Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> AW: Role passwords

AW: Role passwords

From: Schoen Volker <v.schoen_at_inplan.de>
Date: Fri, 15 Dec 2000 09:55:36 +0100
Message-Id: <10711.124658@fatcity.com> 





Hi Mark,



we realized the security problems by decrypting the password in program
code. The user gets a password form Administrator, this password isn't =
the


real one. If he logs on to the database with on of our programs the =
password


will be decrypted by a program-function to the real oracle password. So =
if


the user tries to connect with a tool others as our application he =
can't


cconnect. Works fine for us.



Regards



Volker Sch=F6n


INPLAN RUHR



E-Mail: mailto:v.schoen_at_inplan.de


http://www.inplan.de





-----Urspr=FCngliche Nachricht-----


Von: Mark Teehan [mailto:mteehan_at_erggroup.com]
Gesendet: 15. December 2000 06:20


An: Multiple recipients of list ORACLE-L
Betreff: Role passwords




We are developing an app which will contain sensitive data. Internal
security will be assigned using roles. I want to password protect the
roles,


but do not want the users to know the passwords, or to hardcode them in =
the


app. This is to prevent any tool but the app having update privs on the =
app


tables.


Ideally, I would like to encrypt the passwords, store them in blobs, =
and


use the obfuscation toolkit to encrypt/decrypt them - but it looks like =
we


dont have a secure key server.


Are there any other alternatives for implementing secure role based
security?




Regards


Mark









--=20



Please see the official ORACLE-L FAQ: http://www.orafaq.com


--=20



Author: Mark Teehan


  INET: mteehan_at_erggroup.com


Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------


To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Fri Dec 15 2000 - 02:55:36 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US