Infrastructure at your Service

Security Archives - Page 4 of 4 - Blog dbi services

Grégory Steulet

Security improvements in MySQL 5.7

By | Database management | One Comment

If you have a look on the last mysql 5.7.4 version or later you will probably see that there are several security improvements. The list of added security features and improvements can be seen on the following page: http://dev.mysql.com/doc/refman/5.7/en/mysql-nutshell.html There are three main improvements that are shortly described in this blog: 1. Nonempty plugin column 2. Password lifetime policy 3. mysql_install_db secured Nonempty plugin column As of MySQL 5.7.2, the server requires account rows in…

 
Read More
Stéphane Haby

SQL Server 2014: Are DENY ‘SELECT ALL USERS SECURABLES’ permissions sufficient for DBAs?

By | Database management | No Comments

SQL Server 2014 improves the segregation of duties by implementing new server permissions. The most important is the SELECT ALL USERS SECURABLES permission that will help to restrict database administrators from viewing data in all databases. My article is a complement to David Barbarin’s article ‘SQL Server 2014: SELECT ALL USERS SECURABLES & DB admins’. I have tested some cases to be sure that I can do my DBA’s job as well. As a reminder,…

 
Read More
David Barbarin

SQL Server 2014 : SELECT ALL USERS SECURABLES & DB admins

By | Database management | No Comments

Microsoft will introduce four new security permissions in SQL Server 2014. One of them called SELECT ALL USERS SECURABLES is the subject of this post.  As explained by Microsoft SQL Server 2014 will allow a database administrator to manage data without seeing sensitive data or personally identifiable information. We can achieve a greater compliance but we must take care what is said because we could be wrong about the terms “manage without seeing sensitive data”….

 
Read More
Grégory Steulet

Errors while installing Oracle Database Vault on Oracle 11.2.0.3

By | Database management | 2 Comments

During one of my last consulting missions, I had to install Oracle Database Vault on an existing Oracle environment. It clearly was not a straigthforward process, since I experienced some weird errors such as: ORA-28003: password verification for the specified password failed, ORA-20001: Password length less than 8, and ORA-01917: user or role ‘LBACSYS’ does not exist. After having a look at several log files, I found the root causes of this error. Below, you…

 
Read More
Grégory Steulet

ORA-03113 caused by Database Vault Rule Sets

By | Database management | No Comments

Database Vault solution allows to create rules that manage access to database. Among these rules there is what is called in Database Vault “Rule Sets”. These logic components are written as PL/SQL functions to return Boolean results.

If rule expressions do not match the user context, the access is refused and a specific message can be configured in order to warn the user that he is not authorized to access this specific object. These expressions can be for instance related to the client IP address, the session username, the time or date and many other things.

 
Read More
Pierre Sicot

Oracle Database Firewall

By | Database management | One Comment

Le marché du Database Activity Monitoring (DAM) devenant de plus en plus important avec des produits tels que Imperva, Guardium ou Sentrigo, je me suis intéressé au produit Oracle Database Firewall, qu’Oracle présente comme un substitut aux différents acteurs du marché des DAMs.

 
Read More
Yann Neuhaus

Password Oracle : vos mots de passe sont-ils sécurisés ?

By | Database management | No Comments

Quelles sont les faiblesses de l’encryption des mots de passe Oracle ? Comment est-ce qu’Oracle crée les clés de hachage afin d’en améliorer la sécurité ? C’est ce que je vous propose de découvrir dans ce post. Le mot de passe est la forme la plus commune d’authentification. Ce dernier est stocké dans une table Oracle sous la forme d’une clé de hachage. Lorsqu’un utilisateur tente de se connecter, le mot de passe saisi est…

 
Read More