|
November, 2005
In
This Issue
|
|
All articles have been reprinted with the written consent of their respective authors. | ||||||||||||||||
|
||||||||||||||||
|
Policy Violations in Oracle Database
10g Oracle Database 10g includes a new feature accessible through Oracle's Enterprise Manager (OEM) called Policy Violations. Policy Violations have nothing to do with policies associated with VPD's and FGAC. Rather, Policy Violations are one more way to make your database more secure by ensure your database is as locked down as possible. This paper discusses how to use Policy Violations in Oracle Database 10g to close some security holes in your database.
Click here
for the article. | ||||||||||||||||
|
||||||||||||||||
|
Best Practice for Database Encryption
Solutions Encryption can provide strong security for data at rest, but developing a database encryption strategy must take many factors into consideration. Encryption at the database level, versus application level and file level has proved to be the ideal method to protect sensitive data and deliver performance. Organizations must balance between the requirement for security and the desire for excellent performance. Building and maintaining a secure and efficient cryptographic engine is not the easiest task. This is a specialized and complex solution area and if internal resources don’t have the cryptography expertise in relation to IT environment, outside expertise should be used to ensure superior performance. The best practice, in nearly all cases, is to use an engine that’s already available and tested. Packaged database encryption solutions have proven to be the best alternative to protect sensitive data. There is a multitude of techniques and alternative topologies for encryption at the database level. In real-world scenarios, are complex issues and experts should be used who understand all available options and the impact for each particular customer environment. Encryption engines and services come in three flavors: central, local and dedicated. In a straight comparison of costs, Local Encryption Services are generally cheaper but not secure. Dedicated Encryption Services provides high availability with key caching and real cpu offloading. Benchmarks in customer environments demonstrated the criticality of making the right selection between the different topologies for database encryption implementations. This paper reviews the performance aspects of three dominant topologies for database encryption and offers detailed guidance on scalable implementations of data at rest encryption in an enterprise environment, including encryption, key management, backup, auditing and logging should be deployed to optimize security, performance, scalability, and administration.
Click here
for the article. | ||||||||||||||||
|
||||||||||||||||
|
Confirming Invoker Rights State Oracle8i Database introduced the AUTHID clause for procedures,
functions and packages. When set to AUTHID DEFINER (the default),
then your program runs under "definer rights." This means that any
references to data objects (such as tables and views) are resolved
at compile time, based on the directly granted privileges of the
definer or owner of the program. Roles are ignored. If, on the other
hand, you set the clause to AUTHID CURRENT_USER, then any references
to data objects are resolved at run time, based on the privileges of
the currently-connected schema. And (the DBAs have got to love this)
role-based privileges are now applied. Invoker rights comes in
very handy when your application architecture requires that you have
multiple schemas with the same table structures, but you don't want
to maintain multiple copies of your code base. It is also extremely
important to use in all stored programs that contain dynamic SQL --
if you want to make sure that the dynamically contructed and
executed SQL statement runs in the currently connected schema.
Click here for more. Steven Feuerstein Training Course Quest will be hosting a series of three training courses
presented by Steven Feuerstein. Each course will be two (2) hours in
length and presented twice per day to accommodate varied time zones.
The cost is $89 per course or $225 to sign up for the series of
three. Course #1:
Focus on Collections with Steven Feuerstein For more information, go to
http://www.quest.com/training/steven_feuerstein_training_course.asp. |
||||||||||||||||
|
||||||||||||||||
|
In A Nutshell
Interested in learning more tips and techniques for SQL Server? "In A Nutshell"
is what you are looking for. Kevin Kline,
author of O'Reilly's "SQL in a Nutshell" and "Transact-SQL Programming" and President of The Professional Association for SQL Server,
offers tips, techniques and much more. Updated numerous times a week,
there is always valuable material to be had!
Click
here
to see what Kevin is up to in the SQL Server world. | ||||||||||||||||
|
||||||||||||||||
Scope change on a project is not inherently bad or good. However, your project team can react to changes in positive and negative ways. A typical reaction from most project teams is to just go ahead and make the changes. However, there is another reaction that can be more problematic. The team may not want to make any more changes. This situation usually occurs on projects that have had problems and could be for a variety of reasons. Click here for more information on building the right skillsets. | ||||||||||||||||
|
||||||||||||||||
|
Webcasts
| ||||||||||||||||
|
||||||||||||||||
|
||||||||||||||||
|
||||||||||||||||
|
Interactive Crossword
Puzzle: "Beverage Trivia"
|
||||||||||||||||
|
||||||||||||||||
|
We love getting white papers, tips, articles, and code examples/archives from our readers around the world. Send your submission to newsletter@quest-pipelines.com. If your article is published, it will be mailed to over 28,000 subscribers. Our mission at Quest Software - RevealNet Labs is to anticipate the daily responsibilities and challenges faced by database professionals. Our products help thousands of people solve problems and implement solutions every day. This newsletter is designed to help facilitate the sharing of information among database professionals. About the Newsletter This newsletter is distributed to Quest Software - RevealNet Labs customers, prospects and friends who have subscribed to it from our website. If you would like to unsubscribe, please visit http://qlist01.quest.com/UnsubMailingList/ Subscribe a Friend! Do you know someone who would like to receive the Pipeline Newsletter? If so, please enter their email address in the box below and click SUBMIT.
Past Issues of the Pipeline Newsletter |
||||||||||||||||
