This is much better than the Oracle Documentation. Easier to read and presents the information in a clear and concise manner. If you can't take the Oracle Security class from Oracle Education this is the next best thing. The only thing bad that I could say about this is . . . . Pete Finnigan could of been brought in to get a different perspective.

I'm trying to set up proxy authentication and the book made a lot of assumptions about what I know. The author uses the SCOTT, BLAKE and APP_USER accounts and assumes that we know exactly how these accounts where set up. It would seem that the APP_USER account seems to be the schema owner, or is it the SCOTT and BLAKE accounts. Am I to assume that the SCOTT account is the defualt demo account that is setup by oracle? Being new to high level Oracle security I would have preferred a step-by-step approach to solving my security problems. I noticed that all other reviews where by people that seem to have a handle on this and just needed hints. Even the setting up of an LDAP sever was confusing, we never got it to work and even after following the steps did not get the same things that the author got. Even though I have not been a DBA for too long I have been using Oracle for 20 years now, so I'm not a novice.

Buy this book if you haven't already... it's wonderful!

An easy/enjoyable read full of everything you need to know about locking down a 10gDB install!

Effective Oracle Database 10g Security by Design is sooo helpful.

There is a lot of good info in the Oracle documentation, but David Knox fill in a lot of the blanks.

Effective Oracle Database 10g Security by Design is sooo helpful.

There is a lot of good info in the Oracle documentation, but David Knox fill in a lot of the blanks.

It would be easy to be secure if all the data were in one room, there were no connections to the outside world (well I guess you have to have power coming in, but that's all), and there were no people who knew the data.

Unfortunately that's not the real world. Breaking the German and Japanese codes during World War II would have been meaningless if that information wasn't used to sink the submarines, divert the convoy, or be ready at Midway.

The situation hasn't changed, but the integral capabilities of the Oracle database itself have. As security has gotten ever more important, the steps you need to take get every more complex. At the same time, the users of your data can't be expected to agree, they have a job to do and if security systems prevent them from doing their job they will find ways to bypass or ignore the security system.

This book can be read on two levels. First it is an excellent primer on security in general. Second it is Oracle centric so that anyone responsible for security on an Oracle based system need go no further.

Note that the Foreward is by David Carey, former Executive Director of the Central Intelligence Agency. It is generally believed that a big contract from the CIA was Oracle's first major success. The implication is that the CIA worked with Oracle to develop the security system discussed here. If the CIA says it's good enough....

It would be easy to be secure if all the data were in one room, there were no connections to the outside world (well I guess you have to have power coming in, but that's all), and there were no people who knew the data.

Unfortunately that's not the real world. Breaking the German and Japanese codes during World War II would have been meaningless if that information wasn't used to sink the submarines, divert the convoy, or be ready at Midway.

The situation hasn't changed, but the integral capabilities of the Oracle database itself have. As security has gotten ever more important, the steps you need to take get every more complex. At the same time, the users of your data can't be expected to agree, they have a job to do and if security systems prevent them from doing their job they will find ways to bypass or ignore the security system.

This book can be read on two levels. First it is an excellent primer on security in general. Second it is Oracle centric so that anyone responsible for security on an Oracle based system need go no further.

Note that the Foreward is by David Carey, former Executive Director of the Central Intelligence Agency. It is generally believed that a big contract from the CIA was Oracle's first major success. The implication is that the CIA worked with Oracle to develop the security system discussed here. If the CIA says it's good enough....

Best Book for Oracle Security.
Comprehensive and well-written describe Oracle 10g new features for security.

Best Book for Oracle Security.
Comprehensive and well-written describe Oracle 10g new features for security.

This is THE book to own on Oracle 10g Security. In addition to database security, the book also does a great job explaining 10g J2EE application security and identity management. If you want to fully leverage Oracle's powerful database security features in your Oracle applications--and you should--this might be the only detailed roadmap you will find. It IS the only one I could find!

Unlike most of Oracle's documentation, which requires you to go through several manuals to accomplish something, this book provides a high to mid level step by step guide for implementing defense in depth and least privilege security for Oracle 10G databases. Granted, this book doesn't go extremely deep to the point of Thomas Kyte's reference manual, but it is an easy read and has specific examples that will help you do basic implementations of Oracle's strongest security capabilities.
I highly recommend this book for anyone interested. You will find useful material, regardless of your expertise level.

If the solution to your Oracle security problem cannot be found in David Knox's Effective Oracle Security by Design, it cannot be found anywhere. This book is invaluable for anyone needing to understand or implement security in an Oracle 10g or 9i database or middle tier. In addition to clear explanations, there are tested code examples for virtually every task. I would strongly urge anyone concerned with building secure IT systems read this book and take its suggestions. Frankly, I'm not sure how else one could do it.

This book is a MUST read for everyone interested in Oracle's security offerings. Mr. Knox does an exceptional job at explaining all aspects of database security ranging from Oracle7/8 to Oracle10. I would highly recommend this book to anyone who needs to quickly come up to speed on the newer security offerings within the Oracle product stack.

When reading books that serve as Design Guides, the litmus test for it's effectives lies in the answer to the following question, - "Did this book really help me in implementing a solution?" The answer for me was a resounding "YES" especially with regards to Label Security and Proxy Authentication. David Knox does a great job of explaining database security concepts through his examples. Furthermore the passage of an identity through the various layers of an n-tier computing model is clearly explained. The author has done a marvelous job of distilling and articulating his experiences in the information security space.