Summary

In this chapter, you learned how the identification and authentication process evolved with computing architectures. When Oracle began producing databases, the host-based model was popular. The security was centralized on the host server. OS authentication allowed users to enjoy single sign-on between their OS and the database. Most importantly, the database users had unique accounts that formed the basis of the database security support you see today.

The client-server era ushered in new capabilities and new requirements. While the model still supported individual database users, identification and authentication were no longer centralized on the server that ran the database. Network security became increasingly important. Oracle’s support for security in the client-server architecture evolved to support these new requirements.

Today, web-developed applications have a major impact on identification and authentication of users to the database. The Web is based on a stateless protocol, making it difficult to support (stateful) database sessions. The popularity of the Web has placed an extraordinary demand for performance and scalability on web-based applications.

Supporting scalability and performance while leveraging the user-level security capabilities of the database inspired the creation of Oracle’s support for connection pools and proxy authentication. The overhead of connecting and disconnecting from the database prevents many web applications from scaling. Connection pools allow applications to issue database queries without requiring new database connections for every request.

When an application connects to the database, user-level security can be easily achieved by connecting as the actual user making the request. Once the database knows the user’s identity, the proper access controls and auditing can occur. However, it’s a security risk and often inefficient for applications to store the users’ passwords. Proxy authentication allows applications to connect to the database as the end user without the security risks and challenges associated with password management. Proxy authentication also allows you to restrict the roles that can be enabled. This helps to enforce the least-privilege principle when connecting your users through web applications.

The basis of much of the security discussion in this chapter is identity preservation. You should identify and authenticate the users to the database because the database natively supports user-level security. However, managing users can create its own set of problems. In the next chapter, you’ll see how the users can securely share database accounts, which will allow you to easily manage many users across many databases within an organization.