Infrastructure at your Service

Security Archives - Page 4 of 5 - Blog dbi services

Stephane Biehler

D2 performance issues due to KB3038314 IE patch

By | Application integration & Middleware | No Comments

I ran into a strange issue by a customer. When trying to open a huge VD on the D2’s right panel the browser freezes. It seems to be due to an Internet Explorer security patch. It is introducing huge performance issues. So if you run into strange issues concerning your web browser check the patch version of IE. The security patch which causes issues is KB3038314.

Read More
Nicolas Jardot

Use a wallet to encrypt Oracle client passwords

By | Database management | No Comments

In our more and more connected world, security is a big concern. Storing password is a very important topic because if a machine is compromised, we can assume that any password stored in clear text are also compromised. I had the question from a customer how can we encrypt the password in our application and monitoring scripts? In this blog we will discuss one solution: using the Oracle client wallet We find passwords for Oracle…

Read More
Stéphane Haby

Security via policies

By | Database management | No Comments

Few weeks ago, I presented the session on security via Policies for “Les journées SQL Server 2014″, organized by the French SQL Server User Group (GUSS) in Paris. I promised to post our policies script on a blog. Security Policies are split into 4 categories: Server Instance Database Data All policies follow this naming convention: dbi_”Level number”_”Level name”_”Policy name” I give you the policy name, the condition and the query or facet associated. To understand…

Read More
Grégory Steulet

Security improvements in MySQL 5.7

By | Database management | One Comment

If you have a look on the last mysql 5.7.4 version or later you will probably see that there are several security improvements. The list of added security features and improvements can be seen on the following page: http://dev.mysql.com/doc/refman/5.7/en/mysql-nutshell.html There are three main improvements that are shortly described in this blog: 1. Nonempty plugin column 2. Password lifetime policy 3. mysql_install_db secured Nonempty plugin column As of MySQL 5.7.2, the server requires account rows in…

Read More
Stéphane Haby

SQL Server 2014: Are DENY ‘SELECT ALL USERS SECURABLES’ permissions sufficient for DBAs?

By | Database management | No Comments

SQL Server 2014 improves the segregation of duties by implementing new server permissions. The most important is the SELECT ALL USERS SECURABLES permission that will help to restrict database administrators from viewing data in all databases. My article is a complement to David Barbarin’s article ‘SQL Server 2014: SELECT ALL USERS SECURABLES & DB admins’. I have tested some cases to be sure that I can do my DBA’s job as well. As a reminder,…

Read More
David Barbarin

SQL Server 2014 : SELECT ALL USERS SECURABLES & DB admins

By | Database management | No Comments

Microsoft will introduce four new security permissions in SQL Server 2014. One of them called SELECT ALL USERS SECURABLES is the subject of this post.  As explained by Microsoft SQL Server 2014 will allow a database administrator to manage data without seeing sensitive data or personally identifiable information. We can achieve a greater compliance but we must take care what is said because we could be wrong about the terms “manage without seeing sensitive data”….

Read More
Grégory Steulet

Errors while installing Oracle Database Vault on Oracle 11.2.0.3

By | Database management | 2 Comments

During one of my last consulting missions, I had to install Oracle Database Vault on an existing Oracle environment. It clearly was not a straigthforward process, since I experienced some weird errors such as: ORA-28003: password verification for the specified password failed, ORA-20001: Password length less than 8, and ORA-01917: user or role ‘LBACSYS’ does not exist. After having a look at several log files, I found the root causes of this error. Below, you…

Read More
Grégory Steulet

ORA-03113 caused by Database Vault Rule Sets

By | Database management | No Comments

Database Vault solution allows to create rules that manage access to database. Among these rules there is what is called in Database Vault “Rule Sets”. These logic components are written as PL/SQL functions to return Boolean results.

If rule expressions do not match the user context, the access is refused and a specific message can be configured in order to warn the user that he is not authorized to access this specific object. These expressions can be for instance related to the client IP address, the session username, the time or date and many other things.

Read More