Hi everyone, I have recently written a paper on row level security in Oracle for publication by security focus. This paper is a two part paper and the first part is published, the second part will be published later this week.
part one introduces row level security, talks about the various names it has and also why you might want to use it with listed advantages. I go on to talk about how it works and how to implement a simple example working through the various steps with example code. I then go on to test the example with differing scenarios to check it performs against the business rules defined. I talk about a couple of issues and tips. part two goes on to look into how to explore the database looking at what row level security settings are in use or indeed if it is in use, by querying v$ views, I also discuss how to use the dictionary views to understand the setup and then go on to explore how to derive the SQL including predicate from the database and also how to see if row level security is in use by inference. I also discuss some of the issues with its use. As usual I also throughout make suggestions about protecting what configuration can be read from the database. A link to part one can be found here: http://www.petefinnigan.com/orasec.htm kind regards Pete -- Pete Finnigan email:[EMAIL PROTECTED] Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details. -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Pete Finnigan INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
