That works well when you need to access instances on a single
server (SAP works this way), but breaks down when using a
centralized tool to access multiple databases on multiple servers.
You could use external authentication (Kerberos, Radius).
I have no personal experience with that myself..
On 5/15/05, Peter McLarty <peter.mclarty_at_pameacs.com> wrote:
>
> Hi All
>
> Just one to help you along on this path an application I work with does
> all its batch processing with an OPS$ account and has passed through a
> number Audits successfully
>
> The programs are COBOL and access a table it has select on to get the
> correct username and password which is stored in the DB and is visible
> to the OPS$ account. for someone to get a program to run would require
> access to COBOL to compile it successfully and it would have to be
> compiled on the servers that run the application to be able to use the
> connection function and then they need a second account as the OPS$
> account cant do compiles. Impossible, no someone could do something
> malicious, but the number of people that would have suitable access
> would generally be limited so restricting the opportunity.
>
> Is it in my opinion compliant open for debate but it seems to be passing
> the audits successfully.
>
> Cheers
>
> Peter
>
>
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist
--
http://www.freelists.org/webpage/oracle-l
Received on Sun May 15 2005 - 11:49:15 CDT
