Database Security

  Home  Oracle  Database Security


“Database Security Oracle Frequently Asked Questions in various Database Security Interviews asked by the interviewer. So learn Database Security Oracle with the help of this Database Security Interview questions and answers guide and feel free to comment as your suggestions, questions and answers on any Database Security Interview Question or answer by the comment feature available on the page.”



23 Database Security Questions And Answers

5⟩ Explain What is a trace file and how is it created?

Each server and background process can write an associated trace file. When an internal error is detected by a process or user process, it dumps information about the error to its trace. This can be used for tuning the database.

 149 views

8⟩ Explain What are the system resources that can be controlled through Profile?

The number of concurrent sessions the user can establish the CPU processing time available to the user's session the CPU processing time available to a single call to ORACLE made by a SQL statement the amount of logical I/O available to the user's session the amout of logical I/O available to a single call to ORACLE made by a SQL statement the allowed amount of idle time for the user's session the allowed amount of connect time for the user's session.

 149 views

11⟩ Explain What are the responsibilities of a Database Administrator?

Installing and upgrading the Oracle Server and application tools.

Allocating system storage and planning future storage requirements for the database system. Managing primary database structures (tablespaces) Managing primary objects (table,views,indexes)

Enrolling users and maintaining system security. Ensuring compliance with Oralce license agreement Controlling and monitoring user access to the database. Monitoring and optimizing the performance of the database. Planning for backup and recovery of database information. Maintain archived data on tape

Backing up and restoring the database. Contacting Oracle Corporation for technical support.

 155 views

12⟩ Explain What is default tablespace?

The Tablespace to contain schema objects created without specifying a tablespace name.

SYSTEM is the default tablespace. if the user doesnt have a default tablespace, or hasnt mention the default tablespace clause while creating the table, the table would be created in the SYSTEM tablespace.

 149 views

14⟩ Explain What are the roles and user accounts created automatically with the database?

DBA - role Contains all database system privileges.

SYS user account - The DBA role will be assigned to this account. All of the base tables and views for the database's dictionary are store in this schema and are manipulated only by ORACLE.

SYSTEM user account - It has all the system privileges for the database and additional tables and views that display administrative information and internal tables and views used by oracle tools are created using this username.

 187 views

15⟩ Explain What are the steps to creating a password authentication file?

The steps are :

* First set REMOTE_LOGIN_PASSWORDFILE=EXCLUSIVE in init.ora file

* Then dbs$orapwd file=orapw$ORACLE_SID password=sys force=y

* Then startup force;

* Then grant sysdba to user(any user in the database);

* Then conn user/user

* Then conn user/user as sysdba

* Then show user

 163 views

16⟩ Explain What are the database administrators utilities avaliable?

SQL * DBA - This allows DBA to monitor and control an ORACLE database.

SQL * Loader - It loads data from standard operating system files (Flat files) into ORACLE database tables.

Export (EXP) and Import (imp) utilities allow you to move existing data in ORACLE format to and from ORACLE database.

 151 views

17⟩ Explain if you have database,then how can you tell the data in the "database is secured". And what is ment by "data validation"?

If we want to say that our Database is secured then we must confirm first that our Data is validate.There are various methods of validating the Data:1. Accept only known valid Data.2. Reject known Bad Data.3. Sanitize Bad data. We cannot emphasize strongly enough that "Accept Only Known Valid Data" is the best strategy. We do, however, recognize that this isn't always feasible for political, financial or technical reasons, and so we describe the other strategies as well.All three methods must check: * Data Type * Syntax * Length Data type checking is extremely important. The application should check to ensure a string is being submitted and not an object, for instance.Accept Only Known Valid DataAs we mentioned, this is the preferred way to validate data. Applications should accept only input that is known to be safe and expected. As an example, let's assume a password reset system takes in usernames as input. Valid usernames would be defined as ASCII A-Z and 0-9. The application should check that the input is of type string, is comprised of A-Z and 0-9 (performing canonicalization checks as appropriate) and is of a valid length.Reject Known Bad DataThe rejecting bad data strategy relies on the application knowing about specific malicious payloads. While it is true that this strategy can limit exposure, it is very difficult for any application to maintain an up-to-date database of web application attack signatures.Sanitize All DataAttempting to make bad data harmless is certainly an effective second line of defense, especially when dealing with rejecting bad input. However, as described in the canonicalization section of this document, the task is extremely hard and should not be relied upon as a primary defense technique.

 164 views

19⟩ What are the security features in Oracle?

Data abstraction has been achieved in Oracle by separating the client and the server side logic. Therefore the client applications cannot manipulate the data. The triggers perform content based auditing and selectively disable application updates.

Access control can be achieved in Oracle by allowing the users to manipulate the data by using only their definer?s permitted previledges.

 152 views