Database Reference
In-Depth Information
Test Enhanced Security
We are at the point now where we can test everything we have established, including the segregation of
Application Authentication on a separate Oracle instance,
apver
. We will do our testing in two parts: first
using the
main()
method in
OracleJavaSecure
, then using the separate application,
testojs.TestOracleJavaSecure
.
Once again, assure that you have set the domain and other addresses at the top of
OracleJavaSecure.java
to be appropriate for your organization. Also assure that the SQL command at the
top of the file has been commented. (The SQL commands at the top of the other
.java
files in this
chapter should also remain commented in order to be compiled.)
Note
The assumption in the following text is that you are running application verification on a separate
database instance,
apver
. If you are not, then the only difference is that you will be able to connect as
appsec
user to the
orcl
instance—you will not have to connect as
SYS
.
Encode the APPVER User Password for APVER Instance
The first time we run
OracleJavaSecure
, we will have just one goal: to create a new encoded Oracle
connection string for the
appver
user on the
apver
instance. Scroll down to the
main()
method in
OracleJavaSecure.java
and edit the
encodeThis
String
components, shown in Listing 11-53, to point at
the
apver
instance instead of
orcl
.
Listing 11-53.
Switch appver Connection String from ORCL to apver
encodeThis = "jdbc:oracle:thin:appver/" + encodeThis +
//"@localhost:1521:orcl";
"@localhost:1521:apver"
;
Caution
If you did not create an additional Oracle database instance dedicated to application verification, then
do not make this change to the code. You do not need to update the encoded connection string,
prime
.
Then compile the class and run it. From the Chapter11 directory, execute:
javac orajavsec/OracleJavaSecure.java
java orajavsec.OracleJavaSecure appverPassword
You will see something like the following as a result:
Main encodes a new APPVER password if given.
After encoding, paste encoded string
in setAppVerConnection() method.
030a42105f1b3311133a0048370707005f020419190b524204041819015c390f5300121b3314303a