Items related to Expert Oracle and Java Security: Programming Secure...
Expert Oracle and Java Security: Programming Secure Oracle Database Applications With Java - Softcover
Synopsis
Expert Oracle and Java Security: Programming Secure Oracle Database Applications with Java provides resources that every Java and Oracle database application programmer needs to ensure that they have guarded the security of the data and identities entrusted to them. You'll learn to consider potential vulnerabilities, and to apply best practices in secure Java and PL/SQL coding. Author David Coffin shows how to develop code to encrypt data in transit and at rest, to accomplish single sign-on with Oracle proxy connections, to generate and distribute two-factor authentication tokens from the Oracle server using pagers, cell phones (SMS), and e-mail, and to securely store and distribute Oracle application passwords. Early chapters lay the foundation for effective security in an Oracle/Java environment. Each of the later chapters brings example code to a point where it may be applied as-is to address application security issues. Templates for applications are also provided to help you bring colleagues up to the same secure application standards. If you are less familiar with either Java or Oracle PL/SQL, you will not be left behind; all the concepts in this book are introduced as to a novice and addressed as to an expert. Helps you protect against data loss, identity theft, SQL injection, and address spoofing Provides techniques for encryption on network and disk, code obfuscation and wrap, database hardening, single sign-on and two-factor Provides what database administrators need to know about secure password distribution, Java secure programming, Java stored procedures, secure application roles in Oracle, logon triggers, database design, various connection pooling schemes, and much more What you'll learn Guard against data loss, identity theft, SQL Injection, and to address spoofing Protect sensitive data through encryption, both on disk and on the wire Control access to data using secure roles, single sign-on, proxy
"synopsis" may belong to another edition of this title.
From the Author
I wanted to help you decide whether this is a book you should buy, so I wrote "The Final Solution" in my blog (see author profile). Here is that blog entry:
First let me say that there are only two things required to complete the entire system: download of Oracle 11g Enterprise edition and download of Java Development Kit (JDK) 1.5 or higher. These two downloads are free! All the rest is code that we develop in the book. You will not be burdened by any other application frameworks or ancillary (additional-purchase) applications.
The Final Solution:Each user has an Oracle account (options are discussed and are possible), identified externally (no password). The user opens a Java application on their computer. The Java application gets the logged-in user ID from NTSystem or UnixSystem (JAAS). Thus begins Single Sign-On. The authenticated user establishes a proxy connection through a centralized access user.
The password for the centralized access user is the only password that is exposed in the application. For this user, we define him on a hardened Oracle database instance (as described in the book). He has very little access - just enough to be an application gatekeeper. His password is embedded in the application in encoded form. Various password encryption / hiding / access methods are discussed in the book, but we resolve to an encoded password that is encoded (encrypted) using an obfuscated Java class.
The access user determines if a 2-factor authentication code was provided, and if not, Oracle sends a valid for 10-minute, 2-factor code to mobile devices (cell phone SMS or pager) and/or e-mail for the authenticated user. Once the code is received, the user submits the code in a second connection, proxied through the access user. If the application, authenticated user, and 10-minute time to live are all acceptable, a series of encrypted Oracle passwords (connection strings) are returned for use in the application.
These passwords are encrypted on disk using DBMS_CRYPTO and a calculated password, specific to the client application. They are decrypted, then reencrypted using session-specific encryption for the current user / application. The session-specific encryption uses random encryption parameters like this: First a public / private RSA key pair is generated and the artifacts of the public key are submitted to Oracle. The Oracle instance generates a DES shared password key using random algorithm parameters (respect the power of random) and transmits the parameters to the client application -- the DES key parameters are encrypted with the RSA public key. Those passwords (connection strings) that Oracle returns to the client application are encrypted with the DES key for decryption as needed.
So now the application is free to begin using sensitive Oracle data. One of the encrypted connection strings is decrypted just-in-time, and the authenticated user is validated as a user of that Oracle connection through a secure application procedure. The user must be granted access to proxy through the Oracle user and must be granted the application role required for the connection. It is all very complex, and this brief summary is insufficient (so buy the book, please).
When we connected with this new encrypted connection string, and the user was validated for access, a new set of session-specific RSA and DES keys was generated. All sensitive data transferred for use in the application is transferred in encrypted form. We primarily use stored procedures that return result sets (cursors) for queries and stored procedures for data updates.
In the last chapter, I provide a GUI interface for bootstrapping the entire security system and then managing users, access, administration, applications and connection strings. If you'd rather build it than buy it, you can have Expert Security using this book. Or if you just want to learn secure programming approaches and the technologies used in commercial products, then this is a good way to get that insight. There is also a Supplement with the source code that provides some further insights and scenarios.
About the Author
David Coffin is an IT analyst working at the Savannah River Site, a large Department of Energy facility. For?more than?30 years, his expertise has been in multi-platform network integration and systems programming.?Before coming to the Savannah River Site, he worked for several defense contractors and served as the technical lead for office and network computing at the National Aerospace Plane Joint Program Office at Wright-Patterson Air Force Base in Ohio. As a perpetual student, he has one master?s degree and has?begun several others. As a family man, he has raised?eight children.?Coffin is a triathlete who competes in the middle of the pack. He is also a classical guitar player, but he?s not quitting his day job.
"About this title" may belong to another edition of this title.
- PublisherApress
- Publication date2011
- ISBN 10 1430238313
- ISBN 13 9781430238317
- BindingPaperback
- LanguageEnglish
- Edition number1
- Number of pages498
Search results for Expert Oracle and Java Security: Programming Secure...
Stock Image
Expert Oracle and Java Security: Programming Secure Oracle Database Applications With Java
Seller: BOOKWEST, Phoenix, AZ, U.S.A.
Seller rating 2 out of 5 stars
Soft cover. Condition: New. 1st Edition. US SELLER SHIPS FAST FROM USA. Seller Inventory # INT-137C1-137C8-1430238313-PB-2-lb
Quantity: 1 available
Stock Image
Expert Oracle and Java Security: Programming Secure Oracle Database Applications With Java
Seller: BOOKWEST, Phoenix, AZ, U.S.A.
Seller rating 2 out of 5 stars
Soft cover. Condition: New. 1st Edition. SHIPS FROM USA. Seller Inventory # DOM-137C1-137C8-1430238313-PB-2-lb
Quantity: 1 available
Stock Image
Expert Oracle and Java Security: Programming Secure Oracle Database Applications With Java
Seller: Lucky's Textbooks, Dallas, TX, U.S.A.
Seller rating 5 out of 5 stars
Condition: New. Seller Inventory # ABLIING23Mar2411530239090
Quantity: Over 20 available
Stock Image
Expert Oracle and Java Security : Programming Secure Oracle Database Applications With Java
Seller: Chiron Media, Wallingford, United Kingdom
Seller rating 5 out of 5 stars
PF. Condition: New. Seller Inventory # 6666-IUK-9781430238317
Quantity: 10 available
Stock Image
Expert Oracle and Java Security: Programming Secure Oracle Database Applications With Java
Seller: Ria Christie Collections, Uxbridge, United Kingdom
Seller rating 5 out of 5 stars
Condition: New. In. Seller Inventory # ria9781430238317_new
Quantity: Over 20 available
Seller Image
Expert Oracle and Java Security
Published by
SPRINGER A PR SHORT Sep 2011, 2011
ISBN 10: 1430238313
ISBN 13: 9781430238317
New
Taschenbuch
Seller: BuchWeltWeit Ludwig Meier e.K., Bergisch Gladbach, Germany
Seller rating 5 out of 5 stars
Taschenbuch. Condition: Neu. This item is printed on demand - it takes 3-4 days longer - Neuware -Expert Oracle and Java Security: Programming Secure Oracle Database Applications with Java provides resources that every Java and Oracle database application programmer needs to ensure that they have guarded the security of the data and identities entrusted to them. You'll learn to consider potential vulnerabilities, and to apply best practices in secure Java and PL/SQL coding. Author David Coffin shows how to develop code to encrypt data in transit and at rest, to accomplish single sign-on with Oracle proxy connections, to generate and distribute two-factor authentication tokens from the Oracle server using pagers, cell phones (SMS), and e-mail, and to securely store and distribute Oracle application passwords.Early chapters lay the foundation for effective security in an Oracle/Java environment. Each of the later chapters brings example code to a point where it may be applied as-is to address application security issues. Templates for applications are also provided to help you bring colleagues up to the same secure application standards. If you are less familiar with either Java or Oracle PL/SQL, you will not be left behind; all the concepts in this book are introduced as to a novice and addressed as to an expert.Helps you protect against data loss, identity theft, SQL injection, and address spoofing Provides techniques for encryption on network and disk, code obfuscation and wrap, database hardening, single sign-on and two-factor Provides what database administrators need to know about secure password distribution, Java secure programming, Java stored procedures, secure application roles in Oracle, logon triggers, database design, various connection pooling schemes, and much more 472 pp. Englisch. Seller Inventory # 9781430238317
Quantity: 2 available
Stock Image
Expert Oracle and Java Security: Programming Secure Oracle Database Applications With Java
Published by
Springer-Verlag Berlin and Heidelberg GmbH & Co. KG, 2011
ISBN 10: 1430238313
ISBN 13: 9781430238317
New
Paperback / softback
Seller: THE SAINT BOOKSTORE, Southport, United Kingdom
Seller rating 5 out of 5 stars
Paperback / softback. Condition: New. This item is printed on demand. New copy - Usually dispatched within 5-9 working days 832. Seller Inventory # C9781430238317
Quantity: Over 20 available
Stock Image
Expert Oracle and Java Security: Programming Secure Oracle Database Applications With Java
Seller: Revaluation Books, Exeter, United Kingdom
Seller rating 5 out of 5 stars
Paperback. Condition: Brand New. new edition. 400 pages. 9.25x7.50x1.07 inches. In Stock. Seller Inventory # x-1430238313
Quantity: 2 available
Seller Image
Expert Oracle and Java Security : Programming Secure Oracle Database Applications with Java
Print on DemandSeller: AHA-BUCH GmbH, Einbeck, Germany
Seller rating 5 out of 5 stars
Taschenbuch. Condition: Neu. nach der Bestellung gedruckt Neuware - Printed after ordering - Expert Oracle and Java Security: Programming Secure Oracle Database Applications with Java provides resources that every Java and Oracle database application programmer needs to ensure that they have guarded the security of the data and identities entrusted to them. You'll learn to consider potential vulnerabilities, and to apply best practices in secure Java and PL/SQL coding. Author David Coffin shows how to develop code to encrypt data in transit and at rest, to accomplish single sign-on with Oracle proxy connections, to generate and distribute two-factor authentication tokens from the Oracle server using pagers, cell phones (SMS), and e-mail, and to securely store and distribute Oracle application passwords.Early chapters lay the foundation for effective security in an Oracle/Java environment. Each of the later chapters brings example code to a point where it may be applied as-is to address application security issues. Templates for applications are also provided to help you bring colleagues up to the same secure application standards. If you are less familiar with either Java or Oracle PL/SQL, you will not be left behind; all the concepts in this book are introduced as to a novice and addressed as to an expert.Helps you protect against data loss, identity theft, SQL injection, and address spoofing Provides techniques for encryption on network and disk, code obfuscation and wrap, database hardening, single sign-on and two-factor Provides what database administrators need to know about secure password distribution, Java secure programming, Java stored procedures, secure application roles in Oracle, logon triggers, database design, various connection pooling schemes, and much more. Seller Inventory # 9781430238317
Quantity: 2 available
Stock Image
Expert Oracle and Java Security
Print on DemandSeller: Majestic Books, Hounslow, United Kingdom
Seller rating 5 out of 5 stars
Condition: New. Print on Demand pp. 472 3:B&W 7.5 x 9.25 in or 235 x 191 mm Perfect Bound on White w/Gloss Lam. Seller Inventory # 50968872
Quantity: 4 available