Oracle Database Advanced Security Guide has had changes in both Oracle Database Release 1 (12.1.0.1) and Release 1 (12.1.0.2).
The following are changes in Oracle Database Advanced Security Guide for Oracle Database 12c Release 1 (12.1.0.2).
The following features are new to this release:
Starting with this release, you can use the public standalone function OLS_LABEL_DOMINATES in Oracle Data Redaction policies. This function replaces the SA_UTL.DOMINATES function that takes VARCHAR2 datatype values as input.
See "Applying the Redaction Policy Based on Oracle Label Security Label Dominance" for more information.
Oracle Key Vault enables you to centralize the management of software keystores and TDE encryption keys, as well as other security objects (Java keystores (JKS)), Java Cryptography Extension (JCEKS) keystores, and credential files) across the enterprise.
See Oracle Key Vault Administrator's Guide for more information
The following are changes in Oracle Database Advanced Security Guide for Oracle Database 12c Release 1 (12.1.0.1).
The following features are new in this release:
Oracle Database 12c Release 1 (12.1) introduces a unified key management interface for Transparent Data Encryption (TDE) and other database components. This eases key administration tasks, provides for better compliance and tracking, and improves separation of duty between the database administrator and security administrator.
You now can perform all of the key and keystore management commands by using the ADMINISTER KEY MANAGEMENT statement instead of the mkstore or orapki command-line utility, Oracle Wallet Manager utility, and ALTER SYSTEM statement.
For better security and separation of duties, you now can grant the SYSKM administrative privilege to users who are responsible for managing Transparent Data Encryption.
Oracle Data Redaction (Data Redaction) gives you the ability to disguise (mask) data from low-privileged users or applications.
For example, suppose you have the following credit card numbers:
5105 1051 0510 5100
5111 1111 1111 1118
5454 5454 5454 5454
You can use Data Redaction to disguise the first 12 digits as follows:
**** **** **** 5100
**** **** **** 1118
**** **** **** 5454
The data is redacted at runtime, that is, it is hidden when the user accesses the page containing the data, but it is not hidden in the database. This enables the sensitive data to be processed normally, and it preserves the back-end referential integrity and constraints for the data. You have the option of redacting the data partially so that some of the original data is preserved (such as the last 4 digits of a credit card number), entirely by replacing it with a fixed value, or by replacing the data with an encrypted value. You also can apply Oracle Data Redaction policies throughout the databases in your enterprise.
See Introduction to Oracle Data Redaction for more information.
The following feature is deprecated:
Oracle Advanced Security has been repackaged for greater availability. The following strong authentication features are now no longer part of Oracle Advanced Security and are provided with the default Oracle Database installation.
Thin JDBC Client Network support
RADIUS authentication
Kerberos authentication
Secure Sockets Layer (SSL) authentication
Multiple authentication support
For detailed information about these features, see Oracle Database Security Guide.
The following features are part of Oracle Advanced Security and are covered in this guide:
Transparent Data Encryption
Oracle Data Redaction
As part of this change, this guide has been renamed to Oracle Database Advanced Security Guide. In previous releases, it was Oracle Database Advanced Security Administrator's Guide.