Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: N-tier data access and security

RE: N-tier data access and security

From: Freeman, Robert <Robert_Freeman_at_csx.com>
Date: Mon, 04 Nov 2002 07:59:28 -0800
Message-ID: <F001.004FB0C9.20021104075928@fatcity.com> 





A few thoughts:



    
  
  1.   Keep as much of the business logic resident within the database itself as
possible. Use PL/SQL, Stored Java, etc... within the database to control the
business logic. Restrict all DML operations to only pass through these
interfaces. This affords you scalability later on as additional
applications/users want to interface with your database data. In the same
light, enforce constraints/relationships at the database level, not through
application logic.

  
  2.   Look at some of Oracle's security products and features such as global
application contexts for single sign-on. Also, consider the security schema
of your database. For example, While you might not have a need for granular
security right now you never know what the future will bring. 






RF



Robert G. Freeman - Oracle OCP


Oracle Database Architect


CSX Midtier Database Administration


Author of several Oracle books you can find on Amazon.com!



Londo Mollari: Ah, arrogance and stupidity all in the same package. How
efficient of you. 



 





-----Original Message-----


Sent: Monday, November 04, 2002 10:09 AM
To: Multiple recipients of list ORACLE-L




We are heading down the N-tier path, (browser, websphere app server, oracle
database).  What is the best method to setup this architecture for security
and


the logic?



    
  
  1.   Should the business logic be physically separate from the data access on
the
app server?  And if yes, where should the data access component reside?
(database or app server)  How does batch affect the decision?  What
variables
should we be considering when making this decision?

  
  2.   How should the database connection be established from the app server to
the
database?  Should it use a generic account on the app server with the
password
encrypted in a file?







In addition, does anybody have any good white papers or urls?  Thanks





-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.com


-- 



Author: Tracy Rahmlow


  INET: tracy.rahmlow_at_aexp.com


Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------


To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.com


-- 



Author: Freeman, Robert


  INET: Robert_Freeman_at_csx.com


Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------


To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Mon Nov 04 2002 - 09:59:28 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US