Chapter 6. Oracle Advanced Security
So far, we have been discussing how to make connections to an Oracle database from applications, applets, servlets, and internal objects . All these connections have had something in common: they were all unsecured connections. With unsecured connections, someone intent on malicious activity can intercept the information being passed between your client and server and even modify it while in transit. Practically speaking, if you’re using your application on a corporate intranet, this should not be much of a concern. However, if you’re using JDBC to connect to a database over the Internet, the Oracle Advanced Security (ASO) option can protect your data’s privacy and integrity.
Oracle Advanced Security is a set of advanced security options, some of which are packaged with Oracle Enterprise Edition, and some of which are purchased from a third party. They allow you to create a secured connection to a database or use a more secure authentication scheme. Oracle Advanced Security provides five security enhancements to JDBC connections:
Improved authentication using third-party authentication
Single sign-on using third-party authentication
Data privacy using encryption
Data integrity using message digests
Improved authorization using the Distributed Computing Environment (DCE)
When using the OCI driver, all five of these enhancements are enabled by configuration settings in the Oracle Client software. However, with the Thin driver, none of the authentication ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access