[ Pobierz całość w formacie PDF ]
Expert Oracle and
Java Security
Programming Secure Oracle Database
Applications with Java



David Coffin
Expert Oracle and Java Security: Programming Secure Oracle Database Applications with Java
Copyright © 2011 by David Coffin
All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means,
electronic or mechanical, including photocopying, recording, or by any information storage or retrieval
system, without the prior written permission of the copyright owner and the publisher.
ISBN-13 (pbk): 978-1-4302-3831-7
ISBN-13 (electronic): 978-1-4302-3832-4
Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol
with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only
in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of
the trademark.
The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are
not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject
to proprietary rights.
President and Publisher: Paul Manning
Lead Editor: Jonathan Gennick
Technical Reviewer: Josh Juneau
Editorial Board: Steve Anglin, Mark Beckner, Ewan Buckingham, Gary Cornell, Jonathan Gennick,
Jonathan Hassell, Michelle Lowman, Matthew Moodie, Jeff Olson, Jeffrey Pepper, Frank
Pohlmann, Douglas Pundick, Ben Renow-Clarke, Dominic Shakeshaft, Matt Wade, Tom Welsh
Coordinating Editor: Adam Heath
Copy Editor: Tracy Brown
Compositor: Bytheway Publishing Services
Indexer: BIM Indexing & Publishing Services
Artist: SPI Global
Cover Designer: Anna Ishchenko
Distributed to the book trade worldwide by Springer Science+Business Media, LLC., 233 Spring Street,
6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail
orders-ny@springer-
sbm.com
, or visit
www.springeronline.com
.
For information on translations, please e-mail rights@apress.com, or visit www.apress.com.
Apress and friends of ED books may be purchased in bulk for academic, corporate, or promotional use.
eBook versions and licenses are also available for most titles. For more information, reference our
Special Bulk Sales–eBook Licensing web page at
www.apress.com/bulk-sales
.
The information in this book is distributed on an “as is” basis, without warranty. Although every
precaution has been taken in the preparation of this work, neither the author(s) nor Apress shall have
any liability to any person or entity with respect to any loss or damage caused or alleged to be caused
directly or indirectly by the information contained in this work.
The source code for this book is available to readers at
www.apress.com
. You will need to answer
questions pertaining to this book in order to successfully download the code.
Contents

About the Author................................................................................................. xxii

About the Technical Reviewer ........................................................................... xxiii

Acknowledgments ............................................................................................. xxiv

Introduction ........................................................................................................ xxv

Chapter 1: Introduction...........................................................................................1
Requirements ....................................................................................................................1
For Windows and UNIX/Linux Users...................................................................................1
Background .......................................................................................................................2
How to Use This Book ........................................................................................................ 2
Organization of This Book..................................................................................................3
Java Objects and Oracle Database Structures .................................................................. 3
Chapter Review..................................................................................................................3

Chapter 2: Oracle Database Security ......................................................................5
Finding a Test Oracle Database .........................................................................................5
Working from an Existing Oracle Database .......................................................................5
Oracle Users and Schemas................................................................................................6
SQL*Plus, SQL Developer, JDeveloper, or TOAD................................................................ 7
Organization of the Next Few Sections..............................................................................7
Working as the SYS User ................................................................................................... 7
System Privileges ..................................................................................................................................... 8
v

CONTENTS
Roles......................................................................................................................................................... 8
Security Administrator User ................................................................................................................... 11
Security Administrator Role.................................................................................................................... 12
The Audit Trail ........................................................................................................................................ 14
The Data Dictionary ................................................................................................................................ 15
Working as the Security Administrator ............................................................................15
Acquire secadm_role from a SQL*Plus Local Connection ...................................................................... 16
Toggle Between Roles ............................................................................................................................ 16
Create an Application Security User ....................................................................................................... 17
Create an Application User ..................................................................................................................... 18
Create the HR View Role......................................................................................................................... 18
Audit Changes to Security Administrator Procedures ............................................................................ 20
Audit Failed Attempts to Access HR Data ............................................................................................... 20
Working as the HR Schema User ..................................................................................... 21
Sensitive Data in the HR Sample Schema .............................................................................................. 21
Public View of Employees....................................................................................................................... 22
Sensitive View of EMPLOYEES................................................................................................................ 22
Test Application User Access ..........................................................................................23
Audit Trail Logs for the Sensitive View ............................................................................ 24
Regarding Synonyms....................................................................................................... 24
Chapter Review................................................................................................................25

Chapter 3: Secure Java Development Concepts ...................................................27
Java Development Kit ......................................................................................................27
Oracle Java Database Connectivity .................................................................................27
JAR File Directory Separator............................................................................................ 28
Java Packages.................................................................................................................28
Development at Command Prompt..................................................................................28
vi

CONTENTS
Environment ........................................................................................................................................... 28
Beginning Java Syntax ........................................................................................................................... 30
Byte Code Compilation and the Java Virtual Machine ............................................................................ 31
Java Code and Syntax Concepts......................................................................................33
Methods.................................................................................................................................................. 34
Values ..................................................................................................................................................... 34
Members ................................................................................................................................................ 35
Objects.................................................................................................................................................... 36
Classes and Null ..................................................................................................................................... 36
Garbage Collection ................................................................................................................................. 37
Primitives................................................................................................................................................ 37
Strings .................................................................................................................................................... 37
Static Modifier and the main() Method ................................................................................................... 38
Public and Private Modifiers................................................................................................................... 39
Exceptions ....................................................................................................................... 40
Exception Handling Syntax ..................................................................................................................... 40
Exception Handling Approaches ............................................................................................................. 47
Java Virtual Machine Sandbox ........................................................................................49
Chapter Review................................................................................................................50

Chapter 4: Java Stored Procedures ......................................................................51
Java Stored Procedure Example...................................................................................... 51
Acquiring the Privilege to Load a Java Stored Procedure ...................................................................... 53
Loading Java in the Oracle Database ..................................................................................................... 53
Handling Exceptions in a Java Stored Procedure ................................................................................... 53
Calling Oracle Database from Java ........................................................................................................ 55
Method Syntax in Java Stored Procedures......................................................................57
Calling Java from Oracle Database ........................................................................................................ 57
Installing and Testing the Example Code ............................................................................................... 58
vii
[ Pobierz całość w formacie PDF ]