Book description
Expert Oracle and Java Security: Programming Secure Oracle Database Applications with Java provides resources that every Java and Oracle database application programmer needs to ensure that they have guarded the security of the data and identities entrusted to them. You'll learn to consider potential vulnerabilities, and to apply best practices in secure Java and PL/SQL coding. Author David Coffin shows how to develop code to encrypt data in transit and at rest, to accomplish single sign-on with Oracle proxy connections, to generate and distribute two-factor authentication tokens from the Oracle server using pagers, cell phones (SMS), and e-mail, and to securely store and distribute Oracle application passwords.
Early chapters lay the foundation for effective security in an Oracle/Java environment. Each of the later chapters brings example code to a point where it may be applied as-is to address application security issues. Templates for applications are also provided to help you bring colleagues up to the same secure application standards. If you are less familiar with either Java or Oracle PL/SQL, you will not be left behind; all the concepts in this book are introduced as to a novice and addressed as to an expert.
Helps you protect against data loss, identity theft, SQL injection, and address spoofing
Provides techniques for encryption on network and disk, code obfuscation and wrap, database hardening, single sign-on and two-factor
Provides what database administrators need to know about secure password distribution, Java secure programming, Java stored procedures, secure application roles in Oracle, logon triggers, database design, various connection pooling schemes, and much more
What you'll learn
Guard against data loss, identity theft, SQL Injection, and to address spoofing
Protect sensitive data through encryption, both on disk and on the wire
Control access to data using secure roles, single sign-on, proxy connections, and two-factor authentication
Protect sensitive source ode through randomization, obfuscation, and wrapping
Thwart attempts at SQL injection and other common attacks
Manage constraints on the visibility of data and the scope of access
Who this book is for
Expert Oracle and Java Security: Programming Secure Oracle Database Applications with Java is for every Java developer who uses an Oracle database. It is also for every Oracle database administrator or PL/SQL programmer who supports Java client and web applications. Whatever role you play in developing and supporting Java and Oracle applications, you need to address computer, application, data, and identity security. This book offers the tools you'll need to effectively manage security across all aspects of the applications you support.
Table of contents
- Title
- Dedication
- Contents at a Glance
- Contents
- About the Author
- About the Technical Reviewer
- Acknowledgments
- Introduction
- Chapter 1: Introduction
-
Chapter 2: Oracle Database Security
- Finding a Test Oracle Database
- Working from an Existing Oracle Database
- Oracle Users and Schemas
- SQL*Plus, SQL Developer, JDeveloper, or TOAD
- Organization of the Next Few Sections
- Working as the SYS User
- Working as the Security Administrator
- Working as the HR Schema User
- Test Application User Access
- Audit Trail Logs for the Sensitive View
- Regarding Synonyms
- Chapter Review
- Chapter 3: Secure Java Development Concepts
- Chapter 4: Java Stored Procedures
- Chapter 5: Public Key Encryption
-
Chapter 6: Secret Password Encryption
- Approach
- Java Code for Secret Password Encryption
- Oracle Structures for Secret Password Encryption
- Java Methods for Secret Password Decryption
- Testing DES Encryption on the Client Only
- Coding to Test Client/Server Secret Password Encryption
- Testing Our Secure Client/Server Data Transmission
- Chapter Review
-
Chapter 7: Data Encryption in Transit
- Security Administrator Activities
- Application Security User Activities
- Updating the Application Security Package
- Methods for Using and Testing Encryption in Transit
- Loading Updated OracleJavaSecure Class into Oracle
- Security Structures for the HR User
- Inserting an EMPLOYEES Record: Update a Sequence
- Demonstrations and Tests of Encrypted Data Exchange
- Executing the Demonstrations and Tests
- Packaging Template to Implement Encryption
- Don't Stop Now
- Chapter Review
- Chapter 8: Single Sign-On
-
Chapter 9: Two-Factor Authentication
- Get Oracle Database to Send E-Mail
- Getting Oracle Database to Browse Web Pages
- The Two-Factor Authentication Process
- Security Considerations for Two-Factor Distribution Avenues
- Oracle Structures Supporting Two-Factor Authentication
- Update OracleJavaSecurity.java for Two-Factor Authentication
- Testing Two-Factor Authentication
- Chapter Review
-
Chapter 10: Application Authorization
- Secure Application Role Procedure for Multiple Applications
- Rewrite and Refactor Method to Distribute Two-Factor Code
- Update to Two-Factor Distribution Formats
- Application Authorization Overview
- User for Application Authorization
- Structures for Application Authorization
- A Set of Connection Strings for an Application
- Save Connection Strings from the Client Perspective
- Save Connection Strings from the Server Perspective
- Get an Application Connection String: The Java Client Side
- Get a List of Application Connection Strings: The Server Side
- Test Application Authentication, Phase 1
- Testing a Second Application
- Get Application Authentication Connection and Role
- Test Application Authentication, Phase 2
- Chapter Review
-
Chapter 11: Enhancing Security
- Hide the APPVER Connection String
- Create an Oracle Client Wallet
- Trace Oracle Client Code
- Logging Oracle Thin Client Trace Data
- Encrypt Data Stored on Oracle Database
- Manage Connection Strings for Applications
- Add Other Authentication Credentials
- Update Application Security Structures
- Authenticate on a Separate Oracle Instance
- Test Enhanced Security
- Test from a Different Application, TestOracleJavaSecure
- Chapter Review
-
Chapter 12: Administration of Security
- A Security Administration Interface
- Application Login Screen
- Security Administration Menu
- Add/Modify User Functional Screen
- User Administration Screen
- Application Assignment Screen
- Application Registration Screen
- Application Selection Screen
- Connection String Editor
- Connection String Copy Screen
- Limiting Certain Administrators to Certain Applications
- Scripts Execution and Code Compilation
- Final Updates to OracleJavaSecure
- Single Oracle Instance Code
- Bootstrap OJSAdmin
- Chapter Review
- Appendix A: List of Methods from OracleJavaSecure Class
- Appendix B: Oracle Procedures, Functions and Triggers for Oracle and Java Security
- Index
Product information
- Title: Expert Oracle and Java Security: Programming Secure Oracle Database Applications with Java
- Author(s):
- Release date: September 2011
- Publisher(s): Apress
- ISBN: 9781430238317
You might also like
book
Oracle Database 12c Security
Best Practices for Comprehensive Oracle Database Security Written by renowned experts from Oracle's National Security Group, …
book
Java Programming with Oracle JDBC
JDBC is the key Java technology for relational database access. Oracle is arguably the most widely …
video
Secure Programming with Java
Secure design is essential to building and deploying secure Java programs. But, even the best of …
book
Java Security, 2nd Edition
One of Java's most striking claims is that it provides a secure programming environment. Yet despite …