Oracle9i offers security improvements in the middle tier. One of these improvements is the Secure Application role.
What are three key benefits of this improvement? (Choose three).
A. The role is enabled through a package.
B. The password is hidden within the application itself.
C. It uses the SYS_CONTEXT mechanism to authenticate user access.
D. It removes the requirement to embed a password in the application itself.
Answer: A, C, D
Explanation:
Oracle9i allows you to enable the role through a package. It uses the SYS_CONTEXT mechanism to authenticate user access. The Secure Application role removes the requirement to embed a password in the application itself. When your application starts up, you should enable the roles for application by using the SET ROLE statement. Prior to Oracle9i, your application would have to try to hide this password by encrypting it. The application itself became the weakest link in the chain. If someone discovered the password, any application could enable the role and gain access to the information. Any user that has access to the application code could in fact discover the embedded password. In Oracle9i, the SET ROLE does not use a password to enable a role; instead, it invokes the associated procedure that authenticates the role. This procedure can also use SYS_CONTEXT to access session information and set up fine-grained access control.
Incorrect Answers
B: The application does not have to store the password itself.
OCP Oracle9i Database: New Features for Administrators, Daniel Benjamin, p. 10-24
Chapter 1: Security Enhancements
Oracle 9i New Features, Robert Freeman, p. 132-135
Chapter 5: Miscellaneous Oracle9i Features and Enhancements
No comments:
Post a Comment