tailieunhanh - Applied Oracle Security: Developing Secure Database and Middleware Environments- P52

Applied Oracle Security: Developing Secure Database and Middleware Environments- P52:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 484 Part IV Applied Security for Oracle APEX and Oracle Business Intelligence Virtual Private Database VPD is one of the best ways to push data security down to the lowest possible level. It s easy to envision scenarios in which all the data security was built into the application layer. When another technology is introduced that needs to access the same data the semantics of the security policy has to be replicated to the new technology. Obviously this is difficult to maintain prone to errors and easy to subvert because all a nefarious individual has to do to access the data is connect directly to the database effectively bypassing the security. VPD is a critically important solution to protect the data at the source. The classic VPD use case is to set one or more session context variables when an end user logs into an application and then use those context variables in a VPD policy that determines the rows to which a user has access. This is a fairly straightforward task in client-server environments where the database session of an end user persists as long as the user is logged into the application. As discussed in Chapter 11 APEX database sessions persist only as long as it takes to process a page request which is typically less than a second. This is yet another area where the difference between nonpersistent and persistent sessions causes a lot of confusion for developers. Fortunately you an integrate VPD with APEX in many ways. One option is to use the Virtual Private Database attribute of an APEX application to call a procedure that sets session context variables. This technique works particularly well with legacy VPD applications that are already using session context variables. Another option is to reference APEX items in the VPD policy which we will refer to as an item-based policy. A third option is to use Oracle Database Global Application Context variables which were specifically designed for use with stateless applications. Global Application .