Oracle Application Server

Web products are usually implemented with a three-tier configuration if a database is involved. While this usually means three computers — a client PC, a middle-tier computer used to support the application code, and a back-end computer that houses the database, as we discussed in Chapter 8 — it does not have to. These are functional concepts, and two computers (or even one) can run with the three-tier model, although that is not common. A two-tier, client server configuration could be used. Most applications dealing with a database must maintain a constant connection. A web application, on the other hand, is stateless and can connect and disconnect from a database as needed to support the web site users’ requests. We’ll describe what we mean by the terms “constant” and “stateless” in the following section.

Constant-State Versus Stateless Connections

Oracle Corporation provides a product called the Oracle Application Server (OAS), which serves a broad spectrum of applications for web-based interaction. With each new version of the Oracle Application Server, new security features are introduced or current features are enhanced. Therefore, this section provides a very general overview of some basic security features available in the OAS version 3.0 product.

While you are dealing with a database from a web site, the actions of the application are remembered internally by the database. This allows you to either keep what you have done (commit) or undo your ...

Get Oracle Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.