Expert Oracle and Java security : programming secure Oracle database applications with Java / David Coffin.

Format:

Book

Author/Creator:

Coffin, David.

Series:

Expert's voice in Oracle.

Expert's Voice in Oracle

Language:

English

Subjects (All):

Database security.

Java (Computer program language).

Data encryption (Computer science).

Data protection.

Oracle (Computer file).

Physical Description:

1 online resource (464 p.)

Edition:

1st ed. 2011.

Other Title:

Programming secure Oracle Database applications with Java

Place of Publication:

[Berkeley, Calif.] : Apress, 2011.

Language Note:

English

System Details:

text file

Summary:

Expert Oracle and Java Security: Programming Secure Oracle Database Applications with Java provides resources that every Java and Oracle database application programmer needs to ensure that they have guarded the security of the data and identities entrusted to them. You'll learn to consider potential vulnerabilities, and to apply best practices in secure Java and PL/SQL coding. Author David Coffin shows how to develop code to encrypt data in transit and at rest, to accomplish single sign-on with Oracle proxy connections, to generate and distribute two-factor authentication tokens from the Oracle server using pagers, cell phones (SMS), and e-mail, and to securely store and distribute Oracle application passwords. Early chapters lay the foundation for effective security in an Oracle/Java environment. Each of the later chapters brings example code to a point where it may be applied as-is to address application security issues. Templates for applications are also provided to help you bring colleagues up to the same secure application standards. If you are less familiar with either Java or Oracle PL/SQL, you will not be left behind; all the concepts in this book are introduced as to a novice and addressed as to an expert. Helps you protect against data loss, identity theft, SQL injection, and address spoofing Provides techniques for encryption on network and disk, code obfuscation and wrap, database hardening, single sign-on and two-factor Provides what database administrators need to know about secure password distribution, Java secure programming, Java stored procedures, secure application roles in Oracle, logon triggers, database design, various connection pooling schemes, and much more.

Contents:

Title Page; Copyright Page; Contents at a Glance; Table of Contents; About the Author; About the Technical Reviewer; Acknowledgments; Introduction; CHAPTER 1 Introduction; Requirements; For Windows and UNIX/Linux Users; Background; How to Use This Book; Organization of This Book; Java Objects and Oracle Database Structures; Chapter Review; CHAPTER 2 Oracle Database Security; Finding a Test Oracle Database; Working from an Existing Oracle Database; Oracle Users and Schemas; SQL*Plus, SQL Developer, JDeveloper, or TOAD; Organization of the Next Few Sections; Working as the SYS User

System PrivilegesRoles; The DBA Role; The Create-Session Role; Using Roles; Password-Protected Roles; Security Administrator User; Security Administrator Role; Security Administration Role Verification; Security Administrator Role Acquisition; System Privileges Granted to the Security Administrator Role; The Audit Trail; The Data Dictionary; Working as the Security Administrator; Acquire secadm_role from a SQL*Plus Local Connection; Toggle Between Roles; Create an Application Security User; Application Security Role; Non-Default Role; Create an Application User; Create the HR View Role

Verify HR View Role by a ProcedureTest for Subnet; Test for Normal Business Hours; Permit Application User to Acquire HR View Role; Audit Changes to Security Administrator Procedures; Audit Failed Attempts to Access HR Data; Working as the HR Schema User; Sensitive Data in the HR Sample Schema; Public View of Employees; Sensitive View of EMPLOYEES; Test Application User Access; Audit Trail Logs for the Sensitive View; Regarding Synonyms; Chapter Review; CHAPTER 3 Secure Java Development Concepts; Java Development Kit; Oracle Java Database Connectivity; JAR File Directory Separator

Java PackagesDevelopment at Command Prompt; Environment; Beginning Java Syntax; Byte Code Compilation and the Java Virtual Machine; Using the Java Compiler; Finding Referenced Code/Classes; Running Compiled Code; Java Code and Syntax Concepts; Methods; Values; Members; Objects; Classes and Null; Garbage Collection; Primitives; Strings; Static Modifier and the main() Method; Public and Private Modifiers; Exceptions; Exception Handling Syntax; Print the Exception Message to System Output Stream; Clean Up as part of Exception Handling; Clean Up in a finally Block; Exception Handling Approaches

Don't Code Multiple Exceptions When One Will DoCatch and Handle an Exception Where It Occurs; Give Feedback from Your Catch Block; Govern the Amount of Exception Reporting in Any Major Outage; Consider Throwing A Generic Exception; Close Local Resources in a finally Block; Java Virtual Machine Sandbox; Chapter Review; CHAPTER 4 Java Stored Procedures; Java Stored Procedure Example; Acquiring the Privilege to Load a Java Stored Procedure; Loading Java in the Oracle Database; Handling Exceptions in a Java Stored Procedure; Calling Oracle Database from Java; OracleDriver

Connection and Statement

Notes:

Includes index.

ISBN:

9786613477156

9781283477154

1283477157

9781430238324

1430238321

OCLC:

768826063