The risk associated with build your own

It is not always that developers immediately find the security they need for an application within the security toolset provided by a platform or built into a framework. As a result, build your own security is not uncommon among development projects. This is especially true if the application is a replacement of an existing system that uses a specific non-standard security infrastructure. An example for this is database-table-based authentication and authorization in combination with user provisioning and resource granting at runtime.

The risk associated with building your own security is that you are also on your own when it comes to quality assurance of the security layer, application security propagation, and single sign on, and you are responsible for bug fixing and maintenance of the security layer.

Not all developers are security experts, but experts are what it takes to build a custom security layer.

Time spent investigating existing, well-vetted security solutions is probably time well spent. Existing solutions can be applied to custom applications more easily and more cost effectively than creating an error-prone, self-written mechanism.

• Access to Oracle Support
• Accessibility
• Legal Notices

Copyright © 2020 Oracle and/or its affiliates. All rights reserved.