Oracle® Database Administrator's Guide 11g Release 2 (11.2) Part Number E10595-06 |
|
|
View PDF |
After you create a database as described in "Creating a Database with DBCA" or "Creating a Database with the CREATE DATABASE Statement", the instance is left running, and the database is open and available for normal database use. You may want to perform other actions, some of which are discussed in this section.
In this release of Oracle Database, several enhancements were made to ensure the security your database. You can find security guidelines for this release in Oracle Database Security Guide. Oracle recommends that you read these guidelines and configure your database accordingly.
After the database is created, you can configure it to take advantage of Oracle Identity Management. For information on how to do this, please refer to Oracle Database Enterprise User Security Administrator's Guide.
A newly created database has at least three user accounts that are important for administering your database: SYS
, SYSTEM
, and SYSMAN
. Additional administrative accounts are provided that should be used only by authorized users. To protect these accounts from being used by unauthorized users familiar with their Oracle-supplied passwords, these accounts are initially locked with their passwords expired. As the database administrator, you are responsible for the unlocking and resetting of these accounts.
See Oracle Database 2 Day + Security Guide for a complete list of predefined user accounts created with each new Oracle Database installation.
Caution:
To prevent unauthorized access and protect the integrity of your database, it is important that new passwords for user accountsSYS
and SYSTEM
be specified when the database is created. This is accomplished by specifying the following CREATE DATABASE
clauses when manually creating you database, or by using DBCA to create the database:
USER SYS IDENTIFIED BY
USER SYSTEM IDENTIFIED BY
See Also:
"Administrative User Accounts" for more information about the users SYS
and SYSTEM
Oracle Database Security Guide to learn how to add new users and change passwords
Oracle Database SQL Language Reference for the syntax of the ALTER USER
statement used for unlocking user accounts
Transparent data encryption is a feature that enables encryption of individual database columns before storing them in the datafile, or enables encryption of entire tablespaces. If users attempt to circumvent the database access control mechanisms by looking inside datafiles directly with operating system tools, transparent data encryption prevents such users from viewing sensitive information.
Users who have the CREATE TABLE
privilege can choose one or more columns in a table to be encrypted. The data is encrypted in the data files and in the audit logs (if audit is turned on). Database users with appropriate privileges can view the data in unencrypted format. For information on enabling transparent data encryption, see Oracle Database Advanced Security Administrator's Guide.
For large-scale deployments where applications use password credentials to connect to databases, it is possible to store such credentials in a client-side Oracle wallet. An Oracle wallet is a secure software container that is used to store authentication and signing credentials.
Storing database password credentials in a client-side Oracle wallet eliminates the need to embed usernames and passwords in application code, batch jobs, or scripts. This reduces the risk of exposing passwords in the clear in scripts and application code, and simplifies maintenance because you need not change your code each time usernames and passwords change. In addition, not having to change application code also makes it easier to enforce password management policies for these user accounts.
When you configure a client to use the external password store, applications can use the following syntax to connect to databases that use password authentication:
CONNECT /@database_alias
Note that you need not specify database login credentials in this CONNECT
statement. Instead your system looks for database login credentials in the client wallet.
See Also:
Oracle Database Advanced Security Administrator's Guide for information about configuring your client to use a secure external password store and for information about managing credentials in it.The Oracle Database distribution media includes various SQL files that let you experiment with the system, learn SQL, or create additional tables, views, or synonyms.
Oracle Database includes sample schemas that help you to become familiar with Oracle Database functionality. All Oracle Database documentation and training materials are being converted to the Sample Schemas environment as those materials are updated.
The Sample Schemas can be installed automatically by the Database Configuration Assistant, or you can install them manually. The schemas and installation instructions are described in detail in Oracle Database Sample Schemas.