Application Processes for Identification and Authentication

In most web-based applications, users have to authenticate to the application before they can do anything. The application will typically use this information to differentiate what the different end users can see and mediate the actions they can perform within the application. Application security is necessary, and applications should always provide some security. However, it shouldn’t be the only layer of security. Data security should exist in the database; application security should exist within the application.

The application must work in concert with the database. You must ensure that the user’s identity doesn’t stop at the application tier. The preferred method for accomplishing this task is by using proxy authentication. In instances where proxy authentication can’t be used, you can rely on another technique utilizing PL/SQL packages and/or Client Identifiers, which are discussed later in the chapter. This basic principle of identity propagation is necessary for effective database security.