Tell Me Glossary
 

2.1 Expose the Database Only Via a PL/SQL API
Previous previous|next Next Page

Expose the database to clients only via a PL/SQL API. Carefully control privileges so that the client has no direct access to the application’s other kinds of objects, especially tables and views.

When you design a PL/SQL package that accesses the database, follow the following paradigm:

  • Establish a database user as the only one to which a client may connect. Hypothetically, let us call this user myuser.
  • myuser may own only synonyms and these synonyms may denote only PL/SQL units owned by other users.
  • Grant the Execute privilege on only the denoted PL/SQL units to myuser.