Index
A B C D E F G H I J K L M N O P R S T U V W X
A
- access
- unauthorized, 1-13
- access control
- described, 1-5
- directory, 5-5
- least privilege, 9-5
- Oracle Connection Manager, 9-52
- access control lists (ACLs), 6-2
- administration
- delegation of, 5-7, 9-46
- enterprise user, 9-49
- application context
- accessed globally, 9-13
- accessed locally, 9-13
- initialized externally, 9-13
- initialized globally, 9-13
- overview, 9-12
- secure, 9-18
- virtual private database (VPD), 9-12
- application security
- directory-based, 5-6
- policies, 9-16
- requirements, 1-14
- secure application role, 9-21
- auditing
- customizable, 7-2, 9-6
- fine-grained, 7-3, 9-21
- in multitier systems, 7-3
- introduction, 7-1
- multitier applications, 9-22
- security requirements, 7-1
- authentication, 9-25
- application user proxy authentication, 9-14
- biometric, 9-35
- CyberSafe, 4-3, 9-34
- DCE, 4-6, 9-36
- described, 1-5, 4-1, 9-5
- directory, 5-4
- Entrust/PKI, 8-6, 9-34
- Kerberos, 4-3
- methods, 8-5, 9-4, 9-31
- multitier, 6-4
- password-authenticated users, 6-3
- password-based, 4-2
- PKI certificate-based, 4-7, 8-4
- PKI methods, 8-5, 9-32
- proxy, 3-6, 4-7, 9-10
- RADIUS protocol, 4-4, 9-34
- SecurID, 9-35
- smart cards, 4-5, 9-35
- SSL, 8-6, 9-33
- strong, 4-2, 9-31
- token cards, 4-4, 9-35
- authorization
- biometrics, 4-6
- described, 1-5
- directory, 5-5, 5-6
- multitier, 6-4
- proxy, 4-7
- availability
- Real Application Clusters, 9-9
- security factors, 1-6, 2-12, 9-7
B
- backup and recovery, 9-8
- Baltimore Technologies, 9-33
- biometric authorization, 4-6, 9-35
C
- certificate authorities, 9-33
- introduction, 8-4
- certificates
- contents, 8-5
- introduction, 8-4
- support for multiple, 9-42
- trusted, 8-5, 9-40
- X.509 Version 3, 8-6
- checksums, 9-27, 9-47
- algorithms, 3-4
- SSL, 9-28
- confidentiality, 1-4
- connection
- management, 9-51
- multitier, 3-2
- connection pooling, 4-8, 9-14
- credentials
- secure storage, 8-7
- CyberSafe ActiveTrust, 4-3
- CyberSafe authentication, 4-3, 9-34
D
- data
- deep data protection, 9-15
- encryption of stored, 2-10
- Data Encryption Standard (DES), 2-11, 3-4, 9-6, 9-27
- database links
- current user, 9-39
- DBMS_OBFUSCATION_TOOLKIT, 9-6
- directory security
- administrative roles, 5-10
- application security, 5-6, 9-39
- domains and roles, 5-8
- discretionary access control (DAC)
- least privilege, 9-5
- Distributed Computing Environment (DCE)
- authentication, 4-6, 9-36
E
- encryption
- algorithms, 2-10, 3-4
- for network transmission, 3-3, 9-26
- stored data, 2-10, 9-6
- enterprise roles, 2-5, 9-49
- enterprise user security
- features, 9-37
- global roles, 2-5
- graphical user interfaces, 9-38
- introduction, 6-1
- privilege administration, 6-2
- enterprise users
- password authenticated, 6-3, 9-37
- Entrust certificates, 9-40
- Entrust Profile, 9-33
- Entrust/PKI authentication, 8-6, 9-33
F
- failover, 9-9
- Federal Information Processing Standard 140-1 (FIPS), 9-24
- fine-grained access control
- facilitating VPD, 9-19
- per-user, 9-20
- fine-grained auditing, 7-3, 9-21
- firewalls, 3-5, 9-52, 9-53
G
- GTE CyberTrust certificates, 9-40, 9-41
H
- hashing, password, 5-4
I
- integrity
- checking, 3-4
- database mechanisms, 2-11, 9-3
- described, 1-6
- directory, 9-47
- entity integrity enforcement, 9-4
- Oracle Advanced Security features, 9-27
- referential, 2-11, 9-4
- Internet
- access control, 9-54
- data access increased, 1-8
- hosted system security, 1-10, 9-16
- increased data availability, 1-9
- large user communities, 1-10
- scalability of security, 1-10, 9-15
- security challenges, 1-7
- security features, 9-15
- security requirements, 1-7
J
- Java
- class execution, 9-23
- security implementation, 9-23
- Java Database Connectivity (JDBC)
- application user proxy authentication, 9-12
- encryption, 9-30
- JDBC-OCI driver, 3-7, 9-10, 9-29
- network security, 3-7
- supported drivers, 9-29
- Thin driver, 3-7, 9-29
- Java Secure Socket Extension (JSSE), 9-31
- Java virtual machine (JVM), 9-23
- java.lang.SecurityManager, 9-23
K
- Kerberos authentication, 4-3, 9-34
- Kerberos Single Sign-On, 4-3
L
- label based access control
- introduction, 2-9
- Oracle Label Security, 9-44
- LDAP
- application security, 5-6
- compliance, 9-47
- delegation of administration, 5-7
- directory access controls, 5-5
- introduction, 5-2
- Oracle Internet Directory, 9-41
- security features, 5-2
- server instance architecture, 9-48
- single sign-on, 9-36
- lightweight sessions, 4-8
- Login Server, 4-10
M
- MD4 hashing scheme, 5-5, 9-47
- MD5 Checksum, 3-4, 5-5, 9-7, 9-27, 9-28, 9-47
- Microsoft Active Directory, 9-39
- multitier systems
- auditing, 7-3, 9-22
- authentication, 6-4
- proxy authentication, 4-7, 9-11
- security, 3-6
- single sign-on, 4-10
N
- network security
- database enforced, 3-3
- encryption, 3-3
- firewalls, 3-5
- Java Database Connectivity (JDBC), 3-7
- managing privileges, 2-7
- multitier connection management, 3-2
- Oracle Advanced Security features, 9-26
- PKI, 8-8
- Secure Sockets Layer, 3-5
- valid node checking, 3-2
- VPD database enforced access, 9-55
O
- Oracle Advanced Security, 9-23, 9-25
- authentication, 9-31
- PKI implementation, 9-39
- Oracle Application Server
- SSL encryption, 9-28
- Oracle Call Interface (OCI)
- JDBC driver, 9-10
- JDBC-OCI driver, 3-7
- PKI, 9-40
- Oracle Connection Manager, 3-2
- firewall support, 9-53
- firewalls, 9-52
- security features, 9-51
- Oracle Enterprise Login Assistant, 9-33, 9-41
- Oracle Enterprise Security Manager, 9-39, 9-41, 9-42
- Oracle Internet Directory, 9-41
- architecture, 9-48
- components, 9-47
- enterprise user administration, 9-49
- security benefits, 9-47
- security features, 9-45
- Oracle Java SSL, 9-31
- Oracle Label Security, 9-21, 9-44
- Oracle Net Firewall Proxy, 9-53
- Oracle Net Services, 9-26
- protocol support, 9-51
- security features, 9-50
- Oracle Password Protocol, 9-31
- Oracle Policy Manager, 9-20
- Oracle Wallet Manager, 8-7, 9-31, 9-33, 9-41, 9-42
- Oracle wallets, 9-40
P
- partitioning, 9-19
- virtual private database (VPD), 9-19
- passwords
- authentication, 4-2
- authentication of enterprise users, 6-3, 9-37
- protection in directory, 5-4, 9-47
- security risks, 1-13
- PKCS #12 containers, 9-42
- PKCS#10 certificates, 9-41
- policy function, 9-55
- privacy of communications, 1-5
- privileges
- enterprise administration, 6-2
- least, 9-5
- managing, 2-3
- network facilities, 2-7
- roles to manage, 2-4
- schema object, 2-2, 2-3
- stored procedures to manage, 2-6
- system, 2-2
- views to manage, 2-7
- profiles
- user, 9-7
- protocol conversion, 9-51
- proxy authentication, 3-6, 4-7, 9-10
- application user, 9-11, 9-14
- directory, 9-11
- expanded credential, 9-11
- Kerberos and CyberSafe, 9-34
- proxy authorization, 4-7
- Public Key Certificate Standard #12 (PKCS#12), 8-7
- Public Key Certificate Standards (PKCS), 9-33
- public key infrastructure (PKI)
- advantages, 8-3
- authentication, 4-7, 9-32
- authentication methods, 8-5
- certificate-based authentication, 8-4
- components, 8-2, 9-40
- cryptography, 8-3
- interoperability, 9-42
- introduction, 8-1
- network security, 8-8
- Oracle Advanced Security, 9-39
- Oracle implementation, 9-43
- security features, 8-1
- single sign-on, 8-7
- supported vendors, 9-33
R
- RADIUS protocol
- authentication, 4-4, 9-34
- smart cards, 9-35
- supported vendors, 9-34
- RADIUS-compliant smart cards, 4-5
- RADIUS-compliant token cards, 4-4
- RC4 encryption algorithm, 2-11, 3-4, 9-27
- Real Application Clusters
- availability, 9-9
- referential integrity, 9-4
- replication, advanced, 9-8
- resource limitation, 9-7
- roles
- database, 2-4
- directory administration, 5-10
- enterprise, 2-5, 6-4
- global, 2-5
- managing privileges, 2-4
- secure application, 2-6
- secure application role, 9-21
- types of, 9-5
- row level security
- introduction, 2-8
- RSA certificates, 9-40, 9-41
- RSA Data Security RC4, 3-4, 9-27
- RSA SecurID tokens, 9-35
S
- scalability
- security, 1-14, 9-14
- schema objects
- privileges on, 2-3
- secure application roles, 2-6, 9-21, 9-55
- Secure Hash Algorithm (SHA), 3-5, 5-5, 9-27, 9-28, 9-47
- Secure Sockets Layer (SSL), 9-40
- authentication, 8-6, 9-33
- checksums, 9-28
- encryption, 9-28
- network security, 3-5
- Oracle Internet Directory, 9-46
- single sign-on, 9-41
- SecurID token cards, 9-35
- security
- administration team, 1-17
- application, 9-16
- application context, 9-12
- application user proxy authentication, 9-14
- auditing, 7-1
- availability, 1-6, 2-12
- credentials, storage, 8-7
- database, 2-2
- database integrity mechanisms, 2-11
- deep data protection, 9-15
- directory authentication, 5-4
- directory-based, 5-6, 9-39
- enterprise user, 6-1
- firewalls, 3-5
- good practices, 2-13
- hosted systems, 1-10
- integrity, 1-6
- Internet, 1-7, 1-10, 9-15
- Java Beans, 9-25
- Java implementation, 9-23
- label based access control, 2-9
- LDAP features, 5-2
- multitier systems, 1-14, 3-6
- myths, 1-2
- network, 9-26
- Oracle Advanced Security, 9-23
- Oracle Enterprise Edition, 9-14
- Oracle Internet Directory, 9-45
- Oracle Label Security, 9-44
- Oracle Net Services, 9-50
- Oracle Standard Edition, 9-1
- password protection, 1-13, 5-4
- personnel dimension, 1-3
- physical dimension, 1-3
- PKI, 8-1
- privileges, 2-2
- procedural dimension, 1-4
- requirements, 1-14
- row level, 2-8
- scalability, 1-14, 9-14
- scope of issues, 1-2
- secure application role, 9-21
- security directory integrity, 5-1
- shared schemas, 6-2
- single sign-on, 4-9, 6-4
- strong authentication, 4-2
- technical dimension, 1-4
- threats and countermeasures, 1-11, 1-15
- virtual private database (VPD), 2-9
- SecurityManager class, 9-23
- sessions
- lightweight, 4-8
- multiplexing, 9-52
- shared schemas
- Oracle Internet Directory, 9-50
- security features, 6-2, 9-38
- single sign-on
- Entrust-based, 9-33, 9-36
- implementations, 4-9, 9-36
- introduction, 6-4
- multitier, 4-10
- Oracle Enterprise Login Assistant, 9-41
- PKI, 8-7, 9-36
- server-based, 4-9
- Single Sockets Layer (SSL)
- current user database links, 9-39
- smart cards, 4-5, 9-35
- storage
- secure credentials, 8-7
- secure data, 1-5
- stored data encryption, 1-5
- stored program units
- managing privileges, 2-6, 9-6
T
- tables
- privileges on, 2-3
- TCP.EXCLUDED_NODES networking parameter, 9-54
- TCP.INVITED_NODES networking parameter, 9-54
- TCP.VALIDNODE_CHECKING networking parameter, 9-54
- token cards, 9-35
- benefits, 4-4
- Triple DES (3DES), 2-11, 3-4, 9-6, 9-27, 9-43
U
- UNIX hashing scheme, 5-5
- user models, 9-20
- users
- authentication of, 9-5
V
- valid node checking, 3-2, 9-54
- VeriSign, 9-33, 9-40, 9-41
- views
- complex and dynamic, 2-9
- managing privileges, 2-7, 9-6
- virtual private database (VPD), 9-19
- application context, 9-12
- database enforced network access, 9-55
- how it works, 9-18
- introduction, 2-9
- network security, 3-3
- Oracle Label Security, 9-21, 9-44
- Oracle Policy Manager, 9-20
- overview, 9-17
- user models, 9-20
W
- wallets, 9-40
- encryption, 9-43
X
- X.509 Version 3 certificates, 8-6, 9-10, 9-11, 9-33, 9-40, 9-41, 9-42