This was a talk I did at the UKOUG conference in December 2018 held in Liverpool. This was a good conference and I gave this talk about least rights for users in the Oracle database. The talk starts off by looking at the layers that need to be considered when securing an Oracle database. We then talk about least privileges, what it is and how its hard to achieve in an Oracle database. We talked about the different types of actors involved and also at a high level how the database works and how data moves and is processed by Oracle (at a high level). We then demonstrated some tools to gather all of the existing granted rights in the database.
We then did a demo of hacking my sample database and also listed all of the issues we located or that contributed to this hack. There are many layers of problems but least privilege is the main one so we choose to fix this in my sample application and then show how it worked and reduced the extend of the attacks to nearly zero.
I finish by talking about the different types of privilege and how they affect the security of data
Please have a look at the MS PPT slides; they are newly posted to my site, for more details.
#oracleace #oracle #user #least #privilege