Enhancing Security - Expert Oracle and Java Security

Database Reference

In-Depth Information

Then compile the class again. From the Chapter11 directory, execute:

javac orajavsec/OracleJavaSecure.java

Run Main to Test

Now we will run OracleJavaSecure at least five more times. You must run this as an OS (Windows) user

whose matching Oracle user has been granted the appver_admin role: your equivalent of OSADMIN . The

first time, we will generate a two-factor authentication code. The results will look like this:

Chapter11>java orajavsec.OracleJavaSecure

Main encodes a new APPVER password if given.

After encoding, paste encoded string

in setAppVerConnection method.

You may enter APPVER password on command line.

Domain: ORGDOMAIN, Name: OSADMIN

Please rerun with 2-Factor Auth Code!

We should either receive that code by two-factor authentication code distribution, or find it by

querying the appsec.v_two_fact_cd_cache view on the apver instance. You will not be able to connect as

appsec user to see that view, because we expired the appsec password; but you can select from the view

as SYS user.

Then we execute the same command with the two-factor authentication code as a parameter on the

command line:

Chapter11>java orajavsec.OracleJavaSecure 1234-5678-9012

Main encodes a new APPVER password if given.

After encoding, paste encoded string

in setAppVerConnection method.

Domain: ORGDOMAIN, Name: OSADMIN

connsHash.size = 0

Domain: ORGDOMAIN, Name: OSADMIN

2011-06-05 21:00:06

You can see that when we get the Oracle connections list for this application from the apver

instance, the list is empty, connsHash.size = 0 . We are able to insert connection strings into the list and

use them. Using one of the connection strings, we query the database to get the SYSDATE .

When we run this command again, we see that for a minute our connsHash.size = 2 , and later = 1 .

The first value is the number of connection strings in the list we get for this application from Oracle. The

second value is the number we have after calling removeAppConnString() . We immediately call

putAppConnString() twice to add and overwrite the connection strings, and then we call

putAppConnections() to store the list of two connection strings in Oracle for this application. We again

use one of them to get SYSDATE from Oracle.

Chapter11>java orajavsec.OracleJavaSecure 1234-5678-9012

Main encodes a new APPVER password if given.

After encoding, paste encoded string

in setAppVerConnection method.

Domain: ORGDOMAIN, Name: OSADMIN

connsHash.size = 2

connsHash.size = 1

Domain: ORGDOMAIN, Name: OSADMIN

Expert Oracle and Java Security

Search WWH ::

Custom Search

Home