Protecting a Web Site
Although Internet technology is fairly old, by computer standards, the options for securing a web site and protecting an Oracle database are relatively young and immature. There are several possible approaches you can implement to help protect your database, including:
Cookies — with the user’s IP address encrypted in a form only your web site can decrypt
Firewalls — both packet-filtering and application-level proxies
A security server that issues digitally signed certificates of authority
Access control at the operating system level
Blind faith that there are so many packets “floating around” that yours won’t be intercepted or targeted
All these methods (except the last one) are valid approaches for implementing web security. Let’s examine each one more closely.
Cookies
As mentioned in the terminology section earlier in this chapter, cookies are usually small ASCII text files. Originally, cookies were used by the Netscape browser to help track a user’s actions through several HTTP requests. The process of keeping track of a user’s movements from one HTTP page to another is known as instantiation . The cookie keeps track of the user’s movements forward. Then, when a user wants to return to a previous page, the cookie can be used to help guide the browser backwards through previous pages and URLs of interest.
Capturing an IP address
Another potential use for cookies would be to have your web site capture and encrypt the user’s Internet Protocol (IP) address the ...
Get Oracle Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
