qr code generator with logo javascript Part IV: Applied Security for Oracle APEX and Oracle Business Intelligence in Java

Drawing QR Code in Java Part IV: Applied Security for Oracle APEX and Oracle Business Intelligence

Part IV: Applied Security for Oracle APEX and Oracle Business Intelligence
Painting Denso QR Bar Code In Java
Using Barcode drawer for Java Control to generate, create Quick Response Code image in Java applications.
QR Code 2d Barcode Recognizer In Java
Using Barcode scanner for Java Control to read, scan read, scan image in Java applications.
For this example, we ll use DBMS_CRYPTORANDOMBYTES to generate a 16 byte key:
Barcode Creator In Java
Using Barcode encoder for Java Control to generate, create barcode image in Java applications.
Bar Code Decoder In Java
Using Barcode scanner for Java Control to read, scan read, scan image in Java applications.
SYSTEM@AOS> grant execute on dbms_crypto to sec_admin; Grant succeeded SEC_ADMIN@AOS> select DBMS_CRYPTORANDOMBYTES(16) salt from dual; SALT ------------------------------------------------------------------------------231F8E440E65B5C180FA184F94F55B71
Paint QR In Visual C#
Using Barcode creator for VS .NET Control to generate, create Denso QR Bar Code image in VS .NET applications.
Encoding QR Code ISO/IEC18004 In Visual Studio .NET
Using Barcode generator for ASP.NET Control to generate, create QR Code 2d barcode image in ASP.NET applications.
Now we ll use following table to store usernames and passwords The user SEC_ADMIN will own this table and related packages
QR Code ISO/IEC18004 Generation In Visual Studio .NET
Using Barcode drawer for Visual Studio .NET Control to generate, create QR Code JIS X 0510 image in VS .NET applications.
QR Code Maker In VB.NET
Using Barcode creation for .NET Control to generate, create Denso QR Bar Code image in .NET framework applications.
create table application_users( id raw(16) default sys_guid(), user_name varchar2(255), verification raw(128), constraint app_users_pk primary key (id), constraint app_users_uq unique(user_name) ) /
Paint UPC-A In Java
Using Barcode generator for Java Control to generate, create UPCA image in Java applications.
Create Linear 1D Barcode In Java
Using Barcode maker for Java Control to generate, create Linear 1D Barcode image in Java applications.
The following package will be used to create and authenticate users Note the use of EXECUTE IMMEDIATE for any queries or DML against the APPLICATION_USERS table In the event that someone does gain access to our table, he cannot simply query one of the dictionary views such as DBA_DEPENDENCIES to determine the package used to set the password This is certainly not a foolproof technique, but does make it more challenging to dissect the logic associated with password hashes
Paint DataMatrix In Java
Using Barcode creation for Java Control to generate, create DataMatrix image in Java applications.
UCC-128 Generation In Java
Using Barcode generation for Java Control to generate, create GS1 128 image in Java applications.
create or replace package custom_apex_auth as procedure create_user( p_username in varchar2, p_password in varchar2); function validate_user( p_username in varchar2, p_password in varchar2) return boolean; end custom_apex_auth; / create or replace package body custom_apex_auth as -- key from dbms_cryptorandombytes g_salt raw(256) := '231F8E440E65B5C180FA184F94F55B71'; function get_mac( p_password in varchar2)
International Standard Book Number Creator In Java
Using Barcode printer for Java Control to generate, create ISBN image in Java applications.
Bar Code Drawer In Java
Using Barcode generation for Android Control to generate, create bar code image in Android applications.
12:
EAN13 Maker In Objective-C
Using Barcode creation for iPad Control to generate, create EAN13 image in iPad applications.
EAN 13 Recognizer In None
Using Barcode reader for Software Control to read, scan read, scan image in Software applications.
return raw is begin return dbms_cryptomac( src => typ => key => end get_mac; procedure create_user( p_username in varchar2, p_password in varchar2) is l_mac raw(128); begin l_mac := get_mac(p_password);
Data Matrix ECC200 Decoder In Visual Basic .NET
Using Barcode scanner for .NET framework Control to read, scan read, scan image in .NET applications.
Decode USS Code 39 In Visual C#.NET
Using Barcode decoder for Visual Studio .NET Control to read, scan read, scan image in VS .NET applications.
Secure Coding Practices in APEX
Drawing Linear Barcode In Visual Basic .NET
Using Barcode encoder for VS .NET Control to generate, create 1D image in Visual Studio .NET applications.
Code 128C Drawer In None
Using Barcode creator for Word Control to generate, create Code 128 Code Set B image in Microsoft Word applications.
utl_rawcast_to_raw(p_password), dbms_cryptohmac_sh1, utl_rawcast_to_raw(g_salt));
execute immediate 'insert into application_users (user_name,verification) values (:a,:b)' using upper(p_username),l_mac; end create_user;
function validate_user( p_username in varchar2, p_password in varchar2) return boolean is l_mac raw(128); l_user_name varchar2(255) := upper(p_username); l_count pls_integer := 0; begin l_mac := get_mac(p_password); execute immediate 'select count(*) from application_users where user_name = :username and verification = :mac ' into l_count name,l_mac; if l_count = 1 then return true; else return false; end if; end validate_user; end custom_apex_auth; / using l_user_
Part IV: Applied Security for Oracle APEX and Oracle Business Intelligence
Since we are storing the key inside the package, we must note that this code is accessible to anyone with a privileged account that can query data dictionary views such as DBA_SOURCE To prevent this, we will use the PL/SQL wrap utility included with the Oracle Database This utility obfuscates the code so that it is still functional, yet is not readable by an attacker Here s the procedure for wrapping this package: 1 Save the package body in a file named custom_apex_authpkb 2 Copy this file to a computer that has the Oracle database installed You should check for the existence of the wrap executable in $ORACLE_HOME/bin 3 Make sure $ORACLE_HOME/bin is in your path variable 4 Execute the following from the command line, where iname is the name of the input file and oname is the name of the output file:
$ wrap iname=custom_apex_authpkb oname=custom_apex_authplb
If you open the output file in a text editor, you can see that the contents are completely obfuscated:
create or replace package body custom_auth wrapped a000000 1 abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd b 49b 2fa tEQWVnLxdhO2QpYe8q3ImRMGA2UwgzsJMUiDZ47NCjoY+Mlxa55aWhbzjdSGbS0GLgMhQ95d CYA14bY3oT+dgofd882EY0pWQou5wW4T05JazzZ4CCtLIqTZc9wBsJtEI0aEcpuUSWtLBEL8 0Em/y0eLcJoG1+pl7ZBFucjL+pHyucbrlX3UpPAHubK+mMQs9VH5b2XoZlrgpcxN41C8YZMm 8r3Brr1O2MpAu0azbDgLxlMEnvrgUO3S1XxVTNIyUJVDvvPqiTsJ98/emfxqiET2+TteElAw 28UNX7ATU3dYGJaAeUfv4ll0IVSkggDUh9oyHRsBvemuZTaXyOfD8e/2L1gKGKFGq/E95qtx jA1FuNWpKxGjpsM20NTr5TqIMs13icQ2h5et11Rv+WfFROYv6X1EI3xLeJV/JIlLPpcAkWRk Bdd71Xj45pCgOrSp37AgdOWFnzqPYiR+QRNXwXabp3muOvMOJNk5A09KshfQXTWK1mzrw7dQ qN2IRmIXQBXLXNc0kA1QfkY3/iRNfrFqLvEvoc/puVufDYElGjtRnBIJYv4qURsHG2VvIxjI
Now create a user to test the code and verify that the password is not stored in clear text, and then verify that the function works as expected:
12:
begin
Secure Coding Practices in APEX
custom_apex_authcreate_user('tyler','welcome'); end; / SQL> select user_name,verification from application_users; USER_NAME VERIFICATION ------------------------------ ---------------------------------------TYLER 02F4BB94F2C10F05F51E01B6E8A8A82928E243A8 SEC_ADMIN@AOS> set serveroutput on declare l_result boolean := false; begin l_result := custom_apex_authvalidate_user('tyler','welcome'); if l_result then dbms_outputput_line('User Authenticated'); else dbms_outputput_line('Authentication Failed'); end if; end; / User Authenticated PL/SQL procedure successfully completed declare l_result boolean := false; begin l_result := custom_apex_authvalidate_user('tyler','hello'); if l_result then dbms_outputput_line('User Authenticated'); else dbms_outputput_line('Authentication Failed'); end if; end; / Authentication Failed PL/SQL procedure successfully completed
Before testing this code in APEX, we need to grant execute on this package from the SEC_ ADMIN schema to the SEC_USER schema SEC_ADMIN will own the package, but our APEX application will parse as SEC_USER
Copyright © OnBarcode.com . All rights reserved.