158. You want to create a role to meet these requirements:
1: The role is to be protected from unauthorized usage.
2: The password of the role is not to be embedded in the application source code or stored in a table.
Which method would you use to restrict enabling of such roles?
A.Create the role with global authentication.
B.Create the role with external authentication.
C.Create the role as a secure application role.
D.Create the role as a password-protected role.
E.Create a role and use Fine-Grained Access Control (FGAC) to secure the role.
Answer: C
答案解析:
About Secure Application Roles
A secure application role is a role that can be enabled only by an authorized PL/SQL package. This package defines one or more security policies that control access to the application. Both the role and the package are typically created in the schema of the person who creates them, which is typically a security administrator. A security administrator is a database administrator who is responsible for maintaining the security of the database.
The advantage of using a secure application role is you can create additional layers of security for application access, in addition to the privileges that were granted to the role itself. Secure application roles strengthen security because passwords are not embedded in application source code or stored in a table. This way, the decisions the database makes are based on the implementation of your security policies. Because these definitions are stored in one place, the database, rather than in your applications, you modify this policy once instead of modifying the policy in each application. No matter how many users connect to the database, the result is always the same, because the policy is bound to the role.