The database has two important roles: 1. Serve the data—databases are commonly referred to as data servers; 2. Protect the data. Yes that’s right, the database is there to serve and protect. Database security features are vast and complex. While the complexity can afford us many ways to provide a robust database application, it also can be very confusing. Users need to know what is available, when to use it, when not to use it, and how it can be leveraged with other complementary technologies. Knowledge is power. Not utilizing these features is analogous to the blinking 12:00 on the VCR—you are not getting your money’s worth.

Effective Oracle Database 10g Security by Design provides solutions for the Oracle security puzzle and includes the new Oracle Database 10g features. Recommendations, best practices, and code examples lead the reader through examples that illustrate how to build secure applications. This book shows how to effectively utilize, in a complementary manner, the most common Oracle product features: proxy authentication, secure application roles, Enterprise Users, Virtual Private Database, Oracle Label Security, database encryption, and standard and fine-grained auditing. Web applications and client-server applications are addressed as well as PL/SQL programming security best practices. The explanations allow a non-security expert to grasp the relevance of the technology, and the countless examples comprehensively show the different nuances associated with each technology. All of the information will allow you to effectively design, develop, and deploy secure database applications.

This book is targeted to Oracle Database application developers, Oracle DBAs, and anyone whose role is to ensure that proper procedures and due diligence have been followed in building applications (CIO’s, CISO’s, etc.). This book is about designing, building, and deploying secure applications running against an Oracle Database. The challenge faced for people wishing to do this today is that there are few, if any, best practice documents, technical blueprints (architectures), or other reference guidelines showing how to link together varying technologies to build secure database applications.

row-level security with views, VPD, OLS, and the new DBMS_CRYPTO encryption package. The new Oracle Database 10g features aren’t alluded to or quickly summarized but rather are presented in comprehensive yet easy-to-understand detail.

Throughout the book, careful attention has been paid to provide enough information to describe a technology without being redundant with Oracle Corporation’s existing documentation. Since it’s useful to be pointed to the place in the official documentation that describes a technology, you’ll see references to other documents throughout the book. Unless otherwise noted, the documents are part of Oracle Corporation’s product documentation, which can be retrieved from the Oracle Technology Network web site at