Guarding your Data Behind a Hard Shell PL/SQL API the Detail
Ive taken my Why Use PL/SQL? talk around the conference circuit and published the companion whitepaper. It was a high-level account that appealed to common sense and to abstract principles of computer science. This session takes the opposite approach. It tells you in practical detail how to ensure that the hard shell of the databases PL/SQL API is impenetrable by addressing code organization and security. It advocates a four-schema model (data, code implementation, API, and connect) using only invokers rights units together with code-based access control to honor the principle of least privilege. The approach is refined b explicit control of inherit privileges, the accessible by whitelist, and secure error handling. And scrupulous care is taken to ensure that the privileges needed for installation and patching are not available at run-time. I will present real code and demonstrations.