Proper design of an application includes security plans, which ensure that specific data is available only to specific user groups. Application design should also include security plans for guarding against data or application tampering. These two aspects can easily be set aside while developers are caught up in the process of developing PL/SQL code to fulfill an application’s requirements. So it is important to work security plans into the initial technical specifications and test plans. Then you need to know how to implement the proper safeguards.
This session focuses on techniques you can use in PL/SQL to guard against unintended data access and unauthorized use of your application code. It explores the PL/SQL code and policy objects required to prevent access violations through the database feature Virtual Private Database (VPD also known as Fine-grained Access Control, FGAC) implemented using the Oracle package, DBMS_RLS.
The session also explains how to use the database package DBMS_ASSERT to guard against SQL injection, where users can attempt to gain unintended access to data or database operations. In addition, the presentation discusses methods for hiding data using VPD column hiding (DBMS_RLS and DBMS_REDACT) and encryption using DBMS_CRYPTO and DBMS_OBFUSCATION_TOOLKIT. It also mentions some new features of Oracle 12c aimed at enforcing proper access to PL/SQL. All of these techniques should help your ability to secure data and application code for systems you create.