The best approach to doing anything is supposedly to begin at the beginning, proceed through to the end, and then stop. But how do you determine where the “beginning” is? When it comes to database security, you may feel that there are several different points of origin. However, it seems to us that you should first protect the Oracle source code. Before you begin to install the Oracle code, there are steps you should take to establish the environment for the source code installation. Since each platform Oracle has been ported to has different procedures for Oracle software installation, we won’t cover detailed information on code installation in this book. However, we’ll look briefly at the approaches you can use to protect your Oracle environment in the correct way “from the beginning.”

To help you to understand the various ways you can set up your Oracle source code and applications code, we’ll first present a discussion of alternative architectures: “dumb terminal,” two-tier, and three-tier. We’ll describe the system-level approaches you can use to secure your database and the methods you can use to enable connection to your database without the use of passwords — either directly from the operating system level or remotely through the use of SQL*Net. Because SQL*Net has become an integral part of the way you interact with the database from both a two-tier and three-tier architecture, we’ll briefly explore the methods used to configure ...