There are several other, more secure ways to allow
remote access to the database.
Oracle Identity Management
Oracle Identity Management (IM), a component of Oracle Application Server 10g and 11g, provides
a complete end-to-end framework for centrally managing user accounts, from account creation to
resource authorization to account deletion. It centralizes the management of accounts along with
Chapter 9: Database Security and Auditing 287
the devices, applications, web services, or any other networked entity that uses authentication
and authorization.
IM saves money and time. Because the user accounts and the associated resources are
centralized, administration is the same regardless of the application being maintained.
In addition, IM enhances the security of the enterprise. Because users only use one username
and password to access all enterprise resources, they are less prone to write down or forget their
password. When a user leaves the company, all access to applications and services can be removed
quickly and easily in one place.
Although a complete treatment of Oracle Identity Management is beyond the scope of this
book, it??™s important for the DBA to understand how the components of IM will impact the
performance and security of the Oracle database. The user account information and other metadata
needs to be stored somewhere, and stored redundantly, in an Oracle database. In addition, the
requests for authentication and authorization services must be processed within a reasonable
amount of time, defined most likely within the Service Level Agreements (SLAs) in effect for one
or more of the applications.
Pages:
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485