tailieunhanh - Applied Oracle Security: Developing Secure Database and Middleware Environments- P55

Applied Oracle Security: Developing Secure Database and Middleware Environments- P55:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 514 Part IV Applied Security for Oracle APEX and Oracle Business Intelligence FIGURE 13-5 LDAP authentication initialization block Database Authentication Using Only Database Users As mentioned using database authentication as documented has several drawbacks. These can be avoided if database authentication is handled more like external table authentication or LDAP authentication. To do this we just follow the basic principles of external authentication validate the username and password and populate the USER session variable. 1. In the database that actually contains the database users create a connection pool that will be used solely for authentication. 2. For the username and password use these values USER and PASSWORD respectively. These are the values the user entered into the logon screen and the presentation service is forwarding them to the BI server. The BI server will attempt to connect to the database using these values. Chapter 13 Securing Access to Oracle BI 515 3. Create an initialization block that executes the following simple query SELECT USER FROM dual. Put the results of that query into the USER session variable. The initialization block should use the connection pool defined in step 1. 4. Remember to check the box Required For Authentication. When a user attempts to log into the system the BI server will execute this initialization block. If a valid username and password are entered the use of the connection pool will succeed the query will be executed and the USER session variable will be populated. If the username and password are not valid the attempt to run the query will fail because the BI server will be unable to log into the database to execute the query. Custom Authentication Oracle BI also supports the notion of custom authentication which allows you to create your own program to authenticate users and then integrate that with Oracle BI. To accomplish this you must write your own program to authenticate users a .dll on windows or a .so