Unique individual identifier for each user
This essentially translates to the unique
identifier for a user in the database. Even if an LDAP solution
is used to authenticate users, the database must have the LDAP
user identified. The simplest way to achieve this compliance is
to create an individual user id for each named user. If that is
not possible, then the next best alternative is to use Single
Sign On (SSO) using LDAP and Oracle users identified Externally.
If an application using a database table authenticates users
rather than LDAP, then a method for secure application user
authentication must be followed that is not easy to break and is
immune to attacks such as SQL Injection. A mechanism to achieve
this is described in Chapter 5.