Databases Reference
In-Depth Information
The irst part of the chapter will discuss the responsibilities of an administrator:
• Installation from Application Express
• Installation from patches
• Security in the database
• Security in the web server
• Session time out
• Password rule(s)
The second part of the chapter will discuss the security aspects for the Oracle
Application Express developer. For application developers, security can be a
very dificult subject. The application must be tested from the perspective of a
hacker or someone who deliberately wants to do harm. Security aspects for
developers are as follows:
• Cross-site scripting
• SQL injection
• Authentication
• Authorization
• Session state protection
• Browser security
Securing Oracle Application Express
for administrators
Oracle Application Express is secure, but developers can make it insecure.
Protecting the database environment
Oracle Application Express runs in the database, so the database environment needs
to be protected.
Follow the principle of least privilege, so a user only has access to the resources
required. Lock or remove unused users. Use sensible passwords, and do not use
the same password for
SYS
and
SYSTEM
.
