Posts tagged security

ADF: simple EL expression to a method with params on a bean

Dec 4th

Posted by Emiel Paasschens in ADF & JHeadstart

3 comments

Based upon an old blogpost of Lucas "How to call methods from EL expressions- pre JSP 2.0 trick for JSPs with JSTL" I've created an ADF SecurityBean, so you can write EL expressions like "#{securitybean.isUserInRole['KING,ADMIN']}".

The idea is pretty simple. Use an innerclass that implements the getObject method of the map interface with your specific argument method and in your bean return an instance of this innerclass on the method with a readable and sensible name.

(the blog of Lucas explains why to use a class with a map interface).

Read the rest of this entry »

,

Oracle Database Vault: The ultimate protection for your application data.

Mar 17th

Posted by Matthieu de Graaf in Database

1 comment

Some time ago, I discussed security in Oracle databases with a customer and explained the role structure in the Oracle database. I explained to him that ultimately it’s the DBA who assigns roles and privileges to the users of an application and it’s the DBA who is the almighty, most powerful user with almost unlimited access to data and abilities to modify a database. With all this security in place, who’s going to prevent to DBA from using his powers in a malevolent way, was my customers question? To be honest, until that moment I’d never given that possibility a thought. I’d always seen DBA’s as hardworking, loyal and honest people who watch over their applications as a mother over her child. But obviously my customer was right about who’s going the check the DBA. This can’t be done be introducing another super-super user, because who’s going to check him? Read the rest of this entry »

,