Database management system security
This topic describes the database management system security.
The Center for Internet Security (CIS) has produced hardening checklists or benchmarks that are specific to each database management system.
Caveats for DB2 for Linux®, UNIX , and Windows hardening recommendations
The following are caveats or deviations from the recommendations in CIS IBM® DB2® Benchmark v1.1.0 that was released on December 31, 2009.
In Recommendation 3.1.14 — Set maximum connection limits, the CIS recommends setting the parameters max_coordagents and max_connections to 100. Depending on how many IBM agents and application servers you start up, you may need more.
In Chapter 4, the CIS recommends the use of Label-Based Access Control (LBAC), which is a separately licensed DB2 component. The Sterling Selling and Fulfillment Suite applications are not certified for use with LBAC.
Caveats for Oracle hardening recommendations
The following are caveats or deviations from the recommendations in CIS Oracle Database 11g Benchmark v1.0.1 that was released on January 10, 2010.
Some of the hardening recommendations (such as 8.09 — Set CPU_PER_SESSION as appropriate and 8.11 — Set LOGICAL_READS_ PER_SESSION as appropriate) restrict the amount of CPU and I/O resources that a session or a user can consume. Setting the limits too low can cause application transactions to be abnormally terminated. Please use these controls with caution.
Some of the recommendations (such as 8.13 — Set CONNECT_TIME as appropriate and 8.14 — Set IDLE_TIME as appropriate) limit the amount of time that connections are opened, or the amount of time connections are idle. Setting these thresholds could cause Oracle to close connections that are managed by the application's connection pools.
In Requirement 14.01, the CIS recommends enabling and applying Oracle Label Security (OLS), which is a separately licensed Oracle component. The Sterling Selling and Fulfillment Suite applications are not certified for use with OLS.