Go to the FreeLists Home Page Home Signup Help Login 		 



[oracle-l] || [Date Prev] [05-2007 Date Index] [Date Next] || [Thread Prev] [05-2007 Thread Index] [Thread Next]

Re: DBMS_RLS and Security

  • From: rjamya <rjamya@xxxxxxxxx>
  • To: wjwagman@xxxxxxxxxxx
  • Date: Tue, 1 May 2007 20:39:35 -0400
Bill,

Not sure if you can really hide it from the dba. My understanding is if a
user has 'access exempt policy' privilege, then policies don't apply.

The article states that by 'wrapping' plsql code, you can hide the policy
implementation from the dbas. But a malicious dba can set an event to dump
the full sqltext on the next hard parse. Plus if you do db_extended_audit,
that information will be visible to any dba, including bind values in the
fga audit trail (if so enabled) ... oh and you can head to Pete Finnigan's
site to see how one an attempt to unwrap the wrapped code. In 10g, you can
compress the code after wrapping it, but there is an event to disable that
compression too,

As for loosing data, not sure, but if the policies are not implemented
appropriately, that data will not be seen and users might think it is
missing. Because unless you see the actual sql, you can't really say if the
data isn't there or it is restricted by policy.

AFAIK, oracle application server is not required for dbms_rls usage. The
only thing that can protect data from DBAs is database vault outside of
encryption. Then again, think about it, if you don't trust your DBAs, you
have got a bigger problem. The buck has to stop somewhere.

we have used dbms_rls in 9i to restrict data that each user can see, no app
server, it is oracle forms client/server application.

rjamya


On 5/1/07, William Wagman <wjwagman@xxxxxxxxxxx> wrote:


Greetings,

One of my users sent me this URL for a paper on improving security,
http://www.oracle.com/technology/pub/articles/jucan_security.html. The
writer presents a technique for hiding columns using DBMS_RL to create
policies to hide data. Apparently one can even hide data from a user
with full DBA access. I had a conversation with one of my co-workers who
had just attended an Oracle taught security class and she reported that
there are numerous examples of users losing data when attenpting to do
this. Apparently the class instructor also did not have real good
feelings about this technique as well. It apparently also takes
advantage of Oracle Application server's security which makes it appear
that application server is required in order to utilize this
methodology. Unfortunately I don't have a good enough understanding of
the process to give a concise explanation. I am interested in knowing if
others are familiar with this technique, have used it and what your
experiences were.

Thanks.

Bill Wagman
Univ. of California at Davis
IET Campus Data Center
wjwagman@xxxxxxxxxxx
(530) 754-6208
--
http://www.freelists.org/webpage/oracle-l






--
-----
Best regards
RJamya




[ Home | Signup | Help | Login | Archives | Lists ]

All trademarks and copyrights within the FreeLists archives are owned by their respective owners.
Everything else ©2007 Avenir Technologies, LLC.