Secure Files
Oracle
Database 11g provides a series of brand-new methods for storing large binary
objects (also known as LOBs) inside the database. These new features,
collectively called Secure Files, will allow Oracle Database 11g to store
images, extremely large text objects, and the more advanced data types
introduced in prior Oracle releases (e.g., XML Type, Spatial, and medical imaging
objects that utilize the DICOM [Digital Imaging and Communications In Medicine]
format). Secure Files promises to offer performance that com-pares favorably
with file system storage of these object types, as well as the ability to
transparently compress and "deduplicate" these data. (Deduplication
is yet another brand-new feature in Oracle Database 11g. It can detect
identical LOB data in the same LOB column
that's
referenced in two or more rows, and then stores just one copy of that data,
thus reducing the amount of space required to store these LOBs.) Perhaps most importantly,
Oracle Database 11g will also ensure that these data can be encrypted using
Transparent Data Encryption (TDE) methods - especially important (and welcome)
in the current security-conscious environments we inhabit today as database
administrators.
Improved Database
Security
Oracle
Database 10g Release 2 dramatically improved the options for encrypting
sensitive data both within Oracle database tables and indexes, as well as
outside the database (i.e., RMAN backups and Data Pump export files) with
Transparent Data Encryption (TDE). Oracle Database 11g continues to expand the
use of TDE within the database. For example, it's now possible to encrypt data
at the tablespace level as well as the table and index level. Also, logical
standby data-bases can utilize TDE to protect data that's been transferred from
its corresponding primary standby database site. Moreover, secured storage of
the TDE master encryption key is ensured by allowing it to be stored
externally
from the database server in a separate Hardware Security Module. Secure By
Default. Oracle Database 11g also implements a new set of out-of-the-box
security enhancements that are collectively called Secure By Default. These
security settings can be enabled during data-base creation via the Database
Configuration Assistant (DBCA), or they can be enabled later after the
data-base has been created. Here's a sample of these new security features-
#
Every user account password is now checked automatically to ensure sufficient
password complexity is being used.
#
To further strengthen password security, the DEFAULT user profile now sets
standard values for password grace time, lifetime, and lock time, as well as
for the maximum number of failed login attempts
#
Auditing will be turned on by default for over 20 of the most sensitive DBA
activities (e.g., CREATE ANY PROCEDURE, GRANT ANY PRIVILEGE, DROP USER, and so
forth). Also, the AUDIT_TRAIL parameter is set to DB by default when the
database is created, so this means that a data-base "bounce" will no
longer be required to activate auditing
#
Fine-Grained Access Control (FGAC) is now available for network callouts when
using raw TCP (e.g.,
via
the UTL_TCP package), FGAC will be able to construct Access Control Lists
(ACLs) to provide fine-grained access to external network services for specific
Oracle Database 11g database user accounts.
#
Enterprise Manager now provides interfaces for direct management of the
External Security Module
(ESM),
Fine-Grained Auditing (FGA) policies, and Row-Level Security (RLS) policies.
#
Finally, an RMAN recovery catalog can now be secured via Virtual Private
Catalog to prevent unauthorized users from viewing backups that are registered
within the catalog.
Partitioning
Upgrades
Oracle
Database 10g made a few important improvements to partitioned tables and
indexes (e.g., hash-partitioned global indexes), but Oracle Database 11g
dramatically expands the scope of partitioning
with several new composite partitioning options: Range Within Range, List
Within Range, List Within Hash, and List Within List. And that's not all-
#
Interval Partitioning. One of the more intriguing new partitioning options,
interval partitioning is a special version of range partitioning that requires
the partition key be limited to a single column with a data type of either
NUMBER or DATE. Range partitions of a fixed duration can be specified just like
in a regular range partition table based on this partition key. However, the
table can also be partitioned dynamically based on which date values fall into
a calculated interval (e.g., month, week, quarter, or even year). This enables
Oracle Database 11g to create future new partitions automatically based on the
interval specified without any future DBA intervention.
#
Partitioning On Virtual Columns. The concept of a virtual column - a column
whose value is simply the result of an expression, but which is not stored
physically in the database - is a powerful new construct in Oracle Database
11g. It's now possible to partition a table based on a virtual column value,
and this leads to enormous flexibility when creating a partitioned table. For
example, it's no longer necessary to store the date value that represents the
starting week date for a table that is range-partitioned on week number; the
value of week number can be simply calculated as a virtual column instead.
#
Partitioning By Reference. Another welcome partitioning enhancement is the ability
to partition a table that contains only detail transactions based on those detail
transactions' relationships to entries in another partitioned table that
contains only master transactions. The relationship between a set of invoice
line items (detail entries) that corresponds directly to a single invoice (the
master entry) is a typical business example. Oracle Database 11g will
automatically place the detail table's data into appropriate sub-partitions based on the
foreign key constraint that establishes and enforces the relationship between
master and detail rows in the two tables. This eliminates the need to
explicitly establish different partitions for both tables because the
partitioning in the master table drives the partitioning of the detail table.
#
Transportable Partitions. Finally, Oracle Database 11g makes it possible to
transport a partitioned table's individual partitions between a source and a
target database. This means it's now possible to create a tablespace version of
one or more selected partitions of a partitioned table, thus archiving that
partitioned portion of the table to another database server.
No comments:
Post a Comment