Category Archives: SOUG

SOUG Events and SIG’s

Oracle 18c new Security Features

Today I had the opportunity to give a presentation on Oracle 18c new Security Features at the SOUG day in Baden. It was a great opportunity to discuss the security enhancements in the latest Oracle database release. This release introduces some new security features that simplify the secure operation of on-premises or cloud-based databases. Especially the new central managed user with MS Active Directory.

Based on first experiences and insights, the following topics have been discussed:

  • Create schema only accounts
  • Integration of Active Directory services with Oracle Database
  • Encrypt sensitive credential data in the data dictionary
  • Write Unified Audit Trail records to SYSLOG or the Windows event viewer
  • Use Oracle Data Pump to export and import the Unified Audit Trail
  • Authentication and certification parameters
  • Enterprise User Security Manager (EUSM)
  • User defined master encryption key
  • Keystore for each Pluggable Database
  • User defined master encryption key
  • Enhancements to Oracle Database Vault simulation mode
  • Grant Data Pump-Database Vault authorizations to roles
  • Oracle Database Vault support for Oracle Database Replay

The Killer feature in this release is definitely the centrally managed user with its simple MS Active Directory integration. It is an ideal solution to simplify the user management in small / midsize environments. For larger and more complex environments it makes more sense to engineer central user management using Oracle Enterprise User Security. Many other improvements are due to Oracle’s cloud strategy. Necessary and meaningful but not earth-shattering.

The presentation is available in English over the following links:

Articles in DOAG Red Stack Magazin

A while ago I wrote two articles for the DOAG Red Stack Magazin. In the meantime both articles have been published. For this reason I use the opportunity to make the PDF versions of the articles available on oradba.ch. The articles are written in German and available as Trivadis version as well Red Stack version. Although the articles versions differ only in the number of typos and layout.

None of the articles are currently available in english. On request I will write also articles about Oracle Unified Directory in English in the future. However, currently I still have a lot of ideas for blog posts about database security, enterprise user security and unified directory on my to-do list. And blog posts I usually write in english… 🙂