The main reason for setting up security in your PHP/Oracle application is to protect it against unauthorized access or alteration of the data.
In the preceding chapter, you learned how to build an authentication system in PHP using the Auth
class from the PEAR library. You also saw several examples of how this class might be extended to suit the needs of a particular application. However, it is important to realize that implementing an authentication system is only the first step in building a secure application. Once a user is successfully authenticated, your application should determine whether that user is authorized to access the requested database resources, thus defining different levels of permissions for different users. It is always a good idea to implement authorization within the database as it guarantees that no one will be able to bypass the application's security, even if the connecting to the database is made directly.
This chapter discusses how to effectively...