Introduction
Up until now we talked about physical data security concepts and various measures that can be taken to guard against physical data theft or the interception of data in transit over a network.
For example, we used different methods, such as encrypting data in transit using network encryption, the data at rest using DBMS_CRYPTO, and Transparent Data Encryption features.
Many threats can unexpectedly originate from users that are assigned more data access privileges than are required to perform their job functions. Another threat could come from an attacker who has penetrated an environment and has gained knowledge of an account used by an application that accesses database data. The application itself may have logic that would have placed limits on the data that could be retrieved (for example, a Human Resources application may only allow a manager to access data in his direct reports). However, the attacker could now bypass this control and access all data directly through the...
