Solved

Database Security

Posted on 2011-02-21
5
341 Views
Last Modified: 2012-05-11
How to get the following items from Oracle, MS SQL databases? Anyone can gives me the command?

1. All users and passwords (even encrypted)
2. All table names
3. All table privileges

Also, what is security on database that is required when doing audit?
It would be great if you can find a official security checklist.


Thank you!
0
Comment
Question by:mawingho
5 Comments
 
LVL 11

Accepted Solution

by:
Akenathon earned 125 total points
ID: 34943887
Please only one question per post. I'm answering the first question for Oracle:

1) select username, password from dba_users
2) select table_name from dba_tables
3) select * from dba_tab_privs
0
 
LVL 76

Assisted Solution

by:slightwv (䄆 Netminder)
slightwv (䄆 Netminder) earned 125 total points
ID: 34946122
Oracle privs are more complicated.

You also have:
Dba_sys_privs, dba_role_privs, role_sys_privs and another or two I can't rember right now.

Audits can cover many areas.  If you are getting ready to go through one, the auditors should provide you with the specifics on what they are looking for.

0
 
LVL 34

Assisted Solution

by:johnsone
johnsone earned 125 total points
ID: 34952126
Every auditor is going to look for something different.

I have found that they don't want the results of queries that join things together.  I guess they don't trust that you are not doing something magic in the queries.  Typically, for Oracle, they wanted dumps of DBA_SYS_PRIVS, DBA_TAB_PRIVS and DBA_ROLE_PRIVS.  They figured it out from there.

They want the user names and encrypted passwords so they can run a password cracker against them.
0
 
LVL 47

Assisted Solution

by:schwertner
schwertner earned 125 total points
ID: 34952656
In addition to the document below try to find on My Oracle Support the following doc:

207959.1
 All About Security: User, Privilege, Role, SYSDBA, O/S Authentication, Audit, Encryption, OLS, Database Vault, Audit Vault
     1) Alerts
     2) System Privileges
     3) Object Privileges
     4) Users and Roles
     5) User and Tablespace Quotas
     6) Profiles and Resource Limits
     7) Password Management
     8) Connect Internal and Password Files
     9) O/S Authentication
     10) Auditing
     11) Event Triggers
     12) Fine Grained Access Control
     13) Oracle Label Security
     14) Database Vault
     15) Audit Vault
     16) Data Encryption
     17) Security Server
________________________________________

Oracle-20Database-20Security-20F.pdf
0
 

Author Closing Comment

by:mawingho
ID: 34977049
thanks
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
Using SQL Scripts we can save all the SQL queries as files that we use very frequently on our database later point of time. This is one of the feature present under SQL Workshop in Oracle Application Express.
Via a live example show how to connect to RMAN, make basic configuration settings changes and then take a backup of a demo database
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now