Databases Reference
In-Depth Information
Security
The main question is: How secure is "Secure Enough"?
The answer to this question depends on what you're protecting, who you are
protecting it from, and the likelihood of someone wanting to steal what you are
protecting. You also need to understand the repercussions you would face if
someone was able to successfully steal the things you are protecting. To summarize,
you need to think about the questions: Who/what/how can data be accessed?
The deinition of security is subjective. My idea of security may be different from
yours as a reader of this topic. In my view, the secured data can only be seen and
edited by people who are qualiied and authorized, and that data is protected from
people who are not.
Security must be designed into applications from the outset, starting with database
design, continuing through application design, development, and testing, and inally
with implementation and training. So, plan security and the architecture, and make
sure people know the security basics. Have people in your organization who are
responsible for security, patching, and so on.
This chapter describes how to provide security for Oracle Application Express.
Oracle Application Express is secure, but developers can make it insecure. There is
a difference between administrators and developers. Administrators are responsible
for the installation from Application Express, and developers are responsible for
developing a secure application. Both views and responsibilities are discussed.
