Expert Oracle and Java Security: Programming Secure Oracle Database Applications with Java by David Coffin

Author:David Coffin
Language: eng
Format: epub, pdf
Publisher: Apress®
Published: 2011-09-13T16:00:00+00:00

Listing 10-1. Application Registry Table of Salient Features

CREATE TABLE appsec.t_application_registry

(

application_id VARCHAR2(24 BYTE) NOT NULL,

app_user VARCHAR2(20 BYTE) NOT NULL,

app_role VARCHAR2(20 BYTE) NOT NULL

);

We will also create a view of the table for general use. And, though not shown here, we will make the application_id and app_user columns a unique index and our primary key. We will not depend on that key until we get to Chapter 12. For now, suffice it to say that each application may use multiple secure application roles. We will acquire these roles by proxying through a variety of application users. So a pair of application_id and app_user is a unique key to acquire an app_role.

While we're at it, let's insert a data record with the labels we already know: user APPUSR and role HRVIEW_ROLE. We give those settings to the application_id of HRVIEW, as shown here:

INSERT INTO appsec.v_application_registry ( application_id, app_user, app_role )

VALUES ( 'HRVIEW', 'APPUSR', 'HRVIEW_ROLE' );

We are introducing the application_id column here as a handle to acquire the required role. Each application will need a unique application_id, which, with a couple more additions, will allow our existing code to provide two-factor authentication, SSO, and secure application roles to multiple applications.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.