Database Reference
In-Depth Information
In
resetKeys()
, Listing 7-9, we set back to
null
those static members that we set to
null
initially.
Recall that they were
null
in order to facilitate testing those variables for
null
and/or for testing
comparison to other members. We needed to set them to
null
initially in order to compile past the “may
not have been initialized” error message.
We also reset the value of
sessionSecretDESAlgorithm
to its pre-negotiated value.
Listing 7-9.
Reset all Keys,
resetKeys()
public static final void resetKeys() {
locRSAPubMod = null;
saveExtRSAPubMod = null;
extRSAPubKey = null;
sessionSecretDESPassPhraseChars = null;
sessionSecretDESKey = null;
sessionSecretDESAlgorithm = "PBEWithSHA1AndDESede";
}
Loading Updated OracleJavaSecure Class into Oracle
Connect or remain connected to Oracle database as application security,
appsec
, user with the non-
default role,
appsec_role
and copy/paste the code from the file
Chapter7\orajavsec\OracleJavaSecure.java
into your Oracle client. Uncomment the first line then run the
script to replace our Java class in Oracle database.
CREATE OR REPLACE AND RESOLVE JAVA SOURCE NAMED appsec."orajavsec/OracleJavaSecure" AS
Security Structures for the HR User
Our working model of application encryption will consist of reading data from the
HR
schema, with
sensitive columns being encrypted as they are transmitted across the network. Part of the responsibility
falls to the
application
developers who must assure that sensitive data is only available to the client in
encrypted form. Our application security schema,
appsec
, can provide the tools, but our application
developers, like
HR
, will need to implement them.
Let's explore what
HR
does to encrypt his data first. Then we'll look at what the Application Security
manager can provide to all application developers as a template for implementing this.
Exploring Privileges That Enable HR Tasks
HR
, as provided by Oracle, is a sample schema and already has a variety of system privileges.
HR
has the
default role,
RESOURCE
, and via that role, has this list of privileges:
CREATE SEQUENCE,
CREATE TRIGGER,
CREATE CLUSTER,
CREATE PROCEDURE,
CREATE TYPE,
CREATE OPERATOR,
CREATE TABLE,
CREATE INDEXTYPE
