Call for Oracle support & training (800) 766-1884
Free Oracle Tips

Home
Corporate Oracle Training
Custom Oracle Training
Oracle New Features Training
Advanced Oracle DBA Classes
Oracle Tuning Courses
Oracle Tips & Tricks
Oracle Training Links
Oracle Training Links
Oracle Training Links

We are top for USA Oracle Training Clients

 

Free Oracle Tips


 
HTML Text AOL

Free Oracle App Server Tips


 
HTML Text

Oracle support

Oracle training

Oracle tuning

Rednecks!

Remote Oracle

Custom Oracle Training

 

   
  Oracle Tips by Burleson

Chapter 6 Oracle Encryption

Enhancements

Extra Security through Application User Management

Remember the use of the input vector (IV) variables used earlier? We simply used them and set them to null in our processing. However, they will perform a very important task to make our application even more secure. Please note, this parameter is available in Oracle 9i and up only.

In Chapter 4, we demonstrated a new model of application user password management. In this mode, the application user authenticates him or herself against the database by calling a function, is_password_correct and passing the application user ID and password as parameters. The function returns YES if the combination is correct and NO if it is not.

The function also sets the application context attributes to the values obtained from the app_users table. The user will not be able to set these attributes directly; only the calling of the password authentication function can do that. This made the application user management a great tool for secured applications.

Based on the context attribute APP_USER_ROLE, the user could then call another procedure called set_user_role, which sets his or her authorized roles. Note how powerful this setup is, and how securely it handled the application user authentication. We can use it to our advantage in this case of encryption, too. The input vector is yet another lock on the encryption process. We will use a value here, instead of the value used earlier, NULL, in the encryption and decryption processes.


The above text is an excerpt from:

Oracle Privacy Security Auditing

The Final Word on Oracle Security

 

This is the only authoritative book on Oracle Security, Oracle Privacy, and Oracle Auditing written by two of the world’s leading Oracle Security experts.

This indispensable book is only

$39.95

 and has an immediate download of working security scripts:

 

http://rampant-books.com/book_2003_2_audit.htm



 
 
 
 

Oracle performance tuning book

 

 

Oracle performance tuning software

 
Oracle performance tuning software
 
Oracle performance Tuning 10g reference poster
 
Oracle training in Linux commands
 
Oracle training Excel
 
 
 
 

 

email BC:


Copyright © 1996 -  2014 by Burleson Inc. All rights reserved.

Oracle® is the registered trademark of Oracle Corporation.