This chapter addresses only those aspects of security most relevant to PL/SQL development. To set the stage, though, I'll start with a look at the security requirements of the ongoing library application.
Requirements on our electronic library include:
The creation, maintenance, and revocation of patron accounts in the electronic catalog will be allowed, including issuance of some sort of credentials such as a user account or library card.
There will be security checks in place that make it difficult for a patron to view information about another patron's borrowing habits.
A privileged system administrator will be able to create accounts for librarians, who in turn will have authority to grant and revoke patron privileges.
All changes in the actual catalog records will be auditable; the database will store "traceability" data—which librarian made what change, and when.
It will take more work than you might think to satisfy these requirements on our little web-based application. Moreover, although securing web-based applications such as our library system is certainly a common case, it is not the only kind of security you'll need to know about. For this reason, this chapter will branch out (at least a certain distance) into the thicket of the security jungle. As an application developer, for example, one of the first things you'll need to understand is what privileges you have personally been granted by the DBA. Another ...