Database Reference
In-Depth Information
I organized the text and code to easily walk hand in hand together. For the most part, you will only
need to have one source code file open at a time as you read through the text. In Chapter 2, which is
coming right up, you will complete Oracle Database security tasks as several different users—for each
user, there is a corresponding source code file. The chapter is organized around those files. In fact, it
would be best if you also open a SQL client and execute each portion of the code as it is discussed.
Organization of This Topic
There are four main sections in this topic. In Part I (Chapters 2-4), you will learn the technical ins and
outs of secure programming in Oracle Database, secure programming in Java, and Java Stored
Procedures (Java running in the Oracle Database engine). From novice Oracle PL/SQL programmers and
novice Java programmers to experienced Oracle application programmers using Java, these chapters will
fill in the missing concepts that you need to master for security' sake.
In Part II (Chapters 5-7), we build on the Java and Oracle Database secure programming
foundation. We develop a strong layer of encryption—specifically, encryption in transit. You will build
this for yourself using Java Cryptography Extension (JCE), rather than a purchased package or SSL
service. Because encryption plays such a key (pun intended) role in secure programming today, you
need to have a solid grasp of these data encryption concepts, and you also need something more: you
need to know when to apply encryption and how to evaluate your encryption strategy to determine if
you have successfully protected your data. We will cover all of that.
In Part III (Chapters 8-10), we get into some fun topics that will permit you to provide the solutions
your company is seeking: single sign-on, two-factor authentication, and something you may not have
realized you need: application identification and authorization. In application authorization, we will be
providing a secure data store for our application passwords—one that not only avoids embedded
passwords, but also provides enhanced security along with ease of management and central
distribution.
In the last section, Part IV (Chapters 11-12), we will harden the security with additional data
encryption in the Oracle Database store, with a further hardened Oracle Database and with some
additional programming efforts, such as obfuscation. We also establish a simple user interface for
administering the tables and data we've built to accomplish security, and do that securely.
Java Objects and Oracle Database Structures
In this topic, I will be using certain terms non-interchangeably that are used interchangeably elsewhere.
Often schemas, tables, indexes, and other items in Oracle Database are referred to as both objects and
structures . Because object is a technical term in Java and not just another word for thing , I will reserve the
word for our discussion of Java objects. In Oracle Database, I'm calling things by their primary type
name and collectively or generically as structures , so tables will be called both tables and structures . I will
also have a need to refer to collections of Oracle tables and views and indexes and things, which I will
call collectively structures . We will define all these terms later, so don't be alarmed if they are new to you.
Chapter Review
It is my sincere hope that you will enjoy working through this topic. I believe the best way to learn and
use this material is to take your time with each chapter, executing the code as you come to it. You will be
building a secure Oracle application environment with Java. Definitely test all the places I've provided
you with test cases, scenarios, and test code. If you find other situations, test those too, and please send
me your comments and results when I need to address an issue—my aim is to serve you.
 
Search WWH ::




Custom Search