1

I have a 10.2.0.5.0 Oracle Database and a list of users who i need to grant some privileges to (Mainly to generate reports and so on). I used impersonation, which means i created one Oracle user so that all application users access that Oracle user to be able to reach the data in my database. All privileges from here on should be specified for that oracle user only.

Two security questions related to the issue above:

  1. Does granting REFERENCES privilege to the Oracle user pose any security threat on the data? Or is it a select (view-only) privilege? According to oracle " REFERENCES Enables a user to create a foreign key dependency on a table or materialized view. The REFERENCES privilege on a parent table implicitly grants SELECT privilege on the parent table.
  2. Can i set an encryption on my oracle database other than TDE (Transparent data encryption). According to my knowledge, TDE will serve as backup media security only and anyone accessing the DB from inside my network can still view/export clear data. The encryption I'm looking for has to render data incomprehensible if any attack succeeded to access the database (3-DES maybe?).
Optimus Prime
  • 298
  • 3
  • 12

1 Answers1

0

What threats are you concerned about? Being able to perform a SELECT is a security risk, if that user is not supposed to be authorized to view the data. You need to be more explicit in your question, and with yourself.

Other than that, you will need to get specific answers from Oracle professionals. For instance this site.

Community
  • 1
schroeder
  • 123,438
  • 55
  • 284
  • 319