Thursday, September 4, 2008

[Concept] Application Security
Using Oracle Proxy Users

Application security can greatly be enhanced by using a dedicated proxy user for Oracle DB connections. An Oracle proxy user is a user that is allowed to connect on behalf of another user. The real user accounts do not need to identify themselves against the DB anymore and do not need to know their passwords. Instead they connect through a middle tier proxy user.

The middle tier proxy user just needs the "create session" and "connect through to xxx user" rights. It is just a regular user that enables the real user account to impersonate itself and connect to the DB. The proxy user will appear as real user during the session. It will only have the rights that the real user has.


User1 is using the application and the application needs to access the Oracle DB. It will use the middle tier proxy user to connect to the DB. It will request that the middle tier proxy user pretends to be User1 for the session.

Since the DB knows the middle tier proxy user and it has the right to connect through User1 it accepts the impersonation. The session now only has the rights that are configured for User1 in the DB meaning that it can only do what User1 is allowed to do.


freddy.hansen said...

Hmmmm, sorry I don't get it - why should not requiring a user to enter a password lead to enhanced security? :-)

Jason De Oliveira said...

In multitier environments, proxy authentication controls the security of middle-tier applications by preserving client identities and privileges through all tiers and by auditing actions taken on behalf of clients.

Oracle Database proxy authentication provides the following security benefits:

* A limited trust model, by controlling the users on whose behalf middle tiers can connect and the roles that the middle tiers can assume for the user

* Scalability, by supporting user sessions through OCI, thick JDBC, or thin JDBC, and eliminating the overhead of reauthenticating clients

* Accountability, by preserving the identity of the real user through to the database, and enabling auditing of actions taken on behalf of the real user

* Flexibility, by supporting environments in which users are known to the database, and in which users are merely application users of which the database has no awareness