • Security in Oracle (remote db)

    Hi,
    Can anyone tell me, how Oracle protect data when 2 databases are separate and communicate on long distance (e.g. 200 km)? Is there any secure transmission like VPN or something similar? How many solutions Oracle have for such situations?
    Thanks for suggestions.

    Can anyone tell me, how Oracle protect data when 2 databases are separate and communicate on long distance (e.g. 200 km)?The actual distance is not material.
    Even if only 1Km, but in different commercial sites, a risk exists.
    Is there any secure transmission like VPN or something similar? ssh tunneling can be used.
    How many solutions Oracle have for such situations?many

  • Security in Oracle Forms

    Does Oracle Forms have a mechanism to prevent
    a client java applet (JInitiator) from being impersonated by
    hacker-built client applet?
    Would a hacker not be able to create their own Form/applet
    (via the Forms Builder gui) and use a valid login to
    gain unfettered access to the database (assuming VPD
    is not used)

    Interesting question lets address some of the issues:
    1) When you build a Form you are not building an Applet you are building a store of Metadata which gets sent to the Generic Forms Applet as the Form is run.
    2) The generic Forms applet is signed using a certificate that JInitiator already knows about - a Fake applet would not be signed with our certificate and would not be trusted by the JVM - it would have Yellow Warning Bars everywhere.
    3) The communication between the Forms Applet and the Runtime engine which is serving it metadata is encrypted. Any fake applet would have to handle this and would also have to understand the Forms messaging protocol which is not published.
    4) The Forms Applet is downloaded from the Server - so the "hacker" would need access to your server machine to put the fake applet version in place if this happens you probably have bigger problems.
    5) Likewise if someone created a Form which was to be substituted in place of a Real application login they would need access to the Server machine and the configuration files to make it get used.
    So in summary - if your server is secure both in access and physical terms you will not have a problem.

  • Information required in "Advanced Security in Oracle 8i"

    Dear All,
    We are planning to secure our database by using Oracle Advanced Security option.My concern is that I have one central database for my main application. Some modules require security while the rest do not need that.
    Can I secure some schemas of database by leaving other schemas unsecure ? I mean can I apply security option to one schema and not to the other of same database?
    Anyone who can give solution to the above problem will be highly appreciated.
    Waiting for quick response.
    Regards
    Mehdi

    Hi Mehdi ,
    You can check out the VPD concept provided by Oracle in which you can apply the security on the required schema/table only and it thus meet your requirement of providing security option to one schema and not to the other of same database.
    -Shefali
    null

  • Data level Security with Oracle Apps as Source

    Hi all
    I am implementing Data level Security with Apps as Source(OLTP) on Single Sign On.(Oracle has provided the Vanila rpd & we are working on that)
    I need to Filter data based on Business Group, Users are created in Apps and they are registered with some Responsibilities.
    (for eg, OBI User CHINA is a Responsibility; Now he will get only Business Group ID for China)
    I have created Groups in rpd with same name as the responsibility in Apps.
    I have created Initialization Blocks from which I m getting only 1 business group ID for every :USER.(I tried the code in TOAD & I m getting the correct BG ID)
    I have created Group in WEB with the same name as the Group name in rpd.
    If I say show all Users and Groups in WEB, I m getting the APPS Users.
    I hv Reloaded the server metadata files and restarted the BI Server/WEB Server also...
    But in the Report, I m getting all the Business Group Ids,
    Plz advice if I m doing something wrong.
    ThanQ
    Anand

    You need to be creating your "business groups" as a group in the RPD, init blocks to retrieve the user business group at login. Filters in the Logical table sources to restrict data to relevant business groups only.
    Presentation 'Web Cat' groups with the same name as the RPD groups so a user inherits membership automatically.
    I'd suggest sourcing a vanilla OBIA rpd to see how it is implemented out of the box.

  • WS-Security with Oracle BPEL

    Is it possible to apply WS-Policy or encryption with Oracle BPEL without uing web services manager.
    So if a BPEL process is exposed as a web service then how do I apply WS-Policy etc on that web services ?

    Hi.
    I don't know anything about WS-Policy support in BPEL or WSM, but regarding WS-Security aspects like encryption/decryption, certificates, etc, I can tell you the following:
    1 - If your BPEL Process needs to call a web service and pass WS-Security credentials through a partner link, I only know about (and it seems the only option) sending WS-Security username/password authentication
    http://download-east.oracle.com/docs/cd/B31017_01/core.1013/b28764/owsm003.htm#sthref1082
    Additional information found here:
    http://download-east.oracle.com/docs/cd/B31017_01/integrate.1013/b28982/security.htm#sthref10
    For the other features like encryption and certificates, I have only used web services manager gateway so far.
    2 - All Web Services exposed by your Oracle Application Server (be it a BPEL Process or any other web service) can have an interceptor configuration to validate certificates, apply decryption, etc, when a message arrives. You can verify this by going to your Application Server Control Console->Your OC4J->Web Services->Your Web Service->Administration->Security
    3 - If you need to pass WS-Security information when calling your BPEL Processes from an application, you can protect your BPEL process as described in step 2, and then use JDeveloper to configure a web service proxy that encrypts or put certificates in your messages, also using an interceptor mechanism. After creating your web service proxy, right click it and Select the option "Secure Proxy" option.
    Hope someone can give more information about WS-Security and WS-Policy.
    Denis

Maybe you are looking for