Administration and Security in Clients, Application Servers, and Database Servers
In a multitier environment, an application server provides data for clients and serves as an interface to one or more database servers.
The application server can validate the credentials of a client, such as a Web browser, and the database server can audit operations performed by the application server. These auditable operations include actions performed by the application server on behalf of clients, such as requests that information be displayed on the client. A request to connect to the database server is an example of an application server operation not related to a specific client.
Authentication in a multitier environment is based on trust regions. Client authentication is the domain of the application server. The application server itself is authenticated by the database server. The following operations take place:
-
The end user provides proof of authenticity to the application server, typically, by using a password or an X.509 certificate.
-
The application server authenticates the end user and then authenticates itself to the database server.
-
The database server authenticates the application server, verifies that the end user exists, and verifies that the application server has the privilege to connect for the end user.
Application servers can also enable roles for an end user on whose behalf they connect. The application server can obtain these roles from a directory, which serves as an authorization repository. The application server can only request that these roles be enabled. The database verifies the following requirements:
-
That the client has these roles by checking its internal role repository
-
That the application server has the privilege to connect on behalf of the user and thus to use these roles as the user could
The following diagram shows an example of multitier authentication.

Description of the illustration cncpt137.gif
The following actions take place:
-
The user logs on using a password or Transport Layer Security. The authentication information is passed through Oracle Application Server.
-
Oracle Internet Directory authenticates the user, gets the roles associated with that user from the wallet, and then passes this information back to Oracle Application Server.
-
Oracle Application Server checks the identity of the user in Oracle Database, which contains a wallet that stores this information, and then sets the role for that user.
Security for middle-tier applications must address the following key issues:
-
Accountability. The database server must be able to distinguish between the actions of the application and the actions an application takes on behalf of a client. It must be possible to audit both kinds of actions.
-
Least privilege. Users and middle tiers should be given the fewest privileges necessary to perform their actions, to reduce the danger of inadvertent or malicious unauthorized activities.