Application: Oracle 8i-9i, Enterprise Edition

Download: http:/ /download.elementkjournals.com/oracle/200309/SecurityVPD.zip

A colleague recently related a story that would send chills up the spines of DBAs and security analysts alike. He was creating a Web site interface on top of a database provided by his ISP (Internet service provider). Using a third-party development tool, he mistakenly stumbled across some confusing data. It didn't take long to figure out that the data belonged to a stranger! he had unwittingly compromised the confidential information of another of the ISP's customers, stored in the same database as his own. Needless to say, he decided not to store sensitive data of any kind in this database.

This kind of thing happens all too frequently. DBAs far and wide are responsible for protecting data and must do so without sinking a lot of time into it. Traditional methods have often required fussing over a myriad of views and stored procedures, setting up and administering multiple schemas and instances, or managing complicated application-based strategies. It doesn't have to be that way. There's a server-side solution available that's manageable, data-driven, context-dependent, and that scales very nicely.

And the winner is...

Virtual private database (VPD) is Oracle marketing-speak for the potent combination of fine-grained access control (FGAC) and application contexts. FGAC implements row-level security by dynamically appending WHERE predicates generated by security policies attached to tables. Application contexts are session-specific namespaces available concurrently to applications and the database server.

In this article, we'll take a closer look at the principles behind VPD. We'll follow a simple example illustrating a basic implementation. Finally, we'll go over some caveats and provide a few tips to help make your use of VPD pay off in tighter security with less pain.

Let's go camping

Before we get too far into our discussion, let's introduce a sample application that we'll be referring to in our examples. Table A and Table B on the next page, are used by parents and summer camp counselors to record and track the adventures of young campers. Counselors will create entries in the CAMP_LOG table for the reading pleasure of parents. The goal is to keep parents from reading entries for kids other than their own. We also don't want parents updating...