Best Oracle Security site: http://www.petefinnigan.com/ (Pete usually writes in this list as well). There it at least one book by him in Amazon: Oracle Security: Step-by-Step I haven't personally read it, though. But after reading his white papers I'd wager it's a good book. If I ever get into DB security (seriously get into it, and not just implement the usual corporate 'security' policies) it's the first book on my list. hth Alan.- On Sun, May 23, 2010 at 2:17 PM, William Muriithi < william.muriithi@xxxxxxxxxxxxxxxxxxx> wrote: > Thanks guys > > > > > > Depending upon what you're trying to learn, I found David Litchfield's > The Oracle Hacker's Handbook to be one of the most enlightening books on > possible exploits for vulnerabilities in Oracle. > > > > Good question, I was looking for a couple of details: > > - Initial setup, precisely how strip all unnecessary schemas, permission. > Then add back permission when need arise and only as narrowly as possible > > - RBAC and MAC setup. I am especially interested to see how practical it is > to implement RBAC on oracle > > - Auditing > > > William > > > Jonathan > > > > Here's an Amazon URL for the book: > > > > > http://www.amazon.com/Oracle-Hackers-Handbook-Hacking-Defending/dp/0470080221/ref=pd_bxgy_b_img_a/103-0681362-4563844 > > > > On Sat, May 22, 2010 at 4:32 PM, William Muriithi < > william.muriithi@xxxxxxxxxxxxxxxxxxx> wrote: > > Hello Pals, > > > > I am planning to pick an oracle book with mainly security bias. I have > already looked through Oracle security handbook (ISBN 0-07-213325-2) and > though well written and good read, it sound a tad dated. It, for example > does not have anything to do with oracle 10g as it was written in 2001. > > > > A bit of googling and I am now inclined to pick "HOWTO Secure and Audit > Oracle 10g and 11g" or "Effective Oracle Database 10g Security by Design". > Which of the two book is a better read? Or even better, is there another > book out there that is even better that the above two? > > > > Regards, > > > > William-- > > //www.freelists.org/webpage/oracle-l > > > > > > > > -- > //www.freelists.org/webpage/oracle-l > > >