[Previous entry: "Interesting question about Sarbanes-Oxley on Oracle 7.3.3"] [Next entry: "Another good paper by Howard Rogers on read-only tables"]
Howard Rogers new paper on secure application roles
October 31st, 2004 by Pete
Post to del.icio.us
Post to Furl
Howard Rogers has just released a new paper discussing the implementation and use of secure application roles in an Oracle database. This is written in the now usual question and answer session that Howard has used recently very successfully.
The paper covers some interesting points, the main one being that secure application roles can be used to protect access to data or rather privileges by not enabling the roles if an incorrect application is used. The point Howard makes is that unlike VPD this can be done on standard edition installations.
This method also gets around the issue of password protected roles being possibly bypassed. I talked about this some time ago in a short paper.
Howard covers a couple of good examples, the first gets a secure application role up and running and then he modifies it to be a bit more workable by using application contexts and logon triggers to set a token. The point being made is that the implementation can be changed without changing the client application code.
Excellent paper!
