App/web login - how do you handle?

From: Brian Wisniewski <brian_wisniewski_at_yahoo.com>
Date: Wed, 30 May 2001 13:33:27 -0700
Message-ID: <F001.003147C1.20010530132634@fatcity.com>

How do you handle logins for applications that log into the database using a common login? I've seen it handled through hard-coded username/pass in the app, password file in 'secure' directories and ops$ account with remote_os_authent set to true on a server being accessed from a 3rd tier web app. Mgmt didn't seemed too thrilled when I showed them in about 2 minutes how to break into the db when remote_os_authent=true.

Just curious how you handle this. I haven't seen any particularly great way and am looking for a better solution. V7.3.4 -> 8.1.7 databases.

Thanks - Brian

---

Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/
--

Please see the official ORACLE-L FAQ: http://www.orafaq.com
--

Author: Brian Wisniewski
  INET: brian_wisniewski_at_yahoo.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Wed May 30 2001 - 15:33:27 CDT