| Oracle® Database Security Guide 10g Release 2 (10.2) Part Number B14266-08 |
|
|
PDF · Mobi · ePub |
| Oracle® Database Security Guide 10g Release 2 (10.2) Part Number B14266-08 |
|
|
PDF · Mobi · ePub |
Database roles that are granted to application users and that are secured by embedding passwords inside the application. See also secure application roles
An ITU x.509 v3 standard data structure that securely binds an identify to a public key.
A certificate is created when an entity's public key is signed by a trusted identity, a certificate authority. The certificate ensures that the entity's information is correct and that the public key actually belongs to that entity.
A certificate contains the entity's name, identifying information, and public key. It is also likely to contain a serial number, expiration date, and information about the rights, uses, and privileges associated with the certificate. Finally, it contains information about the certificate authority that issued it.
(CRLs) Signed data structures that contain a list of revoked certificates. The authenticity and integrity of the CRL is provided by a digital signature appended to it. Usually, the CRL signer is the same entity that signed the issued certificate.
A procedure (or program unit) that executes with the privileges of its owner, not its current user. Definer's rights subprograms are bound to the schema in which they are located.
For example, assume that user blake and user scott each have a table called dept in their respective user schemas. If user blake calls a definer's rights procedure, which is owned by user scott, to update the dept table, then this procedure will update the dept table in the scott schema. This is because the procedure executes with the privileges of the user who owns (defined) the procedure (that is, scott).
See also invoker's rights procedure.
The process of disguising a message rendering it unreadable to any but the intended recipient.
Forwardable Ticket Granting Ticket
A special Kerberos ticket that can be forwarded to proxies permits the proxy to obtain additional Kerberos tickets on behalf of the client for proxy authentication. See also Kerberos ticket
The guarantee that the contents of the message received were not altered from the contents of the original message sent.
A procedure (or program unit) that executes with the privileges of the current user, that is, the user who invokes the procedure. These procedures are not bound to a particular schema. They can be run by a variety of users and allow multiple users to manage their own data by using centralized application logic. Invoker's rights procedures are created with the AUTHID clause in the declaration section of the procedure code.
For example, assume that user blake and user scott each have a table called dept in their respective user schemas. If user blake calls an invoker's rights procedure, which is owned by user scott, to update the dept table, then this procedure will update the dept table in the blake schema. This is because the procedure executes with the privileges of the user who invoked the procedure (that is, blake.).
See also definer's rights procedure.
A temporary set of electronic credentials that verify the identity of a client for a particular service. Also referred to as a service ticket.
(KDC) A machine that issues Kerberos tickets. See also Kerberos ticket
In cryptography, generally speaking, "salt" is a way to strengthen the security of encrypted data. Salt is a random string that is added to the data before it is encrypted, making it more difficult for attackers to steal the data by matching patterns of ciphertext to known ciphertext samples. Salt is often also added to passwords, before the passwords are encrypted, to avoid dictionary attacks, a method that unethical hackers (attackers) use to steal passwords. The encrypted salted values make it difficult for attackers to match the hash value of encrypted passwords (sometimes called verifiers) with their dictionary lists of common password hash values.
Like an application roles, a secure application role is a database role that is granted to application users, but it is secured by using an Invoker's Right stored procedure to retrieve the role password from a database table. A secure application role password is not embedded in the application. See also application roles
See Kerberos ticket
|
 Copyright © 2003, 2012, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
