Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Create Onion Layers of Security"] [Next entry: "Oracle Forensics Response"]

Database Vault without Database Vault



I did a talk in Slovenia in 2022 that explores the questions, "What is Database Vault?" and "What can we do if we don't have Database Vault?". I have posted the slides to our website today and the talk is Database Vault without Database Vault and I have also updated our Oracle Security white papers page and added a link to this talk.

This is an interesting talk and its split into two halves. The first part looks at what is Database Vault, what are its main components and also a little on hacking database vault.

The second half of the talk is the more interesting part and is focused on how can we achieve the same results or close to them if we don't have database vault. The obvious case for the need to do this would be in a database that is Standard Edition where we cannot use Database Vault. The other key element is doing it for free with standard security features of the database. Lets be clear, we cannot 100% simulate Database Vault for free as Database Vault is built into the Kernel C code and cannot easily be bypassed because of this. We can however get similar effects for some of the ideas in Database Vault using views/code/contexts and also triggers and also by careful design of users and privileges and use of users such as SYS and SYSTEM. If we would like the better security of Database Vault and don't have it or cannot use it this is a start for what we can do.

This is a great talk and I enjoyed writing it and presenting it. The slides are new on my site, please have a look

#oracleace #23c #dbsec #oracle #database #security #vault #lockdown