Ch. 12 Implementing Security and Audit

Question 1

Authentication
Types:
Password auth.
External a
Global a

Answer 1

Validating and identity of the user and confirming the authority to use

Question 2

Password Auth

SQL>CREATE USER inventuser IDENTIFIED BY Bcit2011;

Answer 2

Password-authenticated user accounts
- Most common
Encrypted password is stored in data dictionary

Question 3

Remove user

Answer 3

User account is unlocked by default at creation

SQL>DROP USER inventuser;

Question 4

Can drop or drop user with all objects the user owns. When dropping a user implicitly, it drops any object privileges in which user was grantor

Answer 4

SQL>DROP USER inventuser CASCADE;

Question 5

External authentication

Answer 5

DB verifies username is a valid db account and trusts OS has performed auth.

Question 6

Login to db doesnt require username or pw

Answer 6

[oracle@localhost~]$ sqlplus/

Question 7

Refer as OPS$ accounts

Answer 7

(legacy from version 6)

Question 8

OS_AUTHENT_PREFIX configured in spfile, for example, to set up login_id oracle:

Answer 8

SQL>CREATE USER ops$oracle IDENTIFIED EXTERNALLY;

Typically used for admin scripts not exposing p/w

Question 9

Global Authentication

Answer 9

DB verifies username is valid and passes connection info to advance security option for authentication (eg Biometrics, X.509 certificates, Radius)

Question 10

Dont store or validate pw in the db

Answer 10

Example set up login_id:
SQL>CREATE USER spy_master IDENTIFIED
GLOBALLY AS ‘CN=spy_master, OU=tierr2, O=security, C=Can’;