Expert Oracle and Java Security

1. Front Matter

   Pages i-xxvi

   PDF

2. Introduction

   • David Coffin

   Pages 1-3

3. Oracle Database Security

   • David Coffin

   Pages 5-25

4. Secure Java Development Concepts

   • David Coffin

   Pages 27-50

5. Java Stored Procedures

   • David Coffin

   Pages 51-62

6. Public Key Encryption

   • David Coffin

   Pages 63-84

7. Secret Password Encryption

   • David Coffin

   Pages 85-110

8. Data Encryption in Transit

   • David Coffin

   Pages 111-147

9. Single Sign-On

   • David Coffin

   Pages 149-176

10. Two-Factor Authentication

    • David Coffin

    Pages 177-208

11. Application Authorization

    • David Coffin

    Pages 209-266

12. Enhancing Security

    • David Coffin

    Pages 267-328

13. Administration of Security

    • David Coffin

    Pages 329-402

14. Back Matter

    Pages 403-442

    PDF

Expert Oracle and Java Security: Programming Secure Oracle Database Applications with Java provides resources that every Java and Oracle database application programmer needs to ensure that they have guarded the security of the data and identities entrusted to them. You'll learn to consider potential vulnerabilities, and to apply best practices in secure Java and PL/SQL coding. Author David Coffin shows how to develop code to encrypt data in transit and at rest, to accomplish single sign-on with Oracle proxy connections, to generate and distribute two-factor authentication tokens from the Oracle server using pagers, cell phones (SMS), and e-mail, and to securely store and distribute Oracle application passwords.

Early chapters lay the foundation for effective security in an Oracle/Java environment. Each of the later chapters brings example code to a point where it may be applied as-is to address application security issues. Templates for applications are also provided to help you bring colleagues up to the same secure application standards. If you are less familiar with either Java or Oracle PL/SQL, you will not be left behind; all the concepts in this book are introduced as to a novice and addressed as to an expert.

• Helps you protect against data loss, identity theft, SQL injection, and address spoofing
• Provides techniques for encryption on network and disk, code obfuscation and wrap, database hardening, single sign-on and two-factor
• Provides what database administrators need to know about secure password distribution, Java secure programming, Java stored procedures, secure application roles in Oracle, logon triggers, database design, various connection pooling schemes, and much more

David Coffin is an IT analyst working at the Savannah River Site, a large Department of Energy facility. For?more than?30 years, his expertise has been in multi-platform network integration and systems programming.?Before coming to the Savannah River Site, he worked for several defense contractors and served as the technical lead for office and network computing at the National Aerospace Plane Joint Program Office at Wright-Patterson Air Force Base in Ohio. As a perpetual student, he has one master?s degree and has?begun several others. As a family man, he has raised?eight children.?Coffin is a triathlete who competes in the middle of the pack. He is also a classical guitar player, but he?s not quitting his day job.

Policies and ethics