Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Goals
Implement auditing
J2EE
.NET
Large number of interactions between application environment and
database systems
Assume network filtering most problem traffic
Application can control fine-grain behavior, application protocol
security
Role Pattern
disassociation of users and privileges for easier management
Oracle on Windows
Oracle on Linux/Unix
Choose different account names than standard
suggestions
Restrict use of the account that owns Oracle software
Secure temporary directory
Some Oracle files are SUID (root)
Command line SQL*Plus with user/pass parameters
appears under ps output
Others
Secure
Secure
Secure
Secure
Secure
Secure
database
DBMS
applications
operating system
web server
network environment