Expert Oracle and Java Security: Programming Secure Oracle Database Applications with Java Expert Oracle and Java Security: Programming Secure Oracle Database Applications with Java provides resources that every Java and Oracle database application programmer needs to ensure that they have guarded the security of the data and identities entrusted to them. You'll learn to consider potential vulnerabilities, and to apply best practices in secure Java and PL/SQL coding. Author David Coffin shows how to develop code to encrypt data in transit and at rest, to accomplish single sign-on with Oracle proxy connections, to generate and distribute two-factor authentication tokens from the Oracle server using pagers, cell phones (SMS), and e-mail, and to securely store and distribute Oracle application passwords. Early chapters lay the foundation for effective security in an Oracle/Java environment. Each of the later chapters brings example code to a point where it may be applied as-is to address application security issues. Templates for applications are also provided to help you bring colleagues up to the same secure application standards. If you are less familiar with either Java or Oracle PL/SQL, you will not be left behind; all the concepts in this book are introduced as to a novice and addressed as to an expert. Contents 1. Introduction 2. Oracle Security 3. Secure Java Development Concepts 4. Java Stored Procedures 5. Adding Public Key Encryption 6. Adding Secret Password Encryption 7. A Working Model for Data Encryption in Transit 8. Implementing Single Sign On 9. Implementing Two-Factor Authentication 10. Application Identification and Authorization 11. Enhancing Our Security 12. Administration of This Security System