Oracle BD Security

Oracle AI Database 26ai (on-premises version for Linux x86-64) brings major improvements in data security, especially in the context of the use of artificial intelligence and growing threats. Below is a detailed summary of the main security updates introduced in this release.

Main Security Improvements

SQL Firewall

SQL Firewall is now fully integrated into the database core. It analyzes each SQL request in real time and only allows authorized requests to be executed. It takes into account the context of the session: IP address, OS user, program, connection path.

  • Blocks SQL injections (including zero-day), abnormal access and credential theft.
  • Works both at the root container level and in the PDB.
  • Ideal for protecting applications and AI agents.

Key advantage: protection without middleware — impossible to bypass.

Multi-factor authentication (MFA) for local users

MFA is now also available for local (native) database users. Supported are:

  • Push notifications via Oracle Mobile Authenticator (OMA)
  • Cisco Duo
  • Certificate authentication

Even if the password is compromised, access is blocked without the second factor.
Available starting with Release Update 23.9 and later.

Schema Privileges

New schema privileges simplify access management. Now you can grant privileges (e.g. SELECT ANY TABLE) directly on the entire schema, not on each object.

Special administrative privileges have been introduced:

  • ADMINISTER ROW LEVEL SECURITY POLICY
  • ADMINISTER FINE GRAINED AUDIT POLICY
  • ADMINISTER REDACT POLICY

New views: DBA_SCHEMA_PRIVS and others.

Advantage: easier compliance with the principle of least privileges, less manual work and reduced risks of privilege escalation.

Maximum password length increased

The maximum password length has been increased to 1024 bytes (from only 30 bytes previously). Supports multicharacter sets (NLS), long passwords from IDCS / IAM.

Allows the creation of much stronger passwords and unifies the rules with Oracle cloud services.

Read-Only users and sessions

New mechanisms allow the creation of users or switching sessions to read-only mode (temporarily or permanently), regardless of existing privileges.

Useful for testing, administration, and limiting access to certain segments of applications without changing roles.

DB_DEVELOPER_ROLE Role

The new DB_DEVELOPER_ROLE role is specifically designed for application developers. It grants only the strictly necessary privileges, respecting the principle of least privilege — without granting unnecessary broad rights.

Reduces risks and simplifies the work of developers in a secure environment.

Kerberos, RADIUS and local auto-login wallet improvements

  • Updated Kerberos library (MIT Kerberos 1.21.2)
  • RADIUS improvements (more flexible and secure configuration)
  • Local auto-login wallets are more secure and strictly tied to the host (no root access required)
  • Improved protection for TDE keystores

Banning deprecated ciphers

New parameter in sqlnet.ora:
SSL_ENABLE_WEAK_CIPHERS = FALSE

Completely bans the use of outdated and insecure ciphers. Simplifies compliance with security standards and audits.

DBMS_CRYPTO improvements

Extension of the PL/SQL package DBMS_CRYPTO: new algorithms, improved performance and increased security for cryptographic operations.

Column Level Auditing

Now you can audit access and changes on individual columns, not just the entire table.

Perfect for GDPR, PCI DSS and other regulatory compliance – precise control over sensitive data.

Conclusion

Oracle AI Database 26ai offers a significant leap in database security, especially for AI-intensive environments and large data volumes. Most features are already available in the latest Release Updates.

Download and test it yourself!

Which security feature would you like to test first? Leave comments below!

#Oracle26ai #OracleDatabase #DataSecurity #DataProtection #TechnologicalInnovation

-