Apply the built-in security features of Oracle to PHP

Most Web applications today require at least some basic security policy. For example, websites that provide password-protected content, websites with only the backend of administrators, blogs and personal magazines, e-commerce websites, and enterprise intranets.


The most common design method for building these types of Web applications is to integrate security policies into the business logic of Web applications, that is, the application determines whether a user has the right to access a data in the database. In this case, the database role only stores data and provides data as requested. In other words, if the Web application command database provides specific information, the database will directly execute this command without checking the user's permissions.


In this article, you will learn how to use the built-in security features of Oracle to execute application security rules at the database level to improve the overall security of applications. As an ancillary benefit, implementing data access security directly in the database not only improves application security, but also reduces complexity.


Database security requirements


How does one control data access from a Web application? In most cases, there is no problem; this is a good solution, especially when the involved data is not critical or top secret tasks. This method is used in many books and online resources. In fact, a popular PHP/MySQL book specifically opposes creating more than one database user account for each application, this is because "additional users or complex permissions will reduce the MySQL execution speed by checking more information before an operation continues ". This is true; however, you may have to consider a few things before giving up the idea of integrating security into the database logic. Let's take a look at the following example.


Assume that a content governance system (CMS) is created ). The database is used to store the content published on the website. Most of the data is public, and anonymous Web users are allowed to read the data, but only the edited data is allowed. Use a single database account to access and modify records in the database, and use a password to protect the access permissions of pages accessible only by administrators. Use PHP code to control the security.


If the public end of a Web application is attacked by SQL injection on a public search form (that is, a form with insufficient coding, the attacker may be able to execute arbitrary SQL statements on database objects accessible to the public account. Of course, in this case, executing the SELECT statement will not cause any major problems, because the data is public. However, since the public and governance permissions use the same database account, intruders can execute UPDATE and DELETE statements, or even DELETE tables from the database.


How can this problem be prevented? The simplest way is to completely restrict the permission of the public database account to modify data. Let's take a look at how Oracle solves this problem.


Oracle Security overview


Oracle Database provides many methods for Web developers to control data access, from governance to specific database objects (such as tables, views, and processes) to control the access to data of individual rows or columns. Obviously, the discussion of each security feature or available option in Oracle is beyond the scope of this article. Here, we will not cover too many details, but will only introduce the most basic aspects of Oracle data access security:


Verification and user account


Permission


Role


Authentication and user account. Like other databases, each user (database account) requesting access to Oracle must pass verification. Verification can be performed by databases, operating systems, or network services. In addition to basic authentication (password verification), Oracle also supports strong authentication mechanisms, such as Kerberos, CyberSafe, RADIUS, and so on.


Role. An Oracle Role is a famous set of permissions. Although user account permissions can be granted directly, using roles can greatly simplify user governance, especially when a large number of users need to be governed. Create a small role that is easy to manage and then assign one or more roles to the user based on the user's security level. This is very efficient. Not to mention how easy it is to modify permissions.