Database Reference
In-Depth Information
C H A P T E R 1
Introduction
This topic is a walk through Oracle and Java technology. I will weave the story of Oracle Database and
Java security on the loom of these pages. The particular thread we will weave is code. This is a story for
programmers.
This story will take you through several large tasks to help you start securing your Oracle
applications. We will not be building any specific application, but will focus on the security aspects in
building an application. In order to make this learning effort feel like a practical application, we will
apply our efforts to the HR sample schema that is available with the Oracle Database 11g installation.
I hope to maintain a conversational tone, because I want to teach the concepts of secure
programming. We are going to have “the talk” about secure programming. When you have read this
topic, you will be well equipped for the most difficult application programmer assignment of our day:
defending our applications and computers
.
Requirements
In order to work through the examples in this topic, you will need an installation of Oracle Database 11g,
Enterprise Edition, Release 11.2 or later. You will also need to have the Java Development Kit, 1.5 or later,
installed on your workstation. That is it.
I will refer to some other products as we go along, but the intent of this topic is to cover topics and
approaches that will be useful to Oracle and Java programmers, rather than committing to any
additional products. However, you should note that much of what we will do here can be acquired
through commercial products from Oracle corporation and elsewhere.
Notably, two of the features we will be building in this topic—data encryption over the network and
data encryption on disk—are available in a product from Oracle called Oracle Advanced Security. That
product is relatively easy to configure and use, although it is expensive. But adding encryption onto a
badly secured database or application will just hide the things you, as a programmer, should be
addressing. So even if you use Oracle Advanced Security, you would still do well to learn about
programming secure Oracle Database applications with Java.
For Windows and UNIX/Linux Users
It is not a requirement that you be a Windows user to accomplish the tasks in this topic. All of the code is
in PL/SQL and Java, and will run cross-platform. However, I've had to be a bit focused in the
development of this material. All of the descriptions of filesystem directories, command prompt,
environment settings, services, scripts, and processes are written using Microsoft Windows as the
model.
To avoid the appearance of a strong Windows bias, let me remind you that we are talking about Java
and Oracle here. I've been using UNIX for longer than Windows has been around. I didn't start using
