Chapter 8. Defeating Virtual Private Databases
This chapter assumes you have an understanding of virtual private databases (VPD). If you don't, I recommend Effective Oracle Database 10g Security by Design by David Knox (McGraw-Hill, 2004). In short, a VPD is a security mechanism built into Oracle that allows fine-grained access control — or row-level security. It can be considered a view on steroids, and it is used to enforce a security policy. Essentially, VPDs allow a user to access only the data that the policy specifies they can access, and no more. However, there are a number of ways of defeating VPD. This chapter looks at a few.
Get The Oracle® Hacker's Handbook: Hacking and Defending Oracle now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
