Skip to main content

Database Authentication

Authentication is the process of verifying the identity of a user, device, or other entity in a computer system, often as a prerequisite to granting access to resources in a system.

Oracle provides several means for users to be authenticated before they are allowed to create a database session.

Database Authentication

Identified and authenticated by the database, which is called database authentication. If you choose database authentication for a user, then administration of the user account including authentication of that user is performed entirely by Oracle Database.

External Authentication

Authenticated by the operating system or network service, which is called external authentication.

When you choose external authentication for a user, the user account is maintained by Oracle Database, but password administration and user authentication is performed by an external service. This external service can be the operating system or a network service, such as Oracle Net.

Global Authentication & Authorization

Authenticated globally by Secure Sockets Layer (SSL), called global users, whose database access is through global roles, authorized by an enterprise directory.

Oracle Advanced Security enables you to centralize management of user-related information, including authorizations, in an LDAP-based directory service. Users can be identified in the database as global users, meaning that they are authenticated by SSL and that the management of these users is done outside of the database by the centralized directory service. Global roles are defined in a database and are known only to that database, but authorizations for such roles is done by the directory service.

Proxy Authentication & Authorization

Allowed to connect through a middle-tier server that authenticates the user, assumes that identity, and can enable specific roles for the user. This combination of actions and abilities is called proxy authentication and authorization.

It is possible to design a middle-tier server to proxy clients in a secure fashion.


Oracle provides three forms of proxy authentication:

The middle-tier server authenticates itself with the database server and a client, in this case an  application user or another application, authenticates itself with the middle-tier server. Client identities can be maintained all the way through to the database.

The client, in this case a database user, is not authenticated by the middle-tier server. The clients identity and database password are passed through the middle-tier server to the database server for authentication.

The client, in this case a global user, is authenticated by the middle-tier server, and passes one of the following through the middle tier for retrieving the client's user name.




Labels:

Comments

Post a Comment

Popular posts from this blog

What is the difference between Elastic and Enterprise Redis w.r.t "Hybrid Query" capabilities

  We'll explore scenarios involving nested queries, aggregations, custom scoring, and hybrid queries that combine multiple search criteria. 1. Nested Queries ElasticSearch Example: ElasticSearch supports nested documents, which allows for querying on nested fields with complex conditions. Query: Find products where the product has a review with a rating of 5 and the review text contains "excellent". { "query": { "nested": { "path": "reviews", "query": { "bool": { "must": [ { "match": { "reviews.rating": 5 } }, { "match": { "reviews.text": "excellent" } } ] } } } } } Redis Limitation: Redis does not support nested documents natively. While you can store nested structures in JSON documents using the RedisJSON module, querying these nested structures with complex condi...
Post a Comment
Read more

How are vector databases used?

  Vector Databases Usage: Typically used for vector search use cases such as visual, semantic, and multimodal search. More recently, they are paired with generative AI text models for conversational search experiences. Development Process: Begins with building an embedding model designed to encode a corpus (e.g., product images) into vectors. The data import process is referred to as data hydration. Application Development: Application developers utilize the database to search for similar products. This involves encoding a product image and using the vector to query for similar images. k-Nearest Neighbor (k-NN) Indexes: Within the model, k-nearest neighbor (k-NN) indexes facilitate efficient retrieval of vectors. A distance function like cosine is applied to rank results by similarity.
Post a Comment
Read more

Feature Engineering - What and Why

Feature engineering is a crucial step in the machine learning pipeline where you create new, meaningful features or transform existing features to improve the performance of your predictive models. It involves selecting, modifying, or creating features from your raw data to make it more suitable for machine learning algorithms. Here's a more detailed overview of feature engineering: Why Feature Engineering? Feature engineering is essential for several reasons: Improving Model Performance: Well-engineered features can significantly boost the predictive power of your machine learning models. Handling Raw Data: Raw data often contains noise, missing values, and irrelevant information. Feature engineering helps in cleaning and preparing the data for analysis. Capturing Domain Knowledge: Domain-specific insights can be incorporated into feature creation to make the model more representative of the problem. Common Techniques and Strategies: 1. Feature Extraction: Transforming raw data...
Post a Comment
Read more