Oracle Consulting Oracle Training Oracle Support Development
Home
Catalog
Oracle Books
SQL Server Books
IT Books
Job Interview Books
eBooks
Rampant Horse Books
911 Series
Pedagogue Books

Oracle Software
image
Write for Rampant
Publish with Rampant
Rampant News
Rampant Authors
Rampant Staff
 Phone
 800-766-1884
Oracle News
Oracle Forum
Oracle Tips
Articles by our Authors
Press Releases
SQL Server Books
image
image

Oracle 11g Books

Oracle tuning

Oracle training

Oracle support

Remote Oracle

STATSPACK Viewer

Privacy Policy

 

   
  Oracle Tips by Burleson

OCP Instructors Guide for Oracle DBA Certification

Chapter 11 - Oracle Database Security

Protecting Data Requires More than just Protecting the Production Database

Hackers often look for data in places that are left unsecured.  The listing below provides a few examples of the data stores that hackers may access to steal your production data:

Oracle Export utility output files.  Oracle Export files can be easily transferred to a remote location and quickly loaded into any Oracle database to recreate your production database environment. The hacker then has unlimited access to all of your trade secrets in complete anonymity and without maintaining a connection to your production database. 

The file copies from hot and cold database backups. We (and the hackers) know that database backups are duplicates of your production database. It is a often a simple process for hackers to find the output files or find the scripts that create the backups for your production database environment.

QA, test, development, reporting and disaster recovery databases. How many times have you been asked to refresh these non-production databases with production data?  Once the data is refreshed, these non-production databases must be treated as production data stores and secured accordingly.

Using LOGMINER to scan Oracle online and archived redo logs. Now that Oracle has provided us with a quick and easy way to access data changes stored in the redo logs, these files, and the LOGMINER utility, also needs to be secured.

The UTL_FILE_DIR directories. UTL_FILE_DIR  is used as the target directory for flat file output created from PL/SQL stored programs.  Hackers can gain access to the parameter file that defines the output directory and gain access to the PL/SQL output.


The above text is an excerpt from:


OCP Instructors Guide for Oracle DBA Certification
A Study Guide to Advanced Oracle Certified Professional Database
Administration Techniques

ISBN 0-9744355-3-8

by Christopher T. Foot
 

http://www.rampant-books.com/book_2003_2_OCP_print.htm


Download your Oracle scripts now:

www.oracle-script.com

The definitive Oracle Script collection for every Oracle professional DBA

Linux Oracle commands syntax poster

ION Oracle tuning software

Oracle data dictionary reference poster



Oracle Forum

BC Oracle consulting support training

BC remote Oracle DBA   

 

   

 Copyright © 1996 -2016 by Burleson. All rights reserved.


Oracle® is the registered trademark of Oracle Corporation. SQL Server® is the registered trademark of Microsoft Corporation. 
Many of the designations used by computer vendors to distinguish their products are claimed as Trademarks